X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=loadcfg.c;h=dbed0a3807092cfc056f9f2500dd060be66b04fb;hp=fb804f8fba0787f75f9e134f9d4ccb0d13249322;hb=31265b1b2d8f5b81cbde0fcada6271d800430c59;hpb=8cae7e3a5026ceac91afc7e1f0f30a2ebd5ec1bc diff --git a/loadcfg.c b/loadcfg.c index fb804f8f..dbed0a38 100644 --- a/loadcfg.c +++ b/loadcfg.c @@ -1,4 +1,3 @@ -const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $ @@ -8,8 +7,8 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil * routine to load the configuration and the global * variables it writes to. * - * Copyright : Written by and Copyright (C) 2001-2009 the - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2017 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -33,504 +32,8 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: loadcfg.c,v $ - * Revision 1.97 2009/04/17 11:45:19 fabiankeil - * Replace HAVE_GETADDRINFO and HAVE_GETNAMEINFO macros - * with HAVE_RFC2553 macro. Original patch by Petr Pisar. - * - * Revision 1.96 2009/04/17 11:38:28 fabiankeil - * Add and use parse_forwarder_address() to reduce code duplication. - * - * Revision 1.95 2009/04/17 11:34:34 fabiankeil - * Style cosmetics for the IPv6 code. - * - * Revision 1.94 2009/04/17 11:27:49 fabiankeil - * Petr Pisar's privoxy-3.0.12-ipv6-3.diff. - * - * Revision 1.93 2009/03/18 21:46:26 fabiankeil - * Revert the last commit as there's a better way. - * - * Revision 1.92 2009/03/18 20:43:19 fabiankeil - * Don't enable LOG_LEVEL_INFO by default and don't apply the user's - * debug settings until the logfile has been opened (if there is one). - * Patch submitted by Roland in #2624120. - * - * Revision 1.91 2009/03/09 17:29:08 fabiankeil - * As of r1.88, the show-status page can use a single line for - * warnings about ignored directives and the names of the ignored - * directives themselves. Reminded by Lee, finally closes #1856559. - * - * Revision 1.90 2009/03/07 17:58:02 fabiankeil - * Fix two mingw32-only buffer overflows. Note that triggering - * them requires control over the configuration file in which - * case all bets are off anyway. - * - * Revision 1.89 2009/03/01 18:46:33 fabiankeil - * - Help clang understand that we aren't - * dereferencing NULL pointers here. - * - Some style fixes in the modified region. - * - * Revision 1.88 2009/02/28 10:57:10 fabiankeil - * Gimme a break or two. Don't let the show-status page - * link to the website documentation for the user-manual - * directive itself. - * - * Revision 1.87 2009/02/15 07:56:13 fabiankeil - * Increase default socket timeout to 300 seconds. - * - * Revision 1.86 2009/02/08 19:18:57 fabiankeil - * Now that we have the match-all.action file, the other action - * files changed their position in config->actions_file[] back - * to the way it was before standard.action got removed and the - * changes from revision 1.84 have to be reverted. - * - * Revision 1.85 2009/01/22 12:06:26 fabiankeil - * Don't keep connections alive when running single-threaded. - * - * Revision 1.84 2009/01/14 16:14:36 fabiankeil - * Due to the standard.action file removal, the other action - * files changed their position in config->actions_file[]. - * Update mingw32 kludge accordingly. - * - * Revision 1.83 2008/12/20 14:53:55 fabiankeil - * Add config option socket-timeout to control the time - * Privoxy waits for data to arrive on a socket. Useful - * in case of stale ssh tunnels or when fuzz-testing. - * - * Revision 1.82 2008/11/16 12:43:49 fabiankeil - * Turn keep-alive support into a runtime feature - * that is disabled by setting keep-alive-timeout - * to a negative value. - * - * Revision 1.81 2008/11/13 09:08:42 fabiankeil - * Add new config option: keep-alive-timeout. - * - * Revision 1.80 2008/08/31 15:59:03 fabiankeil - * There's no reason to let remote toggling support depend - * on FEATURE_CGI_EDIT_ACTIONS, so make sure it doesn't. - * - * Revision 1.79 2008/08/30 12:03:07 fabiankeil - * Remove FEATURE_COOKIE_JAR. - * - * Revision 1.78 2008/08/02 08:23:22 fabiankeil - * If the enforce-blocks directive is used with FEATURE_FORCE_LOAD - * disabled, log a message that blocks will always be enforced - * instead of complaining about an unrecognized directive. - * Reported by Pietro Leone. - * - * Revision 1.77 2008/05/26 16:13:22 fabiankeil - * Reuse directive_hash and don't hash the same directive twice. - * - * Revision 1.76 2008/05/10 09:03:16 fabiankeil - * - Merge three string_append() calls. - * - Remove useless assertion. - * - * Revision 1.75 2008/03/30 14:52:05 fabiankeil - * Rename load_actions_file() and load_re_filterfile() - * as they load multiple files "now". - * - * Revision 1.74 2008/03/26 18:07:07 fabiankeil - * Add hostname directive. Closes PR#1918189. - * - * Revision 1.73 2008/02/16 16:54:51 fabiankeil - * Fix typo. - * - * Revision 1.72 2008/02/03 13:46:15 fabiankeil - * Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes. - * - * Revision 1.71 2007/12/23 15:24:56 fabiankeil - * Reword "unrecognized directive" warning, use better - * mark up and add a
. Fixes parts of #1856559. - * - * Revision 1.70 2007/12/15 14:24:05 fabiankeil - * Plug memory leak if listen-address only specifies the port. - * - * Revision 1.69 2007/10/27 13:02:27 fabiankeil - * Relocate daemon-mode-related log messages to make sure - * they aren't shown again in case of configuration reloads. - * - * Revision 1.68 2007/10/19 16:32:34 fabiankeil - * Plug memory leak introduced with my last commit. - * - * Revision 1.67 2007/10/14 14:12:41 fabiankeil - * When in daemon mode, close stderr after the configuration file has been - * parsed the first time. If logfile isn't set, stop logging. Fixes BR#897436. - * - * Revision 1.66 2007/08/05 14:02:09 fabiankeil - * #1763173 from Stefan Huehner: declare unload_configfile() static. - * - * Revision 1.65 2007/07/21 11:51:36 fabiankeil - * As Hal noticed, checking dispatch_cgi() as the last cruncher - * looks like a bug if CGI requests are blocked unintentionally, - * so don't do it unless the user enabled the new config option - * "allow-cgi-request-crunching". - * - * Revision 1.64 2007/05/21 10:44:08 fabiankeil - * - Use strlcpy() instead of strcpy(). - * - Stop treating actions files special. Expect a complete file name - * (with or without path) like it's done for the rest of the files. - * Closes FR#588084. - * - Remove an unnecessary temporary memory allocation. - * - Don't log anything to the console when running as - * daemon and no errors occurred. - * - * Revision 1.63 2007/04/09 18:11:36 fabiankeil - * Don't mistake VC++'s _snprintf() for a snprintf() replacement. - * - * Revision 1.62 2007/03/17 15:20:05 fabiankeil - * New config option: enforce-blocks. - * - * Revision 1.61 2007/03/16 16:47:35 fabiankeil - * - Mention other reasons why acl directive loading might have failed. - * - Don't log the acl source if the acl destination is to blame. - * - * Revision 1.60 2007/01/27 13:09:16 fabiankeil - * Add new config option "templdir" to - * change the templates directory. - * - * Revision 1.59 2006/12/31 17:56:38 fabiankeil - * Added config option accept-intercepted-requests - * and disabled it by default. - * - * Revision 1.58 2006/12/31 14:24:29 fabiankeil - * Fix gcc43 compiler warnings. - * - * Revision 1.57 2006/12/21 12:57:48 fabiankeil - * Add config option "split-large-forms" - * to work around the browser bug reported - * in BR #1570678. - * - * Revision 1.56 2006/12/17 17:04:51 fabiankeil - * Move the
in the generated HTML for the config - * options from the beginning of the string to its end. - * Keeps the white space in balance. - * - * Revision 1.55 2006/11/28 15:31:52 fabiankeil - * Fix memory leak in case of config file reloads. - * - * Revision 1.54 2006/10/21 16:04:22 fabiankeil - * Modified kludge for win32 to make ming32 menu - * "Options/Edit Filters" (sort of) work again. - * Same limitations as for the action files apply. - * Fixes BR 1567373. - * - * Revision 1.53 2006/09/06 18:45:03 fabiankeil - * Incorporate modified version of Roland Rosenfeld's patch to - * optionally access the user-manual via Privoxy. Closes patch 679075. - * - * Formatting changed to Privoxy style, added call to - * cgi_error_no_template if the requested file doesn't - * exist and modified check whether or not Privoxy itself - * should serve the manual. Should work cross-platform now. - * - * Revision 1.52 2006/09/06 10:43:32 fabiankeil - * Added config option enable-remote-http-toggle - * to specify if Privoxy should recognize special - * headers (currently only X-Filter) to change its - * behaviour. Disabled by default. - * - * Revision 1.51 2006/09/06 09:23:37 fabiankeil - * Make number of retries in case of forwarded-connect problems - * a config file option (forwarded-connect-retries) and use 0 as - * default. - * - * Revision 1.50 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.48.2.7 2006/02/02 17:29:16 david__schmidt - * Don't forget to malloc space for the null terminator... - * - * Revision 1.48.2.6 2006/01/29 23:10:56 david__schmidt - * Multiple filter file support - * - * Revision 1.48.2.5 2003/05/08 15:17:25 oes - * Closed two memory leaks; hopefully the last remaining ones - * (in the main execution paths, anyway). - * - * Revision 1.48.2.4 2003/04/11 12:06:14 oes - * Addressed bug #719435 - * - Extraneous filterfile directives now logged as errors - * - This and unrecnonised directives now really obvious on status page - * - * Revision 1.48.2.3 2003/03/11 11:53:59 oes - * Cosmetic: Renamed cryptic variable - * - * Revision 1.48.2.2 2002/11/12 16:28:20 oes - * Move unrelated variable declaration out of #ifdef FEATURE_ACL; fixes bug #636655 - * - * Revision 1.48.2.1 2002/08/21 17:58:05 oes - * Temp kludge to let user and default action file be edited through win32 GUI (FR 592080) - * - * Revision 1.48 2002/05/14 21:30:38 oes - * savearg now uses own linking code instead of (now special-cased) add_help_link - * - * Revision 1.47 2002/05/12 21:36:29 jongfoster - * Correcting function comments - * - * Revision 1.46 2002/04/26 12:55:14 oes - * - New option "user-manual", defaults to our site - * via project.h #define - * - savearg now embeds option names in help links - * - * Revision 1.45 2002/04/24 02:11:54 oes - * Jon's multiple AF patch: Allow up to MAX_AF_FILES actionsfile options - * - * Revision 1.44 2002/04/08 20:37:13 swa - * fixed JB spelling - * - * Revision 1.43 2002/04/08 20:36:50 swa - * fixed JB spelling - * - * Revision 1.42 2002/04/05 15:50:15 oes - * fix for invalid HTML proxy_args - * - * Revision 1.41 2002/03/31 17:19:00 jongfoster - * Win32 only: Enabling STRICT to fix a VC++ compile warning. - * - * Revision 1.40 2002/03/26 22:29:55 swa - * we have a new homepage! - * - * Revision 1.39 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.38 2002/03/24 13:05:48 jongfoster - * Renaming re_filterfile to filterfile - * - * Revision 1.37 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.36 2002/03/13 00:27:05 jongfoster - * Killing warnings - * - * Revision 1.35 2002/03/07 03:52:44 oes - * Set logging to tty for --no-daemon mode - * - * Revision 1.34 2002/03/06 23:14:35 jongfoster - * Trivial cosmetic changes to make function comments easier to find. - * - * Revision 1.33 2002/03/05 04:52:42 oes - * Deleted non-errlog debugging code - * - * Revision 1.32 2002/03/04 18:24:53 oes - * Re-enabled output of unknown config directive hash - * - * Revision 1.31 2002/03/03 15:07:20 oes - * Re-enabled automatic config reloading - * - * Revision 1.30 2002/01/22 23:31:43 jongfoster - * Replacing strsav() with string_append() - * - * Revision 1.29 2002/01/17 21:02:30 jongfoster - * Moving all our URL and URL pattern parsing code to urlmatch.c. - * - * Renaming free_url to free_url_spec, since it frees a struct url_spec. - * - * Revision 1.28 2001/12/30 14:07:32 steudten - * - Add signal handling (unix) - * - Add SIGHUP handler (unix) - * - Add creation of pidfile (unix) - * - Add action 'top' in rc file (RH) - * - Add entry 'SIGNALS' to manpage - * - Add exit message to logfile (unix) - * - * Revision 1.27 2001/11/07 00:02:13 steudten - * Add line number in error output for lineparsing for - * actionsfile and configfile. - * Special handling for CLF added. - * - * Revision 1.26 2001/11/05 21:41:43 steudten - * Add changes to be a real daemon just for unix os. - * (change cwd to /, detach from controlling tty, set - * process group and session leader to the own process. - * Add DBG() Macro. - * Add some fatal-error log message for failed malloc(). - * Add '-d' if compiled with 'configure --with-debug' to - * enable debug output. - * - * Revision 1.25 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.24 2001/10/23 21:40:30 jongfoster - * Added support for enable-edit-actions and enable-remote-toggle config - * file options. - * - * Revision 1.23 2001/10/07 15:36:00 oes - * Introduced new config option "buffer-limit" - * - * Revision 1.22 2001/09/22 16:36:59 jongfoster - * Removing unused parameter fs from read_config_line() - * - * Revision 1.21 2001/09/16 17:10:43 jongfoster - * Moving function savearg() here, since it was the only thing left in - * showargs.c. - * - * Revision 1.20 2001/07/30 22:08:36 jongfoster - * Tidying up #defines: - * - All feature #defines are now of the form FEATURE_xxx - * - Permanently turned off WIN_GUI_EDIT - * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS - * - * Revision 1.19 2001/07/15 17:45:16 jongfoster - * Removing some unused #includes - * - * Revision 1.18 2001/07/13 14:01:14 oes - * - Removed all #ifdef PCRS - * - Removed vim-settings - * - * Revision 1.17 2001/06/29 13:31:03 oes - * - Improved comments - * - Fixed (actionsfile) and sorted hashes - * - Introduced admin_address and proxy-info-url - * as config parameters - * - Renamed config->proxy_args_invocation (which didn't have - * the invocation but the options!) to config->proxy_args - * - Various adaptions - * - Removed logentry from cancelled commit - * - * Revision 1.16 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.15 2001/06/07 23:13:40 jongfoster - * Merging ACL and forward files into config file. - * Cosmetic: Sorting config file options alphabetically. - * Cosmetic: Adding brief syntax comments to config file options. - * - * Revision 1.14 2001/06/07 14:46:25 joergs - * Missing make_path() added for re_filterfile. - * - * Revision 1.13 2001/06/05 22:33:54 jongfoster - * - * Fixed minor memory leak. - * Also now uses make_path to prepend the pathnames. - * - * Revision 1.12 2001/06/05 20:04:09 jongfoster - * Now uses _snprintf() in place of snprintf() under Win32. - * - * Revision 1.11 2001/06/04 18:31:58 swa - * files are now prefixed with either `confdir' or `logdir'. - * `make redhat-dist' replaces both entries confdir and logdir - * with redhat values - * - * Revision 1.10 2001/06/03 19:11:54 oes - * introduced confdir option - * - * Revision 1.9 2001/06/01 20:06:24 jongfoster - * Removed support for "tinygif" option - moved to actions file. - * - * Revision 1.8 2001/05/31 21:27:13 jongfoster - * Removed many options from the config file and into the - * "actions" file: add_forwarded, suppress_vanilla_wafer, - * wafer, add_header, user_agent, referer, from - * Also globally replaced "permission" with "action". - * - * Revision 1.7 2001/05/29 09:50:24 jongfoster - * Unified blocklist/imagelist/permissionslist. - * File format is still under discussion, but the internal changes - * are (mostly) done. - * - * Also modified interceptor behaviour: - * - We now intercept all URLs beginning with one of the following - * prefixes (and *only* these prefixes): - * * http://i.j.b/ - * * http://ijbswa.sf.net/config/ - * * http://ijbswa.sourceforge.net/config/ - * - New interceptors "home page" - go to http://i.j.b/ to see it. - * - Internal changes so that intercepted and fast redirect pages - * are not replaced with an image. - * - Interceptors now have the option to send a binary page direct - * to the client. (i.e. ijb-send-banner uses this) - * - Implemented show-url-info interceptor. (Which is why I needed - * the above interceptors changes - a typical URL is - * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif". - * The previous mechanism would not have intercepted that, and - * if it had been intercepted then it then it would have replaced - * it with an image.) - * - * Revision 1.6 2001/05/26 00:28:36 jongfoster - * Automatic reloading of config file. - * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). - * Most of the global variables have been moved to a new - * struct configuration_spec, accessed through csp->config->globalname - * Most of the globals remaining are used by the Win32 GUI. - * - * Revision 1.5 2001/05/25 22:34:30 jongfoster - * Hard tabs->Spaces - * - * Revision 1.4 2001/05/22 18:46:04 oes - * - * - Enabled filtering banners by size rather than URL - * by adding patterns that replace all standard banner - * sizes with the "Junkbuster" gif to the re_filterfile - * - * - Enabled filtering WebBugs by providing a pattern - * which kills all 1x1 images - * - * - Added support for PCRE_UNGREEDY behaviour to pcrs, - * which is selected by the (nonstandard and therefore - * capital) letter 'U' in the option string. - * It causes the quantifiers to be ungreedy by default. - * Appending a ? turns back to greedy (!). - * - * - Added a new interceptor ijb-send-banner, which - * sends back the "Junkbuster" gif. Without imagelist or - * MSIE detection support, or if tinygif = 1, or the - * URL isn't recognized as an imageurl, a lame HTML - * explanation is sent instead. - * - * - Added new feature, which permits blocking remote - * script redirects and firing back a local redirect - * to the browser. - * The feature is conditionally compiled, i.e. it - * can be disabled with --disable-fast-redirects, - * plus it must be activated by a "fast-redirects" - * line in the config file, has its own log level - * and of course wants to be displayed by show-proxy-args - * Note: Boy, all the #ifdefs in 1001 locations and - * all the fumbling with configure.in and acconfig.h - * were *way* more work than the feature itself :-( - * - * - Because a generic redirect template was needed for - * this, tinygif = 3 now uses the same. - * - * - Moved GIFs, and other static HTTP response templates - * to project.h - * - * - Some minor fixes - * - * - Removed some >400 CRs again (Jon, you really worked - * a lot! ;-) - * - * Revision 1.3 2001/05/20 01:21:20 jongfoster - * Version 2.9.4 checkin. - * - Merged popupfile and cookiefile, and added control over PCRS - * filtering, in new "permissionsfile". - * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration - * file error you now get a message box (in the Win32 GUI) rather - * than the program exiting with no explanation. - * - Made killpopup use the PCRS MIME-type checking and HTTP-header - * skipping. - * - Removed tabs from "config" - * - Moved duplicated url parsing code in "loaders.c" to a new funcition. - * - Bumped up version number. - * - * Revision 1.2 2001/05/17 23:01:01 oes - * - Cleaned CRLF's from the sources and related files - * - * Revision 1.1.1.1 2001/05/15 13:58:58 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -549,6 +52,7 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil # ifndef STRICT # define STRICT # endif +# include # include # include "win32.h" @@ -558,16 +62,15 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil #else /* ifndef _WIN32 */ -#ifndef __OS2__ # include # include -#endif # include # include # include #endif +#include "project.h" #include "loadcfg.h" #include "list.h" #include "jcc.h" @@ -580,19 +83,20 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.97 2009/04/17 11:45:19 fabiankeil #include "urlmatch.h" #include "cgi.h" #include "gateway.h" +#ifdef FEATURE_CLIENT_TAGS +#include "client-tags.h" +#endif -const char loadcfg_h_rcs[] = LOADCFG_H_VERSION; +/* + * Default number of seconds after which an + * open connection will no longer be reused. + */ +#define DEFAULT_KEEP_ALIVE_TIMEOUT 180 /* - * Fix a problem with Solaris. There should be no effect on other - * platforms. - * Solaris's isspace() is a macro which uses it's argument directly - * as an array index. Therefore we need to make sure that high-bit - * characters generate +ve values, and ideally we also want to make - * the argument match the declared parameter type of "int". + * Default backlog passed to listen(). */ -#define ijb_isupper(__X) isupper((int)(unsigned char)(__X)) -#define ijb_tolower(__X) tolower((int)(unsigned char)(__X)) +#define DEFAULT_LISTEN_BACKLOG 128 #ifdef FEATURE_TOGGLE /* Privoxy is enabled by default. */ @@ -607,7 +111,7 @@ const char *configfile = NULL; * so we will make argc and argv global. */ int Argc = 0; -const char **Argv = NULL; +char * const * Argv = NULL; static struct file_list *current_configfile = NULL; @@ -615,63 +119,90 @@ static struct file_list *current_configfile = NULL; /* * This takes the "cryptic" hash of each keyword and aliases them to * something a little more readable. This also makes changing the - * hash values easier if they should change or the hash algorthm changes. - * Use the included "hash" program to find out what the hash will be - * for any string supplied on the command line. (Or just put it in the - * config file and read the number from the error message in the log). + * hash values easier if they should change or the hash algorithm changes. + * To find out the hash for a new directive put it in the config file + * and read the number from the error message in the log). * * Please keep this list sorted alphabetically (but with the Windows * console and GUI specific options last). */ -#define hash_actions_file 1196306641ul /* "actionsfile" */ -#define hash_accept_intercepted_requests 1513024973ul /* "accept-intercepted-requests" */ -#define hash_admin_address 4112573064ul /* "admin-address" */ -#define hash_allow_cgi_request_crunching 258915987ul /* "allow-cgi-request-crunching" */ -#define hash_buffer_limit 1881726070ul /* "buffer-limit */ -#define hash_confdir 1978389ul /* "confdir" */ -#define hash_debug 78263ul /* "debug" */ -#define hash_deny_access 1227333715ul /* "deny-access" */ -#define hash_enable_edit_actions 2517097536ul /* "enable-edit-actions" */ -#define hash_enable_remote_toggle 2979744683ul /* "enable-remote-toggle" */ -#define hash_enable_remote_http_toggle 110543988ul /* "enable-remote-http-toggle" */ -#define hash_enforce_blocks 1862427469ul /* "enforce-blocks" */ -#define hash_filterfile 250887266ul /* "filterfile" */ -#define hash_forward 2029845ul /* "forward" */ -#define hash_forward_socks4 3963965521ul /* "forward-socks4" */ -#define hash_forward_socks4a 2639958518ul /* "forward-socks4a" */ -#define hash_forward_socks5 3963965522ul /* "forward-socks5" */ -#define hash_forwarded_connect_retries 101465292ul /* "forwarded-connect-retries" */ -#define hash_hostname 10308071ul /* "hostname" */ -#define hash_keep_alive_timeout 3878599515ul /* "keep-alive-timeout" */ -#define hash_listen_address 1255650842ul /* "listen-address" */ -#define hash_logdir 422889ul /* "logdir" */ -#define hash_logfile 2114766ul /* "logfile" */ -#define hash_max_client_connections 3595884446ul /* "max-client-connections" */ -#define hash_permit_access 3587953268ul /* "permit-access" */ -#define hash_proxy_info_url 3903079059ul /* "proxy-info-url" */ -#define hash_single_threaded 4250084780ul /* "single-threaded" */ -#define hash_socket_timeout 1809001761ul /* "socket-timeout" */ -#define hash_split_large_cgi_forms 671658948ul /* "split-large-cgi-forms" */ -#define hash_suppress_blocklists 1948693308ul /* "suppress-blocklists" */ -#define hash_templdir 11067889ul /* "templdir" */ -#define hash_toggle 447966ul /* "toggle" */ -#define hash_trust_info_url 430331967ul /* "trust-info-url" */ -#define hash_trustfile 56494766ul /* "trustfile" */ -#define hash_usermanual 1416668518ul /* "user-manual" */ -#define hash_activity_animation 1817904738ul /* "activity-animation" */ -#define hash_close_button_minimizes 3651284693ul /* "close-button-minimizes" */ -#define hash_hide_console 2048809870ul /* "hide-console" */ -#define hash_log_buffer_size 2918070425ul /* "log-buffer-size" */ -#define hash_log_font_name 2866730124ul /* "log-font-name" */ -#define hash_log_font_size 2866731014ul /* "log-font-size" */ -#define hash_log_highlight_messages 4032101240ul /* "log-highlight-messages" */ -#define hash_log_max_lines 2868344173ul /* "log-max-lines" */ -#define hash_log_messages 2291744899ul /* "log-messages" */ -#define hash_show_on_task_bar 215410365ul /* "show-on-task-bar" */ +#define hash_actions_file 1196306641U /* "actionsfile" */ +#define hash_accept_intercepted_requests 1513024973U /* "accept-intercepted-requests" */ +#define hash_admin_address 4112573064U /* "admin-address" */ +#define hash_allow_cgi_request_crunching 258915987U /* "allow-cgi-request-crunching" */ +#define hash_buffer_limit 1881726070U /* "buffer-limit */ +#define hash_ca_cert_file 1622923720U /* "ca-cert-file" */ +#define hash_ca_directory 1623615670U /* "ca-directory" */ +#define hash_ca_key_file 1184187891U /* "ca-key-file" */ +#define hash_ca_password 1184543320U /* "ca-password" */ +#define hash_certificate_directory 1367994217U /* "certificate-directory" */ +#define hash_cipher_list 1225729316U /* "cipher-list" */ +#define hash_client_header_order 2701453514U /* "client-header-order" */ +#define hash_client_specific_tag 3353703383U /* "client-specific-tag" */ +#define hash_client_tag_lifetime 647957580U /* "client-tag-lifetime" */ +#define hash_compression_level 2464423563U /* "compression-level" */ +#define hash_confdir 1978389U /* "confdir" */ +#define hash_connection_sharing 1348841265U /* "connection-sharing" */ +#define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */ +#define hash_debug 78263U /* "debug" */ +#define hash_default_server_timeout 2530089913U /* "default-server-timeout" */ +#define hash_deny_access 1227333715U /* "deny-access" */ +#define hash_enable_accept_filter 2909040407U /* "enable-accept-filter" */ +#define hash_enable_edit_actions 2517097536U /* "enable-edit-actions" */ +#define hash_enable_compression 3943696946U /* "enable-compression" */ +#define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */ +#define hash_enable_remote_toggle 2979744683U /* "enable-remote-toggle" */ +#define hash_enable_remote_http_toggle 110543988U /* "enable-remote-http-toggle" */ +#define hash_enforce_blocks 1862427469U /* "enforce-blocks" */ +#define hash_filterfile 250887266U /* "filterfile" */ +#define hash_forward 2029845U /* "forward" */ +#define hash_forward_socks4 3963965521U /* "forward-socks4" */ +#define hash_forward_socks4a 2639958518U /* "forward-socks4a" */ +#define hash_forward_socks5 3963965522U /* "forward-socks5" */ +#define hash_forward_socks5t 2639958542U /* "forward-socks5t" */ +#define hash_forwarded_connect_retries 101465292U /* "forwarded-connect-retries" */ +#define hash_handle_as_empty_returns_ok 1444873247U /* "handle-as-empty-doc-returns-ok" */ +#define hash_hostname 10308071U /* "hostname" */ +#define hash_keep_alive_timeout 3878599515U /* "keep-alive-timeout" */ +#define hash_listen_address 1255650842U /* "listen-address" */ +#define hash_listen_backlog 1255655735U /* "listen-backlog" */ +#define hash_logdir 422889U /* "logdir" */ +#define hash_logfile 2114766U /* "logfile" */ +#define hash_max_client_connections 3595884446U /* "max-client-connections" */ +#define hash_permit_access 3587953268U /* "permit-access" */ +#define hash_proxy_info_url 3903079059U /* "proxy-info-url" */ +#define hash_receive_buffer_size 2880297454U /* "receive-buffer-size */ +#define hash_single_threaded 4250084780U /* "single-threaded" */ +#define hash_socket_timeout 1809001761U /* "socket-timeout" */ +#define hash_split_large_cgi_forms 671658948U /* "split-large-cgi-forms" */ +#define hash_suppress_blocklists 1948693308U /* "suppress-blocklists" */ +#define hash_templdir 11067889U /* "templdir" */ +#define hash_temporary_directory 1824125181U /* "temporary-directory" */ +#define hash_tolerate_pipelining 1360286620U /* "tolerate-pipelining" */ +#define hash_toggle 447966U /* "toggle" */ +#define hash_trust_info_url 430331967U /* "trust-info-url" */ +#define hash_trust_x_forwarded_for 2971537414U /* "trust-x-forwarded-for" */ +#define hash_trusted_cgi_referrer 4270883427U /* "trusted-cgi-referrer" */ +#define hash_trusted_cas_file 2679803024U /* "trusted-cas-files" */ +#define hash_trustfile 56494766U /* "trustfile" */ +#define hash_usermanual 1416668518U /* "user-manual" */ +#define hash_activity_animation 1817904738U /* "activity-animation" */ +#define hash_close_button_minimizes 3651284693U /* "close-button-minimizes" */ +#define hash_hide_console 2048809870U /* "hide-console" */ +#define hash_log_buffer_size 2918070425U /* "log-buffer-size" */ +#define hash_log_font_name 2866730124U /* "log-font-name" */ +#define hash_log_font_size 2866731014U /* "log-font-size" */ +#define hash_log_highlight_messages 4032101240U /* "log-highlight-messages" */ +#define hash_log_max_lines 2868344173U /* "log-max-lines" */ +#define hash_log_messages 2291744899U /* "log-messages" */ +#define hash_show_on_task_bar 215410365U /* "show-on-task-bar" */ static void savearg(char *command, char *argument, struct configuration_spec * config); +#ifdef FEATURE_CLIENT_TAGS +static void free_client_specific_tags(struct client_tag_spec *tag_list); +#endif /********************************************************************* * @@ -706,11 +237,9 @@ static void unload_configfile (void * data) while (cur_fwd != NULL) { struct forward_spec * next_fwd = cur_fwd->next; - free_url_spec(cur_fwd->url); - freez(cur_fwd->gateway_host); - freez(cur_fwd->forward_host); - free(cur_fwd); + unload_forward_spec(cur_fwd); + cur_fwd = next_fwd; } config->forward = NULL; @@ -719,8 +248,14 @@ static void unload_configfile (void * data) freez(config->logdir); freez(config->templdir); freez(config->hostname); +#ifdef FEATURE_EXTERNAL_FILTERS + freez(config->temporary_directory); +#endif - freez(config->haddr); + for (i = 0; i < MAX_LISTENING_SOCKETS; i++) + { + freez(config->haddr[i]); + } freez(config->logfile); for (i = 0; i < MAX_AF_FILES; i++) @@ -731,20 +266,33 @@ static void unload_configfile (void * data) freez(config->re_filterfile[i]); } + list_remove_all(config->ordered_client_headers); + freez(config->admin_address); + freez(config->cors_allowed_origin); freez(config->proxy_info_url); freez(config->proxy_args); freez(config->usermanual); + freez(config->trusted_cgi_referrer); + +#ifdef FEATURE_HTTPS_INSPECTION + freez(config->ca_password); + freez(config->ca_directory); + freez(config->ca_cert_file); + freez(config->ca_key_file); + freez(config->certificate_directory); + freez(config->cipher_list); + freez(config->trusted_cas_file); +#endif #ifdef FEATURE_TRUST freez(config->trustfile); list_remove_all(config->trust_info); #endif /* def FEATURE_TRUST */ - for (i = 0; i < MAX_AF_FILES; i++) - { - freez(config->re_filterfile[i]); - } +#ifdef FEATURE_CLIENT_TAGS + free_client_specific_tags(config->client_tags); +#endif freez(config); } @@ -774,6 +322,241 @@ void unload_current_config_file(void) #endif +#ifdef FEATURE_CLIENT_TAGS +/********************************************************************* + * + * Function : register_tag + * + * Description : Registers a client-specific-tag and its description + * + * Parameters : + * 1 : config: The tag list + * 2 : name: The name of the client-specific-tag + * 3 : description: The human-readable description for the tag + * + * Returns : N/A + * + *********************************************************************/ +static void register_tag(struct client_tag_spec *tag_list, + const char *name, const char *description) +{ + struct client_tag_spec *new_tag; + struct client_tag_spec *last_tag; + + last_tag = tag_list; + while (last_tag->next != NULL) + { + last_tag = last_tag->next; + } + if (last_tag->name == NULL) + { + /* First entry */ + new_tag = last_tag; + } + else + { + new_tag = zalloc_or_die(sizeof(struct client_tag_spec)); + } + new_tag->name = strdup_or_die(name); + new_tag->description = strdup_or_die(description); + if (new_tag != last_tag) + { + last_tag->next = new_tag; + } +} + + +/********************************************************************* + * + * Function : free_client_specific_tags + * + * Description : Frees client-specific tags and their descriptions + * + * Parameters : + * 1 : tag_list: The tag list to free + * + * Returns : N/A + * + *********************************************************************/ +static void free_client_specific_tags(struct client_tag_spec *tag_list) +{ + struct client_tag_spec *this_tag; + struct client_tag_spec *next_tag; + + next_tag = tag_list; + do + { + this_tag = next_tag; + next_tag = next_tag->next; + + freez(this_tag->name); + freez(this_tag->description); + + if (this_tag != tag_list) + { + freez(this_tag); + } + } while (next_tag != NULL); +} +#endif /* def FEATURE_CLIENT_TAGS */ + + +/********************************************************************* + * + * Function : parse_numeric_value + * + * Description : Parse the value of a directive that can only have + * a single numeric value. Terminates with a fatal error + * if the value is NULL or not numeric. + * + * Parameters : + * 1 : name: The name of the directive. Used for log messages. + * 2 : value: The value to parse + * + * + * Returns : The numerical value as integer + * + *********************************************************************/ +static int parse_numeric_value(const char *name, const char *value) +{ + int number; + char *endptr; + + assert(name != NULL); + assert(value != NULL); + + if ((value == NULL) || (*value == '\0')) + { + log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name); + } + + number = (int)strtol(value, &endptr, 0); + if (*endptr != '\0') + { + log_error(LOG_LEVEL_FATAL, + "Directive '%s' used with non-numerical value: '%s'", name, value); + } + + return number; + +} + + +/********************************************************************* + * + * Function : parse_toggle_value + * + * Description : Parse the value of a directive that can only be + * enabled or disabled. Terminates with a fatal error + * if the value is NULL or something other than 0 or 1. + * + * Parameters : + * 1 : name: The name of the directive. Used for log messages. + * 2 : value: The value to parse + * + * + * Returns : The numerical toggle state + * + *********************************************************************/ +static int parse_toggle_state(const char *name, const char *value) +{ + int toggle_state; + assert(name != NULL); + assert(value != NULL); + + if ((value == NULL) || (*value == '\0')) + { + log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name); + } + + toggle_state = atoi(value); + + /* + * Also check the length as atoi() doesn't mind + * garbage after a valid integer, but we do. + */ + if (((toggle_state != 0) && (toggle_state != 1)) || (strlen(value) != 1)) + { + log_error(LOG_LEVEL_FATAL, + "Directive %s used with invalid argument '%s'. Use either '0' or '1'.", + name, value); + } + + return toggle_state; + +} + + +/********************************************************************* + * + * Function : parse_client_header_order + * + * Description : Parse the value of the header-order directive + * + * Parameters : + * 1 : ordered_header_list: List to insert the ordered + * headers into. + * 2 : ordered_headers: The ordered header names separated + * by spaces or tabs. + * + * + * Returns : N/A + * + *********************************************************************/ +static void parse_client_header_order(struct list *ordered_header_list, const char *ordered_headers) +{ + char *original_headers_copy; + char **vector; + size_t max_segments; + int number_of_headers; + int i; + + assert(ordered_header_list != NULL); + assert(ordered_headers != NULL); + + if (ordered_headers == NULL) + { + log_error(LOG_LEVEL_FATAL, "header-order used without argument"); + } + + /* + * XXX: This estimate is guaranteed to be high enough as we + * let ssplit() ignore empty fields, but also a bit wasteful. + * The same hack is used in get_last_url() so it looks like + * a real solution is needed. + */ + max_segments = strlen(ordered_headers) / 2; + if (max_segments == 0) + { + max_segments = 1; + } + vector = malloc_or_die(max_segments * sizeof(char *)); + + original_headers_copy = strdup_or_die(ordered_headers); + + number_of_headers = ssplit(original_headers_copy, "\t ", vector, max_segments); + if (number_of_headers == -1) + { + log_error(LOG_LEVEL_FATAL, "Failed to split ordered headers"); + } + + for (i = 0; i < number_of_headers; i++) + { + if (JB_ERR_OK != enlist(ordered_header_list, vector[i])) + { + log_error(LOG_LEVEL_FATAL, + "Failed to enlist ordered header: %s", vector[i]); + } + } + + freez(vector); + freez(original_headers_copy); + + return; + +} + + /********************************************************************* * * Function : load_config @@ -790,7 +573,7 @@ void unload_current_config_file(void) *********************************************************************/ struct configuration_spec * load_config(void) { - char buf[BUFFER_SIZE]; + char *buf = NULL; char *p, *q; FILE *configfp = NULL; struct configuration_spec * config = NULL; @@ -798,9 +581,13 @@ struct configuration_spec * load_config(void) struct file_list *fs; unsigned long linenum = 0; int i; - char *logfile = NULL; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE - int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; + char *logfile = NULL; +#ifdef FEATURE_HTTPS_INSPECTION + char *ca_cert_file = NULL; + char *ca_key_file = NULL; + char *ca_directory = NULL; + char *trusted_cas_file = NULL; + char *certificate_directory = NULL; #endif if (!check_file_changed(current_configfile, configfile, &fs)) @@ -824,15 +611,7 @@ struct configuration_spec * load_config(void) global_toggle_state = 1; #endif /* def FEATURE_TOGGLE */ - fs->f = config = (struct configuration_spec *)zalloc(sizeof(*config)); - - if (NULL == config) - { - freez(fs->filename); - freez(fs); - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - return NULL; - } + fs->f = config = zalloc_or_die(sizeof(*config)); /* * This is backwards from how it's usually done. @@ -850,14 +629,55 @@ struct configuration_spec * load_config(void) */ config->multi_threaded = 1; config->buffer_limit = 4096 * 1024; - config->usermanual = strdup(USER_MANUAL_URL); - config->proxy_args = strdup(""); + config->receive_buffer_size = BUFFER_SIZE; + config->usermanual = strdup_or_die(USER_MANUAL_URL); + config->proxy_args = strdup_or_die(""); config->forwarded_connect_retries = 0; - config->max_client_connections = 0; +#ifdef FEATURE_HTTPS_INSPECTION + config->ca_password = strdup(""); + ca_cert_file = strdup("cacert.crt"); + ca_key_file = strdup("cakey.pem"); + ca_directory = strdup("./CA"); + trusted_cas_file = strdup("trustedCAs.pem"); + certificate_directory = strdup("./certs"); +#endif + +#ifdef FEATURE_CLIENT_TAGS + config->client_tag_lifetime = 60; +#endif + config->trust_x_forwarded_for = 0; +#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) + config->enable_accept_filter = 0; +#endif + config->listen_backlog = DEFAULT_LISTEN_BACKLOG; + config->trusted_cgi_referrer = NULL; + /* + * 128 client sockets ought to be enough for everybody who can't + * be bothered to read the documentation to figure out how to + * increase the limit. + */ + config->max_client_connections = 128; config->socket_timeout = 300; /* XXX: Should be a macro. */ +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + config->default_server_timeout = 0; + config->keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; +#endif config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE; config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS; config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS; + config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; + config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS; +#ifdef FEATURE_COMPRESSION + config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION; + /* + * XXX: Run some benchmarks to see if there are better default values. + */ + config->compression_level = 1; +#endif + config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING; + config->cors_allowed_origin = NULL; configfp = fopen(configfile, "r"); if (NULL == configfp) @@ -867,7 +687,7 @@ struct configuration_spec * load_config(void) /* Never get here - LOG_LEVEL_FATAL causes program exit */ } - while (read_config_line(buf, sizeof(buf), configfp, &linenum) != NULL) + while (read_config_line(configfp, &linenum, &buf) != NULL) { char cmd[BUFFER_SIZE]; char arg[BUFFER_SIZE]; @@ -878,7 +698,7 @@ struct configuration_spec * load_config(void) struct forward_spec *cur_fwd; int vec_count; char *vec[3]; - unsigned long directive_hash; + unsigned int directive_hash; strlcpy(tmp, buf, sizeof(tmp)); @@ -898,20 +718,24 @@ struct configuration_spec * load_config(void) } /* Copy the argument into arg */ - strlcpy(arg, p, sizeof(arg)); + if (strlcpy(arg, p, sizeof(arg)) >= sizeof(arg)) + { + log_error(LOG_LEVEL_FATAL, "Config line too long: %s", buf); + } /* Should never happen, but check this anyway */ if (*cmd == '\0') { + freez(buf); continue; } /* Make sure the command field is lower case */ for (p = cmd; *p; p++) { - if (ijb_isupper(*p)) + if (privoxy_isupper(*p)) { - *p = (char)ijb_tolower(*p); + *p = (char)privoxy_tolower(*p); } } @@ -935,7 +759,7 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).", MAX_AF_FILES); } - config->actions_file_short[i] = strdup(arg); + config->actions_file_short[i] = strdup_or_die(arg); config->actions_file[i] = make_path(config->confdir, arg); break; @@ -943,7 +767,7 @@ struct configuration_spec * load_config(void) * accept-intercepted-requests * *************************************************************************/ case hash_accept_intercepted_requests: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS; } @@ -958,14 +782,14 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_admin_address : freez(config->admin_address); - config->admin_address = strdup(arg); + config->admin_address = strdup_or_die(arg); break; /* ************************************************************************* * allow-cgi-request-crunching * *************************************************************************/ case hash_allow_cgi_request_crunching: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING; } @@ -979,15 +803,125 @@ struct configuration_spec * load_config(void) * buffer-limit n * *************************************************************************/ case hash_buffer_limit : - config->buffer_limit = (size_t)(1024 * atoi(arg)); + config->buffer_limit = (size_t)(1024 * parse_numeric_value(cmd, arg)); + break; + +/* ************************************************************************* + * client-header-order header-1 header-2 ... header-n + * *************************************************************************/ + case hash_client_header_order: + list_remove_all(config->ordered_client_headers); + parse_client_header_order(config->ordered_client_headers, arg); + break; + +/* ************************************************************************* + * client-specific-tag tag-name description + * *************************************************************************/ +#ifdef FEATURE_CLIENT_TAGS + case hash_client_specific_tag: + { + char *name; + char *description; + + name = arg; + description = strstr(arg, " "); + if (description == NULL) + { + log_error(LOG_LEVEL_FATAL, + "client-specific-tag '%s' lacks a description.", name); + } + *description = '\0'; + /* + * The length is limited because we don't want truncated + * HTML caused by the cgi interface using static buffer + * sizes. + */ + if (strlen(name) > CLIENT_TAG_LENGTH_MAX) + { + log_error(LOG_LEVEL_FATAL, + "client-specific-tag '%s' is longer than %d characters.", + name, CLIENT_TAG_LENGTH_MAX); + } + description++; + register_tag(config->client_tags, name, description); + } + break; +#endif /* def FEATURE_CLIENT_TAGS */ + +/* ************************************************************************* + * client-tag-lifetime ttl + * *************************************************************************/ +#ifdef FEATURE_CLIENT_TAGS + case hash_client_tag_lifetime: + { + int ttl = parse_numeric_value(cmd, arg); + if (0 <= ttl) + { + config->client_tag_lifetime = (unsigned)ttl; + } + else + { + log_error(LOG_LEVEL_FATAL, + "client-tag-lifetime can't be negative."); + } + break; + } +#endif /* def FEATURE_CLIENT_TAGS */ + +/* ************************************************************************* + * confdir directory-name + * *************************************************************************/ + case hash_confdir : + freez(config->confdir); + config->confdir = make_path(NULL, arg); + break; + +/* ************************************************************************* + * compression-level 0-9 + * *************************************************************************/ +#ifdef FEATURE_COMPRESSION + case hash_compression_level : + { + int compression_level = parse_numeric_value(cmd, arg); + if (-1 <= compression_level && compression_level <= 9) + { + config->compression_level = compression_level; + } + else + { + log_error(LOG_LEVEL_FATAL, + "Invalid compression-level value: %s", arg); + } + break; + } +#endif + +/* ************************************************************************* + * connection-sharing (0|1) + * *************************************************************************/ +#ifdef FEATURE_CONNECTION_SHARING + case hash_connection_sharing : + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; + } break; +#endif /* ************************************************************************* - * confdir directory-name + * cors-allowed-origin http://www.example.org * *************************************************************************/ - case hash_confdir : - freez(config->confdir); - config->confdir = make_path( NULL, arg); + case hash_cors_allowed_origin : + /* + * We don't validate the specified referrer as + * it's only used for string comparison. + */ + freez(config->cors_allowed_origin); + config->cors_allowed_origin = strdup_or_die(arg); break; /* ************************************************************************* @@ -995,8 +929,28 @@ struct configuration_spec * load_config(void) * Specifies debug level, multiple values are ORed together. * *************************************************************************/ case hash_debug : - config->debug |= atoi(arg); + config->debug |= parse_numeric_value(cmd, arg); + break; + +/* ************************************************************************* + * default-server-timeout timeout + * *************************************************************************/ +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + case hash_default_server_timeout : + { + int timeout = parse_numeric_value(cmd, arg); + if (0 <= timeout) + { + config->default_server_timeout = (unsigned int)timeout; + } + else + { + log_error(LOG_LEVEL_FATAL, + "Invalid default-server-timeout value: %s", arg); + } break; + } +#endif /* ************************************************************************* * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]] @@ -1004,7 +958,7 @@ struct configuration_spec * load_config(void) #ifdef FEATURE_ACL case hash_deny_access: strlcpy(tmp, arg, sizeof(tmp)); - vec_count = ssplit(tmp, " \t", vec, SZ(vec), 1, 1); + vec_count = ssplit(tmp, " \t", vec, SZ(vec)); if ((vec_count != 1) && (vec_count != 2)) { @@ -1017,14 +971,7 @@ struct configuration_spec * load_config(void) } /* allocate a new node */ - cur_acl = (struct access_control_list *) zalloc(sizeof(*cur_acl)); - - if (cur_acl == NULL) - { - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - /* Never get here - LOG_LEVEL_FATAL causes program exit */ - break; - } + cur_acl = zalloc_or_die(sizeof(*cur_acl)); cur_acl->action = ACL_DENY; if (acl_addr(vec[0], cur_acl->src) < 0) @@ -1080,12 +1027,21 @@ struct configuration_spec * load_config(void) break; #endif /* def FEATURE_ACL */ +#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) +/* ************************************************************************* + * enable-accept-filter 0|1 + * *************************************************************************/ + case hash_enable_accept_filter : + config->enable_accept_filter = parse_toggle_state(cmd, arg); + break; +#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */ + /* ************************************************************************* * enable-edit-actions 0|1 * *************************************************************************/ #ifdef FEATURE_CGI_EDIT_ACTIONS case hash_enable_edit_actions: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS; } @@ -1096,12 +1052,42 @@ struct configuration_spec * load_config(void) break; #endif /* def FEATURE_CGI_EDIT_ACTIONS */ +/* ************************************************************************* + * enable-compression 0|1 + * *************************************************************************/ +#ifdef FEATURE_COMPRESSION + case hash_enable_compression: + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_COMPRESSION; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION; + } + break; +#endif /* def FEATURE_COMPRESSION */ + +/* ************************************************************************* + * enable-proxy-authentication-forwarding 0|1 + * *************************************************************************/ + case hash_enable_proxy_authentication_forwarding: + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS; + } + break; + /* ************************************************************************* * enable-remote-toggle 0|1 * *************************************************************************/ #ifdef FEATURE_TOGGLE case hash_enable_remote_toggle: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE; } @@ -1116,7 +1102,7 @@ struct configuration_spec * load_config(void) * enable-remote-http-toggle 0|1 * *************************************************************************/ case hash_enable_remote_http_toggle: - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE; } @@ -1131,7 +1117,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_enforce_blocks: #ifdef FEATURE_FORCE_LOAD - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS; } @@ -1162,7 +1148,7 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).", MAX_AF_FILES); } - config->re_filterfile_short[i] = strdup(arg); + config->re_filterfile_short[i] = strdup_or_die(arg); config->re_filterfile[i] = make_path(config->confdir, arg); break; @@ -1172,7 +1158,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_forward: strlcpy(tmp, arg, sizeof(tmp)); - vec_count = ssplit(tmp, " \t", vec, SZ(vec), 1, 1); + vec_count = ssplit(tmp, " \t", vec, SZ(vec)); if (vec_count != 2) { @@ -1185,24 +1171,18 @@ struct configuration_spec * load_config(void) } /* allocate a new node */ - cur_fwd = zalloc(sizeof(*cur_fwd)); - if (cur_fwd == NULL) - { - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - /* Never get here - LOG_LEVEL_FATAL causes program exit */ - break; - } - + cur_fwd = zalloc_or_die(sizeof(*cur_fwd)); cur_fwd->type = SOCKS_NONE; /* Save the URL pattern */ - if (create_url_spec(cur_fwd->url, vec[0])) + if (create_pattern_spec(cur_fwd->url, vec[0])) { log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward " "directive in configuration file."); string_append(&config->proxy_args, "
\nWARNING: Bad URL specifier for " "forward directive in configuration file."); + freez(cur_fwd); break; } @@ -1212,8 +1192,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1227,7 +1208,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_forward_socks4: strlcpy(tmp, arg, sizeof(tmp)); - vec_count = ssplit(tmp, " \t", vec, SZ(vec), 1, 1); + vec_count = ssplit(tmp, " \t", vec, SZ(vec)); if (vec_count != 3) { @@ -1240,24 +1221,18 @@ struct configuration_spec * load_config(void) } /* allocate a new node */ - cur_fwd = zalloc(sizeof(*cur_fwd)); - if (cur_fwd == NULL) - { - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - /* Never get here - LOG_LEVEL_FATAL causes program exit */ - break; - } - + cur_fwd = zalloc_or_die(sizeof(*cur_fwd)); cur_fwd->type = SOCKS_4; /* Save the URL pattern */ - if (create_url_spec(cur_fwd->url, vec[0])) + if (create_pattern_spec(cur_fwd->url, vec[0])) { log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4 " "directive in configuration file."); string_append(&config->proxy_args, "
\nWARNING: Bad URL specifier for " "forward-socks4 directive in configuration file."); + freez(cur_fwd); break; } @@ -1268,8 +1243,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->gateway_port = 1080; - parse_forwarder_address(p, &cur_fwd->gateway_host, - &cur_fwd->gateway_port); + parse_forwarder_address(p, + &cur_fwd->gateway_host, &cur_fwd->gateway_port, + NULL, NULL); } /* Parse the parent HTTP proxy host[:port] */ @@ -1278,8 +1254,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1293,54 +1270,62 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_forward_socks4a: case hash_forward_socks5: + case hash_forward_socks5t: strlcpy(tmp, arg, sizeof(tmp)); - vec_count = ssplit(tmp, " \t", vec, SZ(vec), 1, 1); + vec_count = ssplit(tmp, " \t", vec, SZ(vec)); if (vec_count != 3) { - log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for " - "forward-socks4a directive in configuration file."); + log_error(LOG_LEVEL_ERROR, + "Wrong number of parameters for %s in configuration file.", + cmd); string_append(&config->proxy_args, - "
\nWARNING: Wrong number of parameters for " - "forward-socks4a directive in configuration file."); + "
\nWARNING: Wrong number of parameters for "); + string_append(&config->proxy_args, cmd); + string_append(&config->proxy_args, + "directive in configuration file."); break; } /* allocate a new node */ - cur_fwd = zalloc(sizeof(*cur_fwd)); - if (cur_fwd == NULL) - { - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - /* Never get here - LOG_LEVEL_FATAL causes program exit */ - break; - } + cur_fwd = zalloc_or_die(sizeof(*cur_fwd)); if (directive_hash == hash_forward_socks4a) { cur_fwd->type = SOCKS_4A; } - else + else if (directive_hash == hash_forward_socks5) { cur_fwd->type = SOCKS_5; } + else + { + assert(directive_hash == hash_forward_socks5t); + cur_fwd->type = SOCKS_5T; + } /* Save the URL pattern */ - if (create_url_spec(cur_fwd->url, vec[0])) + if (create_pattern_spec(cur_fwd->url, vec[0])) { - log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4a " - "directive in configuration file."); + log_error(LOG_LEVEL_ERROR, + "Bad URL specifier for %s in configuration file.", + cmd); string_append(&config->proxy_args, - "
\nWARNING: Bad URL specifier for " - "forward-socks4a directive in configuration file."); + "
\nWARNING: Bad URL specifier for "); + string_append(&config->proxy_args, cmd); + string_append(&config->proxy_args, + "directive in configuration file."); + freez(cur_fwd); break; } - /* Parse the SOCKS proxy host[:port] */ + /* Parse the SOCKS proxy [user:pass@]host[:port] */ p = vec[1]; cur_fwd->gateway_port = 1080; - parse_forwarder_address(p, &cur_fwd->gateway_host, - &cur_fwd->gateway_port); + parse_forwarder_address(p, + &cur_fwd->gateway_host, &cur_fwd->gateway_port, + &cur_fwd->auth_username, &cur_fwd->auth_password); /* Parse the parent HTTP proxy host[:port] */ p = vec[2]; @@ -1348,8 +1333,9 @@ struct configuration_spec * load_config(void) if (strcmp(p, ".") != 0) { cur_fwd->forward_port = 8000; - parse_forwarder_address(p, &cur_fwd->forward_host, - &cur_fwd->forward_port); + parse_forwarder_address(p, + &cur_fwd->forward_host, &cur_fwd->forward_port, + NULL, NULL); } /* Add to list. */ @@ -1362,7 +1348,27 @@ struct configuration_spec * load_config(void) * forwarded-connect-retries n * *************************************************************************/ case hash_forwarded_connect_retries : - config->forwarded_connect_retries = atoi(arg); + config->forwarded_connect_retries = parse_numeric_value(cmd, arg); + break; + +/* ************************************************************************* + * handle-as-empty-doc-returns-ok 0|1 + * + * Workaround for firefox hanging on blocked javascript pages. + * Block with the "+handle-as-empty-document" flag and set the + * "handle-as-empty-doc-returns-ok" run-time config flag so that + * Privoxy returns a 200/OK status instead of a 403/Forbidden status + * to the browser for blocked pages. + ***************************************************************************/ + case hash_handle_as_empty_returns_ok: + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK; + } break; /* ************************************************************************* @@ -1370,11 +1376,7 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_hostname : freez(config->hostname); - config->hostname = strdup(arg); - if (NULL == config->hostname) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving hostname."); - } + config->hostname = strdup_or_die(arg); break; /* ************************************************************************* @@ -1382,28 +1384,50 @@ struct configuration_spec * load_config(void) * *************************************************************************/ #ifdef FEATURE_CONNECTION_KEEP_ALIVE case hash_keep_alive_timeout : - if (*arg != '\0') + { + int timeout = parse_numeric_value(cmd, arg); + if (0 < timeout) { - int timeout = atoi(arg); - if (0 <= timeout) - { - config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; - keep_alive_timeout = timeout; - } - else - { - config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; - } + config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; + config->keep_alive_timeout = (unsigned int)timeout; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; } break; + } #endif /* ************************************************************************* * listen-address [ip][:port] * *************************************************************************/ case hash_listen_address : - freez(config->haddr); - config->haddr = strdup(arg); + i = 0; + while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i])) + { + i++; + } + + if (i >= MAX_LISTENING_SOCKETS) + { + log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n" + "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).", + MAX_LISTENING_SOCKETS); + } + config->haddr[i] = strdup_or_die(arg); + break; + +/* ************************************************************************* + * listen-backlog n + * *************************************************************************/ + case hash_listen_backlog : + /* + * We don't enfore an upper or lower limit because on + * many platforms all values are valid and negative + * number mean "use the highest value allowed". + */ + config->listen_backlog = parse_numeric_value(cmd, arg); break; /* ************************************************************************* @@ -1419,7 +1443,7 @@ struct configuration_spec * load_config(void) * In logdir by default * *************************************************************************/ case hash_logfile : - if (!no_daemon) + if (daemon_mode) { logfile = make_path(config->logdir, arg); if (NULL == logfile) @@ -1433,15 +1457,47 @@ struct configuration_spec * load_config(void) * max-client-connections number * *************************************************************************/ case hash_max_client_connections : - if (*arg != '\0') + { + int max_client_connections = parse_numeric_value(cmd, arg); + +#if !defined(_WIN32) && !defined(HAVE_POLL) + /* + * Reject values below 1 for obvious reasons and values above + * FD_SETSIZE/2 because Privoxy needs two sockets to serve + * client connections that need forwarding. + * + * We ignore the fact that the first three file descriptors + * are usually set to /dev/null, one is used for logging + * and yet another file descriptor is required to load + * config files. + */ + if ((max_client_connections < 1) || (FD_SETSIZE/2 < max_client_connections)) { - int max_client_connections = atoi(arg); - if (0 <= max_client_connections) - { - config->max_client_connections = max_client_connections; - } + log_error(LOG_LEVEL_FATAL, "max-client-connections value %d" + " is invalid. Value needs to be above 1 and below %d" + " (FD_SETSIZE/2).", max_client_connections, FD_SETSIZE/2); + } +#else + /* + * The Windows libc uses FD_SETSIZE for an array used + * by select(), but has no problems with file descriptors + * above the limit as long as no more than FD_SETSIZE are + * passed to select(). + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx + * + * On platforms were we use poll() we don't have to enforce + * an upper connection limit either. + */ + if (max_client_connections < 1) + { + log_error(LOG_LEVEL_FATAL, "max-client-connections value" + " has to be a number above 1. %d is invalid.", + max_client_connections); } +#endif + config->max_client_connections = max_client_connections; break; + } /* ************************************************************************* * permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]] @@ -1449,7 +1505,7 @@ struct configuration_spec * load_config(void) #ifdef FEATURE_ACL case hash_permit_access: strlcpy(tmp, arg, sizeof(tmp)); - vec_count = ssplit(tmp, " \t", vec, SZ(vec), 1, 1); + vec_count = ssplit(tmp, " \t", vec, SZ(vec)); if ((vec_count != 1) && (vec_count != 2)) { @@ -1463,14 +1519,7 @@ struct configuration_spec * load_config(void) } /* allocate a new node */ - cur_acl = (struct access_control_list *) zalloc(sizeof(*cur_acl)); - - if (cur_acl == NULL) - { - log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration"); - /* Never get here - LOG_LEVEL_FATAL causes program exit */ - break; - } + cur_acl = zalloc_or_die(sizeof(*cur_acl)); cur_acl->action = ACL_PERMIT; if (acl_addr(vec[0], cur_acl->src) < 0) @@ -1531,40 +1580,53 @@ struct configuration_spec * load_config(void) * *************************************************************************/ case hash_proxy_info_url : freez(config->proxy_info_url); - config->proxy_info_url = strdup(arg); + config->proxy_info_url = strdup_or_die(arg); + break; + + +/* ************************************************************************* + * receive-buffer-size n + * *************************************************************************/ + case hash_receive_buffer_size : + config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg); + if (config->receive_buffer_size < BUFFER_SIZE) + { + log_error(LOG_LEVEL_INFO, + "receive-buffer-size %lu seems low and may cause problems." + "Consider setting it to at least %d.", + config->receive_buffer_size, BUFFER_SIZE); + } break; /* ************************************************************************* - * single-threaded + * single-threaded 0|1 * *************************************************************************/ case hash_single_threaded : - config->multi_threaded = 0; + config->multi_threaded = 0 == parse_toggle_state(cmd, arg); break; /* ************************************************************************* * socket-timeout numer_of_seconds * *************************************************************************/ case hash_socket_timeout : - if (*arg != '\0') + { + int socket_timeout = parse_numeric_value(cmd, arg); + if (0 <= socket_timeout) { - int socket_timeout = atoi(arg); - if (0 < socket_timeout) - { - config->socket_timeout = socket_timeout; - } - else - { - log_error(LOG_LEVEL_FATAL, - "Invalid socket-timeout: '%s'", arg); - } + config->socket_timeout = socket_timeout; + } + else + { + log_error(LOG_LEVEL_FATAL, "Invalid socket-timeout: '%s'", arg); } break; + } /* ************************************************************************* * split-large-cgi-forms * *************************************************************************/ case hash_split_large_cgi_forms : - if ((*arg != '\0') && (0 != atoi(arg))) + if (parse_toggle_state(cmd, arg) == 1) { config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS; } @@ -1582,12 +1644,36 @@ struct configuration_spec * load_config(void) config->templdir = make_path(NULL, arg); break; +#ifdef FEATURE_EXTERNAL_FILTERS +/* ************************************************************************* + * temporary-directory directory-name + * *************************************************************************/ + case hash_temporary_directory : + freez(config->temporary_directory); + config->temporary_directory = make_path(NULL, arg); + break; +#endif + +/* ************************************************************************* + * tolerate-pipelining (0|1) + * *************************************************************************/ + case hash_tolerate_pipelining : + if (parse_toggle_state(cmd, arg) == 1) + { + config->feature_flags |= RUNTIME_FEATURE_TOLERATE_PIPELINING; + } + else + { + config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING; + } + break; + /* ************************************************************************* * toggle (0|1) * *************************************************************************/ #ifdef FEATURE_TOGGLE case hash_toggle : - global_toggle_state = atoi(arg); + global_toggle_state = parse_toggle_state(cmd, arg); break; #endif /* def FEATURE_TOGGLE */ @@ -1600,6 +1686,25 @@ struct configuration_spec * load_config(void) break; #endif /* def FEATURE_TRUST */ +/* ************************************************************************* + * trust-x-forwarded-for (0|1) + * *************************************************************************/ + case hash_trust_x_forwarded_for : + config->trust_x_forwarded_for = parse_toggle_state(cmd, arg); + break; + +/* ************************************************************************* + * trusted-cgi-referrer http://www.example.org/some/path.html + * *************************************************************************/ + case hash_trusted_cgi_referrer : + /* + * We don't validate the specified referrer as + * it's only used for string comparison. + */ + freez(config->trusted_cgi_referrer); + config->trusted_cgi_referrer = strdup_or_die(arg); + break; + /* ************************************************************************* * trustfile filename * (In confdir by default.) @@ -1621,8 +1726,100 @@ struct configuration_spec * load_config(void) * for the directives that were already parsed. Lame. */ freez(config->usermanual); - config->usermanual = strdup(arg); + config->usermanual = strdup_or_die(arg); + break; + +#ifdef FEATURE_HTTPS_INSPECTION +/* ************************************************************************* + * ca private key file password + * *************************************************************************/ + case hash_ca_password: + freez(config->ca_password); + config->ca_password = strdup(arg); + break; + +/* ************************************************************************* + * ca-directory directory + * *************************************************************************/ + case hash_ca_directory: + freez(ca_directory); + ca_directory = make_path(NULL, arg); + + if (NULL == ca_directory) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path"); + } + + break; + +/* ************************************************************************* + * ca cert file ca-cert-file + * In ca dir by default + * *************************************************************************/ + case hash_ca_cert_file: + freez(ca_cert_file); + ca_cert_file = make_path(config->ca_directory, arg); + + if (NULL == ca_cert_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path"); + } + + break; + +/* ************************************************************************* + * ca key file ca-key-file + * In ca dir by default + * *************************************************************************/ + case hash_ca_key_file: + freez(ca_key_file); + ca_key_file = make_path(config->ca_directory, arg); + + if (NULL == ca_key_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path"); + } + + break; + +/* ************************************************************************* + * certificate-directory directory + * *************************************************************************/ + case hash_certificate_directory: + freez(certificate_directory); + certificate_directory = make_path(NULL, arg); + + if (NULL == certificate_directory) + { + log_error(LOG_LEVEL_FATAL, + "Out of memory while creating certificate directory path"); + } + + break; + +/* ************************************************************************* + * cipher-list list-of-ciphers + * *************************************************************************/ + case hash_cipher_list: + freez(config->cipher_list); + config->cipher_list = strdup_or_die(arg); + + break; + +/* ************************************************************************* + * trusted CAs file name trusted-cas-file + * *************************************************************************/ + case hash_trusted_cas_file: + freez(trusted_cas_file); + trusted_cas_file = make_path(config->ca_directory, arg); + + if (NULL == trusted_cas_file) + { + log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path"); + } + break; +#endif /* ************************************************************************* * Win32 Console options: @@ -1647,21 +1844,21 @@ struct configuration_spec * load_config(void) * activity-animation (0|1) * *************************************************************************/ case hash_activity_animation : - g_bShowActivityAnimation = atoi(arg); + g_bShowActivityAnimation = parse_toggle_state(cmd, arg); break; /* ************************************************************************* * close-button-minimizes (0|1) * *************************************************************************/ case hash_close_button_minimizes : - g_bCloseHidesWindow = atoi(arg); + g_bCloseHidesWindow = parse_toggle_state(cmd, arg); break; /* ************************************************************************* * log-buffer-size (0|1) * *************************************************************************/ case hash_log_buffer_size : - g_bLimitBufferSize = atoi(arg); + g_bLimitBufferSize = parse_toggle_state(cmd, arg); break; /* ************************************************************************* @@ -1681,35 +1878,35 @@ struct configuration_spec * load_config(void) * log-font-size n * *************************************************************************/ case hash_log_font_size : - g_nFontSize = atoi(arg); + g_nFontSize = parse_numeric_value(cmd, arg); break; /* ************************************************************************* * log-highlight-messages (0|1) * *************************************************************************/ case hash_log_highlight_messages : - g_bHighlightMessages = atoi(arg); + g_bHighlightMessages = parse_toggle_state(cmd, arg); break; /* ************************************************************************* * log-max-lines n * *************************************************************************/ case hash_log_max_lines : - g_nMaxBufferLines = atoi(arg); + g_nMaxBufferLines = parse_numeric_value(cmd, arg); break; /* ************************************************************************* * log-messages (0|1) * *************************************************************************/ case hash_log_messages : - g_bLogMessages = atoi(arg); + g_bLogMessages = parse_toggle_state(cmd, arg); break; /* ************************************************************************* * show-on-task-bar (0|1) * *************************************************************************/ case hash_show_on_task_bar : - g_bShowOnTaskBar = atoi(arg); + g_bShowOnTaskBar = parse_toggle_state(cmd, arg); break; #endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */ @@ -1765,19 +1962,20 @@ struct configuration_spec * load_config(void) * error. To change back to an error, just change log level * to LOG_LEVEL_FATAL. */ - log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive '%s' (%luul) in line %lu " - "in configuration file (%s).", buf, directive_hash, linenum, configfile); + log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive " + "'%s' (%uU) in line %lu in configuration file (%s).", + buf, directive_hash, linenum, configfile); string_append(&config->proxy_args, " Warning: Ignoring unrecognized directive:"); break; /* *************************************************************************/ - } /* end switch( hash_string(cmd) ) */ + } /* end switch(hash_string(cmd)) */ /* Save the argument for the show-status page. */ savearg(cmd, arg, config); - - } /* end while ( read_config_line(...) ) */ + freez(buf); + } /* end while (read_config_line(...)) */ fclose(configfp); @@ -1785,7 +1983,7 @@ struct configuration_spec * load_config(void) freez(config->logfile); - if (!no_daemon) + if (daemon_mode) { if (NULL != logfile) { @@ -1798,41 +1996,79 @@ struct configuration_spec * load_config(void) } } +#ifdef FEATURE_HTTPS_INSPECTION + /* + * Setting SSL parameters from loaded values into structures + */ + freez(config->ca_directory); + config->ca_directory = make_path(NULL, ca_directory); + freez(ca_directory); + + freez(config->ca_cert_file); + config->ca_cert_file = make_path(config->ca_directory, ca_cert_file); + freez(ca_cert_file); + + freez(config->ca_key_file); + config->ca_key_file = make_path(config->ca_directory, ca_key_file); + freez(ca_key_file); + + freez(config->trusted_cas_file); + config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file); + freez(trusted_cas_file); + + freez(config->certificate_directory); + config->certificate_directory = make_path(NULL, certificate_directory); + freez(certificate_directory); +#endif #ifdef FEATURE_CONNECTION_KEEP_ALIVE + if (config->default_server_timeout > config->keep_alive_timeout) + { + log_error(LOG_LEVEL_ERROR, + "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.", + config->default_server_timeout, config->keep_alive_timeout); + config->default_server_timeout = config->keep_alive_timeout; + } +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ + +#ifdef FEATURE_CONNECTION_SHARING if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE) { - if (config->multi_threaded) - { - set_keep_alive_timeout(keep_alive_timeout); - } - else + if (!config->multi_threaded) { /* * While we could use keep-alive without multiple threads * if we didn't bother with enforcing the connection timeout, * that might make Tor users sad, even though they shouldn't * enable the single-threaded option anyway. + * + * XXX: We could still use Proxy-Connection: keep-alive. */ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; log_error(LOG_LEVEL_ERROR, "Config option single-threaded disables connection keep-alive."); } } -#endif + else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING)) + { + log_error(LOG_LEVEL_ERROR, "Config option connection-sharing " + "has no effect if keep-alive-timeout isn't set."); + config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING; + } +#endif /* def FEATURE_CONNECTION_SHARING */ if (NULL == config->proxy_args) { log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args"); } - if (config->actions_file[0]) + if (config->re_filterfile[0]) { - add_loader(load_action_files, config); + add_loader(load_re_filterfiles, config); } - if (config->re_filterfile[0]) + if (config->actions_file[0]) { - add_loader(load_re_filterfiles, config); + add_loader(load_action_files, config); } #ifdef FEATURE_TRUST @@ -1842,39 +2078,41 @@ struct configuration_spec * load_config(void) } #endif /* def FEATURE_TRUST */ - if ( NULL == config->haddr ) + if (NULL == config->haddr[0]) { - config->haddr = strdup( HADDR_DEFAULT ); + config->haddr[0] = strdup_or_die(HADDR_DEFAULT); } - if ( NULL != config->haddr ) + for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++) { - if ((*config->haddr == '[') - && (NULL != (p = strchr(config->haddr, ']'))) + if ((*config->haddr[i] == '[') + && (NULL != (p = strchr(config->haddr[i], ']'))) && (p[1] == ':') - && (0 < (config->hport = atoi(p + 2)))) + && (0 < (config->hport[i] = atoi(p + 2)))) { *p = '\0'; - memmove((void *)config->haddr, config->haddr + 1, - (size_t)(p - config->haddr)); + memmove((void *)config->haddr[i], config->haddr[i] + 1, + (size_t)(p - config->haddr[i])); } - else if (NULL != (p = strchr(config->haddr, ':')) - && (0 < (config->hport = atoi(p + 1)))) + else if (NULL != (p = strchr(config->haddr[i], ':')) + && (0 < (config->hport[i] = atoi(p + 1)))) { *p = '\0'; } else { - log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr); + log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]); /* Never get here - LOG_LEVEL_FATAL causes program exit */ } - if (*config->haddr == '\0') + if (*config->haddr[i] == '\0') { /* - * Only the port specified. We stored it in config->hport + * Only the port specified. We stored it in config->hport[i] * and don't need its text representation anymore. + * Use config->hport[i] == 0 to iterate listening addresses since + * now. */ - freez(config->haddr); + freez(config->haddr[i]); } } @@ -1883,7 +2121,7 @@ struct configuration_spec * load_config(void) * * Need to set up a fake csp, so they can get to the config. */ - fake_csp = (struct client_state *) zalloc (sizeof(*fake_csp)); + fake_csp = zalloc_or_die(sizeof(*fake_csp)); fake_csp->config = config; if (run_loader(fake_csp)) @@ -1898,8 +2136,9 @@ struct configuration_spec * load_config(void) #if defined(_WIN32) && !defined (_WIN_CONSOLE) g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */ - g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */ - g_re_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */ + g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */ + g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */ + g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */ #ifdef FEATURE_TRUST g_trustfile = config->trustfile; @@ -1910,37 +2149,40 @@ struct configuration_spec * load_config(void) /* FIXME: end kludge */ - config->need_bind = 1; - - if (current_configfile) + if (current_configfile == NULL) + { + config->need_bind = 1; + } + else { struct configuration_spec * oldcfg = (struct configuration_spec *) current_configfile->f; /* - * Check if config->haddr,hport == oldcfg->haddr,hport - * - * The following could be written more compactly as a single, - * (unreadably long) if statement. + * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i] */ config->need_bind = 0; - if (config->hport != oldcfg->hport) - { - config->need_bind = 1; - } - else if (config->haddr == NULL) + + for (i = 0; i < MAX_LISTENING_SOCKETS; i++) { - if (oldcfg->haddr != NULL) + if (config->hport[i] != oldcfg->hport[i]) + { + config->need_bind = 1; + } + else if (config->haddr[i] == NULL) + { + if (oldcfg->haddr[i] != NULL) + { + config->need_bind = 1; + } + } + else if (oldcfg->haddr[i] == NULL) + { + config->need_bind = 1; + } + else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i])) { config->need_bind = 1; } - } - else if (oldcfg->haddr == NULL) - { - config->need_bind = 1; - } - else if (0 != strcmp(config->haddr, oldcfg->haddr)) - { - config->need_bind = 1; } current_configfile->unloader = unload_configfile; @@ -1962,7 +2204,7 @@ struct configuration_spec * load_config(void) * Description : Called from `load_config'. It saves each non-empty * and non-comment line from config into * config->proxy_args. This is used to create the - * show-proxy-args page. On error, frees + * show-status page. On error, frees * config->proxy_args and sets it to NULL * * Parameters : @@ -1985,7 +2227,7 @@ static void savearg(char *command, char *argument, struct configuration_spec * c * Add config option name embedded in * link to its section in the user-manual */ - buf = strdup("\nusermanual, "file://", 7) || !strncmpic(config->usermanual, "http", 4)) { @@ -2007,7 +2249,7 @@ static void savearg(char *command, char *argument, struct configuration_spec * c return; } - if ( (NULL != argument) && ('\0' != *argument) ) + if ((NULL != argument) && ('\0' != *argument)) { s = html_encode(argument); if (NULL == s)