X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=loadcfg.c;h=0c8b8907f5d4d5185388f00fdee4ca88c5e1541f;hp=5870e9f36af753fd5e345ad5f169db24fe568ad1;hb=02513b88beb7ccf117edf2ad47ed4ee445ebf255;hpb=a9f0837233938408364f067bf89def53b677f68f diff --git a/loadcfg.c b/loadcfg.c index 5870e9f3..0c8b8907 100644 --- a/loadcfg.c +++ b/loadcfg.c @@ -1,4 +1,3 @@ -const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.154 2016/09/27 22:48:28 ler762 Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $ @@ -8,8 +7,8 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.154 2016/09/27 22:48:28 ler762 Ex * routine to load the configuration and the global * variables it writes to. * - * Copyright : Written by and Copyright (C) 2001-2016 the - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2017 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -90,7 +89,16 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.154 2016/09/27 22:48:28 ler762 Ex #include "client-tags.h" #endif -const char loadcfg_h_rcs[] = LOADCFG_H_VERSION; +/* + * Default number of seconds after which an + * open connection will no longer be reused. + */ +#define DEFAULT_KEEP_ALIVE_TIMEOUT 180 + +/* + * Default backlog passed to listen(). + */ +#define DEFAULT_LISTEN_BACKLOG 128 #ifdef FEATURE_TOGGLE /* Privoxy is enabled by default. */ @@ -127,15 +135,22 @@ static struct file_list *current_configfile = NULL; #define hash_admin_address 4112573064U /* "admin-address" */ #define hash_allow_cgi_request_crunching 258915987U /* "allow-cgi-request-crunching" */ #define hash_buffer_limit 1881726070U /* "buffer-limit */ +#define hash_ca_cert_file 1622923720U /* "ca-cert-file" */ +#define hash_ca_directory 1623615670U /* "ca-directory" */ +#define hash_ca_key_file 1184187891U /* "ca-key-file" */ +#define hash_ca_password 1184543320U /* "ca-password" */ +#define hash_certificate_directory 1367994217U /* "certificate-directory" */ #define hash_client_header_order 2701453514U /* "client-header-order" */ #define hash_client_specific_tag 3353703383U /* "client-specific-tag" */ #define hash_client_tag_lifetime 647957580U /* "client-tag-lifetime" */ #define hash_compression_level 2464423563U /* "compression-level" */ #define hash_confdir 1978389U /* "confdir" */ #define hash_connection_sharing 1348841265U /* "connection-sharing" */ +#define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */ #define hash_debug 78263U /* "debug" */ #define hash_default_server_timeout 2530089913U /* "default-server-timeout" */ #define hash_deny_access 1227333715U /* "deny-access" */ +#define hash_enable_accept_filter 2909040407U /* "enable-accept-filter" */ #define hash_enable_edit_actions 2517097536U /* "enable-edit-actions" */ #define hash_enable_compression 3943696946U /* "enable-compression" */ #define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */ @@ -153,11 +168,13 @@ static struct file_list *current_configfile = NULL; #define hash_hostname 10308071U /* "hostname" */ #define hash_keep_alive_timeout 3878599515U /* "keep-alive-timeout" */ #define hash_listen_address 1255650842U /* "listen-address" */ +#define hash_listen_backlog 1255655735U /* "listen-backlog" */ #define hash_logdir 422889U /* "logdir" */ #define hash_logfile 2114766U /* "logfile" */ #define hash_max_client_connections 3595884446U /* "max-client-connections" */ #define hash_permit_access 3587953268U /* "permit-access" */ #define hash_proxy_info_url 3903079059U /* "proxy-info-url" */ +#define hash_receive_buffer_size 2880297454U /* "receive-buffer-size */ #define hash_single_threaded 4250084780U /* "single-threaded" */ #define hash_socket_timeout 1809001761U /* "socket-timeout" */ #define hash_split_large_cgi_forms 671658948U /* "split-large-cgi-forms" */ @@ -169,6 +186,7 @@ static struct file_list *current_configfile = NULL; #define hash_trust_info_url 430331967U /* "trust-info-url" */ #define hash_trust_x_forwarded_for 2971537414U /* "trust-x-forwarded-for" */ #define hash_trusted_cgi_referrer 4270883427U /* "trusted-cgi-referrer" */ +#define hash_trusted_cas_file 2679803024U /* "trusted-cas-files" */ #define hash_trustfile 56494766U /* "trustfile" */ #define hash_usermanual 1416668518U /* "user-manual" */ #define hash_activity_animation 1817904738U /* "activity-animation" */ @@ -255,11 +273,21 @@ static void unload_configfile (void * data) list_remove_all(config->ordered_client_headers); freez(config->admin_address); + freez(config->cors_allowed_origin); freez(config->proxy_info_url); freez(config->proxy_args); freez(config->usermanual); freez(config->trusted_cgi_referrer); +#ifdef FEATURE_HTTPS_INSPECTION + freez(config->ca_password); + freez(config->ca_directory); + freez(config->ca_cert_file); + freez(config->ca_key_file); + freez(config->certificate_directory); + freez(config->trusted_cas_file); +#endif + #ifdef FEATURE_TRUST freez(config->trustfile); list_remove_all(config->trust_info); @@ -556,7 +584,14 @@ struct configuration_spec * load_config(void) struct file_list *fs; unsigned long linenum = 0; int i; - char *logfile = NULL; + char *logfile = NULL; +#ifdef FEATURE_HTTPS_INSPECTION + char *ca_cert_file = NULL; + char *ca_key_file = NULL; + char *ca_directory = NULL; + char *trusted_cas_file = NULL; + char *certificate_directory = NULL; +#endif if (!check_file_changed(current_configfile, configfile, &fs)) { @@ -597,13 +632,27 @@ struct configuration_spec * load_config(void) */ config->multi_threaded = 1; config->buffer_limit = 4096 * 1024; - config->usermanual = strdup(USER_MANUAL_URL); - config->proxy_args = strdup(""); + config->receive_buffer_size = BUFFER_SIZE; + config->usermanual = strdup_or_die(USER_MANUAL_URL); + config->proxy_args = strdup_or_die(""); config->forwarded_connect_retries = 0; +#ifdef FEATURE_HTTPS_INSPECTION + config->ca_password = strdup(""); + ca_cert_file = strdup("cacert.crt"); + ca_key_file = strdup("cakey.pem"); + ca_directory = strdup("./CA"); + trusted_cas_file = strdup("trustedCAs.pem"); + certificate_directory = strdup("./certs"); +#endif + #ifdef FEATURE_CLIENT_TAGS config->client_tag_lifetime = 60; #endif config->trust_x_forwarded_for = 0; +#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) + config->enable_accept_filter = 0; +#endif + config->listen_backlog = DEFAULT_LISTEN_BACKLOG; config->trusted_cgi_referrer = NULL; /* * 128 client sockets ought to be enough for everybody who can't @@ -631,6 +680,7 @@ struct configuration_spec * load_config(void) config->compression_level = 1; #endif config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING; + config->cors_allowed_origin = NULL; configfp = fopen(configfile, "r"); if (NULL == configfp) @@ -712,7 +762,7 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).", MAX_AF_FILES); } - config->actions_file_short[i] = strdup(arg); + config->actions_file_short[i] = strdup_or_die(arg); config->actions_file[i] = make_path(config->confdir, arg); break; @@ -735,7 +785,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_admin_address : freez(config->admin_address); - config->admin_address = strdup(arg); + config->admin_address = strdup_or_die(arg); break; /* ************************************************************************* @@ -865,6 +915,18 @@ struct configuration_spec * load_config(void) break; #endif +/* ************************************************************************* + * cors-allowed-origin http://www.example.org + * *************************************************************************/ + case hash_cors_allowed_origin : + /* + * We don't validate the specified referrer as + * it's only used for string comparison. + */ + freez(config->cors_allowed_origin); + config->cors_allowed_origin = strdup_or_die(arg); + break; + /* ************************************************************************* * debug n * Specifies debug level, multiple values are ORed together. @@ -968,6 +1030,15 @@ struct configuration_spec * load_config(void) break; #endif /* def FEATURE_ACL */ +#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) +/* ************************************************************************* + * enable-accept-filter 0|1 + * *************************************************************************/ + case hash_enable_accept_filter : + config->enable_accept_filter = parse_toggle_state(cmd, arg); + break; +#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */ + /* ************************************************************************* * enable-edit-actions 0|1 * *************************************************************************/ @@ -1080,7 +1151,7 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).", MAX_AF_FILES); } - config->re_filterfile_short[i] = strdup(arg); + config->re_filterfile_short[i] = strdup_or_die(arg); config->re_filterfile[i] = make_path(config->confdir, arg); break; @@ -1124,8 +1195,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1174,8 +1246,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->gateway_port = 1080; - parse_forwarder_address(p, &cur_fwd->gateway_host, - &cur_fwd->gateway_port); + parse_forwarder_address(p, + &cur_fwd->gateway_host, &cur_fwd->gateway_port, + NULL, NULL); } /* Parse the parent HTTP proxy host[:port] */ @@ -1184,8 +1257,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1248,12 +1322,13 @@ struct configuration_spec * load_config(void) break; } - /* Parse the SOCKS proxy host[:port] */ + /* Parse the SOCKS proxy [user:pass@]host[:port] */ p = vec[1]; cur_fwd->gateway_port = 1080; - parse_forwarder_address(p, &cur_fwd->gateway_host, - &cur_fwd->gateway_port); + parse_forwarder_address(p, + &cur_fwd->gateway_host, &cur_fwd->gateway_port, + &cur_fwd->auth_username, &cur_fwd->auth_password); /* Parse the parent HTTP proxy host[:port] */ p = vec[2]; @@ -1261,8 +1336,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1303,11 +1379,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_hostname : freez(config->hostname); - config->hostname = strdup(arg); - if (NULL == config->hostname) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving hostname."); - } + config->hostname = strdup_or_die(arg); break; /* ************************************************************************* @@ -1346,11 +1418,19 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).", MAX_LISTENING_SOCKETS); } - config->haddr[i] = strdup(arg); - if (NULL == config->haddr[i]) - { - log_error(LOG_LEVEL_FATAL, "Out of memory while copying listening address"); - } + config->haddr[i] = strdup_or_die(arg); + break; + +/* ************************************************************************* + * listen-backlog n + * *************************************************************************/ + case hash_listen_backlog : + /* + * We don't enfore an upper or lower limit because on + * many platforms all values are valid and negative + * number mean "use the highest value allowed". + */ + config->listen_backlog = parse_numeric_value(cmd, arg); break; /* ************************************************************************* @@ -1383,7 +1463,7 @@ struct configuration_spec * load_config(void) { int max_client_connections = parse_numeric_value(cmd, arg); -#ifndef _WIN32 +#if !defined(_WIN32) && !defined(HAVE_POLL) /* * Reject values below 1 for obvious reasons and values above * FD_SETSIZE/2 because Privoxy needs two sockets to serve @@ -1408,7 +1488,10 @@ struct configuration_spec * load_config(void) * passed to select(). * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx * - * XXX: Do OS/2, Amiga etc. belong here as well? + * On platforms were we use poll() we don't have to enforce + * an upper connection limit either. + * + * XXX: Do OS/2 etc. belong here as well? */ if (max_client_connections < 1) { @@ -1502,7 +1585,22 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_proxy_info_url : freez(config->proxy_info_url); - config->proxy_info_url = strdup(arg); + config->proxy_info_url = strdup_or_die(arg); + break; + + +/* ************************************************************************* + * receive-buffer-size n + * *************************************************************************/ + case hash_receive_buffer_size : + config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg); + if (config->receive_buffer_size < BUFFER_SIZE) + { + log_error(LOG_LEVEL_INFO, + "receive-buffer-size %d seems low and may cause problems." + "Consider setting it to at least %d.", + config->receive_buffer_size, BUFFER_SIZE); + } break; /* ************************************************************************* @@ -1633,9 +1731,92 @@ struct configuration_spec * load_config(void) * for the directives that were already parsed. Lame. */ freez(config->usermanual); - config->usermanual = strdup(arg); + config->usermanual = strdup_or_die(arg); break; +#ifdef FEATURE_HTTPS_INSPECTION +/* ************************************************************************* + * ca private key file password + * *************************************************************************/ + case hash_ca_password: + freez(config->ca_password); + config->ca_password = strdup(arg); + break; + +/* ************************************************************************* + * ca-directory directory + * *************************************************************************/ + case hash_ca_directory: + freez(ca_directory); + ca_directory = make_path(NULL, arg); + + if (NULL == ca_directory) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path"); + } + + break; + +/* ************************************************************************* + * ca cert file ca-cert-file + * In ca dir by default + * *************************************************************************/ + case hash_ca_cert_file: + freez(ca_cert_file); + ca_cert_file = make_path(config->ca_directory, arg); + + if (NULL == ca_cert_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path"); + } + + break; + +/* ************************************************************************* + * ca key file ca-key-file + * In ca dir by default + * *************************************************************************/ + case hash_ca_key_file: + freez(ca_key_file); + ca_key_file = make_path(config->ca_directory, arg); + + if (NULL == ca_key_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path"); + } + + break; + +/* ************************************************************************* + * certificate-directory directory + * *************************************************************************/ + case hash_certificate_directory: + freez(certificate_directory); + certificate_directory = make_path(NULL, arg); + + if (NULL == certificate_directory) + { + log_error(LOG_LEVEL_FATAL, + "Out of memory while creating certificate directory path"); + } + + break; + +/* ************************************************************************* + * trusted CAs file name trusted-cas-file + * *************************************************************************/ + case hash_trusted_cas_file: + freez(trusted_cas_file); + trusted_cas_file = make_path(config->ca_directory, arg); + + if (NULL == trusted_cas_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path"); + } + + break; +#endif + /* ************************************************************************* * Win32 Console options: * *************************************************************************/ @@ -1811,6 +1992,30 @@ struct configuration_spec * load_config(void) } } +#ifdef FEATURE_HTTPS_INSPECTION + /* + * Setting SSL parameters from loaded values into structures + */ + freez(config->ca_directory); + config->ca_directory = make_path(NULL, ca_directory); + freez(ca_directory); + + freez(config->ca_cert_file); + config->ca_cert_file = make_path(config->ca_directory, ca_cert_file); + freez(ca_cert_file); + + freez(config->ca_key_file); + config->ca_key_file = make_path(config->ca_directory, ca_key_file); + freez(ca_key_file); + + freez(config->trusted_cas_file); + config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file); + freez(trusted_cas_file); + + freez(config->certificate_directory); + config->certificate_directory = make_path(NULL, certificate_directory); + freez(certificate_directory); +#endif #ifdef FEATURE_CONNECTION_KEEP_ALIVE if (config->default_server_timeout > config->keep_alive_timeout) { @@ -1824,11 +2029,7 @@ struct configuration_spec * load_config(void) #ifdef FEATURE_CONNECTION_SHARING if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE) { - if (config->multi_threaded) - { - set_keep_alive_timeout(config->keep_alive_timeout); - } - else + if (!config->multi_threaded) { /* * While we could use keep-alive without multiple threads @@ -1875,11 +2076,7 @@ struct configuration_spec * load_config(void) if (NULL == config->haddr[0]) { - config->haddr[0] = strdup(HADDR_DEFAULT); - if (NULL == config->haddr[0]) - { - log_error(LOG_LEVEL_FATAL, "Out of memory while copying default listening address"); - } + config->haddr[0] = strdup_or_die(HADDR_DEFAULT); } for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++) @@ -1948,17 +2145,16 @@ struct configuration_spec * load_config(void) /* FIXME: end kludge */ - config->need_bind = 1; - - if (current_configfile) + if (current_configfile == NULL) + { + config->need_bind = 1; + } + else { struct configuration_spec * oldcfg = (struct configuration_spec *) current_configfile->f; /* * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i] - * - * The following could be written more compactly as a single, - * (unreadably long) if statement. */ config->need_bind = 0; @@ -2004,7 +2200,7 @@ struct configuration_spec * load_config(void) * Description : Called from `load_config'. It saves each non-empty * and non-comment line from config into * config->proxy_args. This is used to create the - * show-proxy-args page. On error, frees + * show-status page. On error, frees * config->proxy_args and sets it to NULL * * Parameters : @@ -2027,7 +2223,7 @@ static void savearg(char *command, char *argument, struct configuration_spec * c * Add config option name embedded in * link to its section in the user-manual */ - buf = strdup("\nusermanual, "file://", 7) || !strncmpic(config->usermanual, "http", 4)) {