-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.2 2001/05/17 23:01:01 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
*
* Purpose : Loads settings from the configuration file into
- * global variables. This file contains both the
+ * global variables. This file contains both the
* routine to load the configuration and the global
* variables it writes to.
*
- * Copyright : Written by and Copyright (C) 2001 the SourceForge
- * IJBSWA team. http://ijbswa.sourceforge.net
+ * Copyright : Written by and Copyright (C) 2001-2022 the
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
- * by and Copyright (C) 1997 Anonymous Coders and
+ * by and Copyright (C) 1997 Anonymous Coders and
* Junkbusters Corporation. http://www.junkbusters.com
*
- * This program is free software; you can redistribute it
+ * This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
* Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * Revisions :
- * $Log: loadcfg.c,v $
- * Revision 1.2 2001/05/17 23:01:01 oes
- * - Cleaned CRLF's from the sources and related files
- *
- * Revision 1.1.1.1 2001/05/15 13:58:58 oes
- * Initial import of version 2.9.3 source tree
- *
- *
*********************************************************************/
-\f
+
#include "config.h"
#include <fcntl.h>
#include <errno.h>
#include <ctype.h>
+#include <assert.h>
#ifdef _WIN32
-# include <sys/timeb.h>
+# ifndef STRICT
+# define STRICT
+# endif
+# include <winsock2.h>
# include <windows.h>
-# include <io.h>
-# include <process.h>
-# ifdef TOGGLE
-# include <time.h>
-# endif /* def TOGGLE */
# include "win32.h"
# ifndef _WIN_CONSOLE
#else /* ifndef _WIN32 */
# include <unistd.h>
-# include <sys/time.h>
# include <sys/wait.h>
+# include <sys/time.h>
# include <sys/stat.h>
# include <signal.h>
#endif
+#include "project.h"
#include "loadcfg.h"
+#include "list.h"
#include "jcc.h"
#include "filters.h"
#include "loaders.h"
-#include "showargs.h"
-#include "parsers.h"
-#include "killpopup.h"
#include "miscutil.h"
#include "errlog.h"
-#include "jbsockets.h"
+#include "ssplit.h"
+#include "encode.h"
+#include "urlmatch.h"
+#include "cgi.h"
#include "gateway.h"
-
-const char loadcfg_h_rcs[] = LOADCFG_H_VERSION;
-
-/*
- * Fix a problem with Solaris. There should be no effect on other
- * platforms.
- * Solaris's isspace() is a macro which uses it's argument directly
- * as an array index. Therefore we need to make sure that high-bit
- * characters generate +ve values, and ideally we also want to make
- * the argument match the declared parameter type of "int".
- */
-#define ijb_isupper(__X) isupper((int)(unsigned char)(__X))
-#define ijb_tolower(__X) tolower((int)(unsigned char)(__X))
-
-static const char VANILLA_WAFER[] =
- "NOTICE=TO_WHOM_IT_MAY_CONCERN_"
- "Do_not_send_me_any_copyrighted_information_other_than_the_"
- "document_that_I_am_requesting_or_any_of_its_necessary_components._"
- "In_particular_do_not_send_me_any_cookies_that_"
- "are_subject_to_a_claim_of_copyright_by_anybody._"
- "Take_notice_that_I_refuse_to_be_bound_by_any_license_condition_"
- "(copyright_or_otherwise)_applying_to_any_cookie._";
-
-#ifdef TOGGLE
-/* by haroon - indicates if ijb is enabled */
-int g_bToggleIJB = 1; /* JunkBusters is enabled by default. */
+#ifdef FEATURE_CLIENT_TAGS
+#include "client-tags.h"
#endif
-int debug = 0;
-int multi_threaded = 1;
-
-#if defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST)
-int tinygif = 0;
-const char *tinygifurl = NULL;
-#endif /* defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST) */
-
-const char *logfile = NULL;
-
-const char *configfile = NULL;
-
-const char *blockfile = NULL;
-const char *permissions_file = NULL;
-const char *forwardfile = NULL;
-
-#ifdef ACL_FILES
-const char *aclfile = NULL;
-#endif /* def ACL_FILES */
-
-#ifdef USE_IMAGE_LIST
-const char *imagefile = NULL;
-#endif /* def USE_IMAGE_LIST */
-\r
-/*\r
- * Permissions to use for URLs not in the permissions list.\r
+/*
+ * Default number of seconds after which an
+ * open connection will no longer be reused.
*/
-int default_permissions = PERMIT_RE_FILTER;\r
-
-#ifdef PCRS
-const char *re_filterfile = NULL;
-#endif /* def PCRS */
-
-#ifdef TRUST_FILES
-const char *trustfile = NULL;
-#endif /* def TRUST_FILES */
-
-#ifdef JAR_FILES
-const char *jarfile = NULL;
-FILE *jar = NULL;
-#endif /* def JAR_FILES */
-
-const char *referrer = NULL;
-const char *uagent = NULL;
-const char *from = NULL;
-
-#ifndef SPLIT_PROXY_ARGS
-const char *suppress_message = NULL;
-#endif /* ndef SPLIT_PROXY_ARGS */
-
-int suppress_vanilla_wafer = 0;
-int add_forwarded = 0;
-
-struct list wafer_list[1];
-struct list xtra_list[1];
-
-#ifdef TRUST_FILES
-struct list trust_info[1];
-struct url_spec *trust_list[64];
-#endif /* def TRUST_FILES */
+#define DEFAULT_KEEP_ALIVE_TIMEOUT 180
/*
- * Port and IP to bind to.
- * Defaults to HADDR_DEFAULT:HADDR_PORT == 127.0.0.1:8000
+ * Default backlog passed to listen().
*/
-const char *haddr = NULL;
-int hport = 0;
-
-#ifndef SPLIT_PROXY_ARGS
-int suppress_blocklists = 0; /* suppress listing sblock and simage */
-#endif /* ndef SPLIT_PROXY_ARGS */
-
-struct proxy_args proxy_args[1];
+#define DEFAULT_LISTEN_BACKLOG 128
-int configret = 0;
-int config_changed = 0;
+#ifdef FEATURE_TOGGLE
+/* Privoxy is enabled by default. */
+int global_toggle_state = 1;
+#endif /* def FEATURE_TOGGLE */
+/* The filename of the configfile */
+const char *configfile = NULL;
/*
- * The load_config function is now going to call `init_proxy_args',
- * so it will need argc and argv. Since load_config will also be
- * a signal handler, we need to have these globally available.
+ * CGI functions will later need access to the invocation args,
+ * so we will make argc and argv global.
*/
int Argc = 0;
-const char **Argv = NULL;
+char * const * Argv = NULL;
+
+static struct file_list *current_configfile = NULL;
/*
* This takes the "cryptic" hash of each keyword and aliases them to
* something a little more readable. This also makes changing the
- * hash values easier if they should change or the hash algorthm changes.
- * Use the included "hash" program to find out what the hash will be
- * for any string supplied on the command line. (Or just put it in the\r
- * config file and read the number from the error message in the log).
+ * hash values easier if they should change or the hash algorithm changes.
+ * To find out the hash for a new directive put it in the config file
+ * and read the number from the error message in the log).
+ *
+ * Please keep this list sorted alphabetically (but with the Windows
+ * console and GUI specific options last).
*/
-#define hash_trustfile 56494766ul
-#define hash_trust_info_url 449869467ul
-#define hash_debug 78263ul
-#define hash_tinygif 2227702ul
-#define hash_add_forwarded_header 3191044770ul
-#define hash_single_threaded 4250084780ul
-#define hash_suppress_vanilla_wafer 3121233547ul
-#define hash_wafer 89669ul
-#define hash_add_header 237434619ul
-#define hash_permissions_file 3825730796lu /* "permissionsfile" */\r
-#define hash_logfile 2114766ul
-#define hash_blockfile 48845391ul
-#define hash_imagefile 51447891ul
-#define hash_jarfile 2046641ul
-#define hash_listen_address 1255650842ul
-#define hash_forwardfile 1268669141ul
-#define hash_aclfile 1908516ul
-#define hash_re_filterfile 3877522444ul
-#define hash_user_agent 283326691ul
-#define hash_referrer 10883969ul
-#define hash_referer 2176719ul
-#define hash_from 16264ul
-#define hash_hide_console 2048809870ul
-#define hash_include_stats 2174146548ul
-#define hash_suppress_blocklists 1948693308ul
-#define hash_toggle 447966ul
-
-#define hash_activity_animation 1817904738ul
-#define hash_log_messages 2291744899ul
-#define hash_log_highlight_messages 4032101240ul
-#define hash_log_buffer_size 2918070425ul
-#define hash_log_max_lines 2868344173ul
-#define hash_log_font_name 2866730124ul
-#define hash_log_font_size 2866731014ul
-#define hash_show_on_task_bar 215410365ul
-#define hash_close_button_minimizes 3651284693ul
-
+#define hash_actions_file 1196306641U /* "actionsfile" */
+#define hash_accept_intercepted_requests 1513024973U /* "accept-intercepted-requests" */
+#define hash_admin_address 4112573064U /* "admin-address" */
+#define hash_allow_cgi_request_crunching 258915987U /* "allow-cgi-request-crunching" */
+#define hash_buffer_limit 1881726070U /* "buffer-limit */
+#define hash_ca_cert_file 1622923720U /* "ca-cert-file" */
+#define hash_ca_directory 1623615670U /* "ca-directory" */
+#define hash_ca_key_file 1184187891U /* "ca-key-file" */
+#define hash_ca_password 1184543320U /* "ca-password" */
+#define hash_certificate_directory 1367994217U /* "certificate-directory" */
+#define hash_cipher_list 1225729316U /* "cipher-list" */
+#define hash_client_header_order 2701453514U /* "client-header-order" */
+#define hash_client_specific_tag 3353703383U /* "client-specific-tag" */
+#define hash_client_tag_lifetime 3239141416U /* "client-tag-lifetime" */
+#define hash_compression_level 2464423563U /* "compression-level" */
+#define hash_confdir 1978389U /* "confdir" */
+#define hash_connection_sharing 1348841265U /* "connection-sharing" */
+#define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */
+#define hash_debug 78263U /* "debug" */
+#define hash_default_server_timeout 2530089913U /* "default-server-timeout" */
+#define hash_deny_access 1227333715U /* "deny-access" */
+#define hash_enable_accept_filter 2909040407U /* "enable-accept-filter" */
+#define hash_enable_edit_actions 2517097536U /* "enable-edit-actions" */
+#define hash_enable_compression 3943696946U /* "enable-compression" */
+#define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */
+#define hash_enable_remote_toggle 2979744683U /* "enable-remote-toggle" */
+#define hash_enable_remote_http_toggle 110543988U /* "enable-remote-http-toggle" */
+#define hash_enforce_blocks 1862427469U /* "enforce-blocks" */
+#define hash_filterfile 250887266U /* "filterfile" */
+#define hash_forward 2029845U /* "forward" */
+#define hash_forward_socks4 3963965521U /* "forward-socks4" */
+#define hash_forward_socks4a 2639958518U /* "forward-socks4a" */
+#define hash_forward_socks5 3963965522U /* "forward-socks5" */
+#define hash_forward_socks5t 2639958542U /* "forward-socks5t" */
+#define hash_forwarded_connect_retries 101465292U /* "forwarded-connect-retries" */
+#define hash_handle_as_empty_returns_ok 1444873247U /* "handle-as-empty-doc-returns-ok" */
+#define hash_hostname 10308071U /* "hostname" */
+#define hash_keep_alive_timeout 3878599515U /* "keep-alive-timeout" */
+#define hash_listen_address 1255650842U /* "listen-address" */
+#define hash_listen_backlog 1255655735U /* "listen-backlog" */
+#define hash_logdir 422889U /* "logdir" */
+#define hash_logfile 2114766U /* "logfile" */
+#define hash_max_client_connections 3595884446U /* "max-client-connections" */
+#define hash_permit_access 3587953268U /* "permit-access" */
+#define hash_proxy_info_url 3903079059U /* "proxy-info-url" */
+#define hash_receive_buffer_size 2880297454U /* "receive-buffer-size */
+#define hash_single_threaded 4250084780U /* "single-threaded" */
+#define hash_socket_timeout 1809001761U /* "socket-timeout" */
+#define hash_split_large_cgi_forms 671658948U /* "split-large-cgi-forms" */
+#define hash_suppress_blocklists 1948693308U /* "suppress-blocklists" */
+#define hash_templdir 11067889U /* "templdir" */
+#define hash_temporary_directory 1824125181U /* "temporary-directory" */
+#define hash_tolerate_pipelining 1360286620U /* "tolerate-pipelining" */
+#define hash_toggle 447966U /* "toggle" */
+#define hash_trust_info_url 430331967U /* "trust-info-url" */
+#define hash_trust_x_forwarded_for 2971537414U /* "trust-x-forwarded-for" */
+#define hash_trusted_cgi_referrer 4270883427U /* "trusted-cgi-referrer" */
+#define hash_trusted_cas_file 2679803024U /* "trusted-cas-files" */
+#define hash_trustfile 56494766U /* "trustfile" */
+#define hash_usermanual 1416668518U /* "user-manual" */
+#define hash_activity_animation 1817904738U /* "activity-animation" */
+#define hash_close_button_minimizes 3651284693U /* "close-button-minimizes" */
+#define hash_hide_console 2048809870U /* "hide-console" */
+#define hash_log_buffer_size 2918070425U /* "log-buffer-size" */
+#define hash_log_font_name 2866730124U /* "log-font-name" */
+#define hash_log_font_size 2866731014U /* "log-font-size" */
+#define hash_log_highlight_messages 4032101240U /* "log-highlight-messages" */
+#define hash_log_max_lines 2868344173U /* "log-max-lines" */
+#define hash_log_messages 2291744899U /* "log-messages" */
+#define hash_show_on_task_bar 215410365U /* "show-on-task-bar" */
+
+
+static void savearg(char *command, char *argument, struct configuration_spec * config);
+#ifdef FEATURE_CLIENT_TAGS
+static void free_client_specific_tags(struct client_tag_spec *tag_list);
+#endif
/*********************************************************************
*
- * Function : load_config
+ * Function : unload_configfile
*
- * Description : Load the config file and all parameters.
+ * Description : Free the config structure and all components.
*
* Parameters :
- * 1 : signum : this can be the signal SIGHUP or 0 (if from main).
- * In any case, we just ignore this and reload the config file.
+ * 1 : data: struct configuration_spec to unload
*
- * Returns : configret : 0 => Ok, everything else is an error.
- * Note: we use configret since a signal handler cannot
- * return a value, and this function does double duty.
- * Ie. Is is called from main and from signal( SIGHUP );\r
+ * Returns : N/A
*
*********************************************************************/
-void load_config( int signum )
+static void unload_configfile (void * data)
{
- char buf[BUFSIZ];
- char *p, *q;
- FILE *configfp = NULL;
-
- configret = 0; /* FIXME: This is obsolete, always 0. */
- config_changed = 1;
+ struct configuration_spec * config = (struct configuration_spec *)data;
+ struct forward_spec *cur_fwd = config->forward;
+ int i;
- log_error(LOG_LEVEL_INFO, "loading configuration file '%s':", configfile);
-
- init_proxy_args(Argc, Argv);
+#ifdef FEATURE_ACL
+ struct access_control_list *cur_acl = config->acl;
+ while (cur_acl != NULL)
+ {
+ struct access_control_list * next_acl = cur_acl->next;
+ free(cur_acl);
+ cur_acl = next_acl;
+ }
+ config->acl = NULL;
+#endif /* def FEATURE_ACL */
- /* (Waste of memory [not quite a "leak"] here. The
- * last blockfile/permissions file/... etc will not be
- * unloaded until we load a new one. If the
- * block/... feature has been disabled in
- * the new config file, then we're wasting some
- * memory we could otherwise reclaim.
- */
+ while (cur_fwd != NULL)
+ {
+ struct forward_spec * next_fwd = cur_fwd->next;
- /* Disable all loaders. */
- remove_all_loaders();
+ unload_forward_spec(cur_fwd);
- /*
- * Reset to as close to startup state as we can.
- * But leave changing the logfile until after we're done loading.
- */
+ cur_fwd = next_fwd;
+ }
+ config->forward = NULL;
+
+ freez(config->confdir);
+ freez(config->logdir);
+ freez(config->templdir);
+ freez(config->hostname);
+#ifdef FEATURE_EXTERNAL_FILTERS
+ freez(config->temporary_directory);
+#endif
-#ifdef JAR_FILES
- if ( NULL != jar )
+ for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
{
- fclose( jar );
- jar = NULL;
+ freez(config->haddr[i]);
}
-#endif /* def JAR_FILES */
-
- debug = 0;
- multi_threaded = 1;\r
-\r
- default_permissions = PERMIT_RE_FILTER;
+ freez(config->logfile);
-#if defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST)
- tinygif = 0;
- freez((char *)tinygifurl);
-#endif /* defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST) */
+ for (i = 0; i < MAX_AF_FILES; i++)
+ {
+ freez(config->actions_file_short[i]);
+ freez(config->actions_file[i]);
+ freez(config->re_filterfile_short[i]);
+ freez(config->re_filterfile[i]);
+ }
- suppress_vanilla_wafer = 0;
- add_forwarded = 0;
- hport = HADDR_PORT;
+ list_remove_all(config->ordered_client_headers);
+
+ freez(config->admin_address);
+ freez(config->cors_allowed_origin);
+ freez(config->proxy_info_url);
+ freez(config->proxy_args);
+ freez(config->usermanual);
+ freez(config->trusted_cgi_referrer);
+
+#ifdef FEATURE_HTTPS_INSPECTION
+ freez(config->ca_password);
+ freez(config->ca_directory);
+ freez(config->ca_cert_file);
+ freez(config->ca_key_file);
+ freez(config->certificate_directory);
+ freez(config->cipher_list);
+ freez(config->trusted_cas_file);
+#endif
-#ifdef _WIN_CONSOLE
- hideConsole = 0;
-#endif /*def _WIN_CONSOLE*/
+#ifdef FEATURE_TRUST
+ freez(config->trustfile);
+ list_remove_all(config->trust_info);
+#endif /* def FEATURE_TRUST */
-#ifdef TOGGLE
- g_bToggleIJB = 1;
+#ifdef FEATURE_CLIENT_TAGS
+ free_client_specific_tags(config->client_tags);
#endif
-#ifdef STATISTICS
- urls_read = 0;
- urls_rejected = 0;
-#endif /* def STATISTICS */
-
-#ifndef SPLIT_PROXY_ARGS
- suppress_blocklists = 0;
-#endif /* ndef SPLIT_PROXY_ARGS */
+ freez(config);
+}
- freez((char *)from);
- freez((char *)haddr);
- freez((char *)uagent);
- freez((char *)referrer);
- freez((char *)logfile);
+#ifdef FEATURE_GRACEFUL_TERMINATION
+/*********************************************************************
+ *
+ * Function : unload_current_config_file
+ *
+ * Description : Unloads current config file - reset to state at
+ * beginning of program.
+ *
+ * Parameters : None
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+void unload_current_config_file(void)
+{
+ if (current_configfile)
+ {
+ current_configfile->unloader = unload_configfile;
+ current_configfile = NULL;
+ }
+}
+#endif
- freez((char *)blockfile);
- freez((char *)permissions_file);
- freez((char *)forwardfile);
-#ifdef ACL_FILES
- freez((char *)aclfile);
-#endif /* def ACL_FILES */
+#ifdef FEATURE_CLIENT_TAGS
+/*********************************************************************
+ *
+ * Function : register_tag
+ *
+ * Description : Registers a client-specific-tag and its description
+ *
+ * Parameters :
+ * 1 : config: The tag list
+ * 2 : name: The name of the client-specific-tag
+ * 3 : description: The human-readable description for the tag
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void register_tag(struct client_tag_spec *tag_list,
+ const char *name, const char *description)
+{
+ struct client_tag_spec *new_tag;
+ struct client_tag_spec *last_tag;
-#ifdef USE_IMAGE_LIST
- freez((char *)imagefile);
-#endif /* def USE_IMAGE_LIST */
+ last_tag = tag_list;
+ while (last_tag->next != NULL)
+ {
+ last_tag = last_tag->next;
+ }
+ if (last_tag->name == NULL)
+ {
+ /* First entry */
+ new_tag = last_tag;
+ }
+ else
+ {
+ new_tag = zalloc_or_die(sizeof(struct client_tag_spec));
+ }
+ new_tag->name = strdup_or_die(name);
+ new_tag->description = strdup_or_die(description);
+ if (new_tag != last_tag)
+ {
+ last_tag->next = new_tag;
+ }
+}
-#ifdef JAR_FILES
- freez((char *)jarfile);
-#endif /* def JAR_FILES */
-#ifndef SPLIT_PROXY_ARGS
- freez((char *)suppress_message);
-#endif /* ndef SPLIT_PROXY_ARGS */
+/*********************************************************************
+ *
+ * Function : free_client_specific_tags
+ *
+ * Description : Frees client-specific tags and their descriptions
+ *
+ * Parameters :
+ * 1 : tag_list: The tag list to free
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void free_client_specific_tags(struct client_tag_spec *tag_list)
+{
+ struct client_tag_spec *this_tag;
+ struct client_tag_spec *next_tag;
-#ifdef TRUST_FILES
- freez((char *)trustfile);
-#endif /* def TRUST_FILES */
+ next_tag = tag_list;
+ do
+ {
+ this_tag = next_tag;
+ next_tag = next_tag->next;
-#ifdef PCRS
- freez((char *)re_filterfile);
-#endif /* def PCRS */
+ freez(this_tag->name);
+ freez(this_tag->description);
- if (NULL != configfile)
- {
- if ((configfp = fopen(configfile, "r")) == NULL)
+ if (this_tag != tag_list)
{
- log_error(LOG_LEVEL_FATAL, "can't open configuration file '%s': %E",
- configfile);
- /* Never get here - LOG_LEVEL_FATAL causes program exit */\r
+ freez(this_tag);
}
- }
+ } while (next_tag != NULL);
+}
+#endif /* def FEATURE_CLIENT_TAGS */
- if (NULL != configfp)
- {
- memset (buf, 'j', sizeof(buf));
- while (read_config_line(buf, sizeof(buf), configfp, NULL) != NULL)
- {
- char cmd[BUFSIZ];
- char arg[BUFSIZ];
- char tmp[BUFSIZ];
- strcpy(tmp, buf);
+/*********************************************************************
+ *
+ * Function : parse_numeric_value
+ *
+ * Description : Parse the value of a directive that can only have
+ * a single numeric value. Terminates with a fatal error
+ * if the value is NULL or not numeric.
+ *
+ * Parameters :
+ * 1 : name: The name of the directive. Used for log messages.
+ * 2 : value: The value to parse
+ *
+ *
+ * Returns : The numerical value as integer
+ *
+ *********************************************************************/
+static int parse_numeric_value(const char *name, const char *value)
+{
+ int number;
+ char *endptr;
- /* Copy command (i.e. up to space or tab) into cmd */
- p = buf;
- q = cmd;
- while (*p && (*p != ' ') && (*p != '\t'))
- {
- *q++ = *p++;
- }
- *q = '\0';
+ assert(name != NULL);
+ assert(value != NULL);
- /* Skip over the whitespace in buf */
- while (*p && ((*p == ' ') || (*p == '\t')))
- {
- p++;
- }
+ if ((value == NULL) || (*value == '\0'))
+ {
+ log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
+ }
- /* Copy the argument into arg */
- strcpy(arg, p);
+ number = (int)strtol(value, &endptr, 10);
+ if (*endptr != '\0')
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Directive '%s' used with non-numerical value: '%s'", name, value);
+ }
- /* Should never happen, but check this anyway */
- if (*cmd == '\0')
- {
- continue;
- }
+ return number;
- /* Make sure the command field is lower case */
- for (p=cmd; *p; p++)
- {
- if (ijb_isupper(*p))
- {
- *p = ijb_tolower(*p);
- }
- }
+}
- /* Save the argument for show-proxy-args */
- savearg(cmd, arg);
+/*********************************************************************
+ *
+ * Function : parse_toggle_value
+ *
+ * Description : Parse the value of a directive that can only be
+ * enabled or disabled. Terminates with a fatal error
+ * if the value is NULL or something other than 0 or 1.
+ *
+ * Parameters :
+ * 1 : name: The name of the directive. Used for log messages.
+ * 2 : value: The value to parse
+ *
+ *
+ * Returns : The numerical toggle state
+ *
+ *********************************************************************/
+static int parse_toggle_state(const char *name, const char *value)
+{
+ int toggle_state;
+ assert(name != NULL);
+ assert(value != NULL);
- switch( hash_string( cmd ) )
- {
-#ifdef TRUST_FILES
- case hash_trustfile :
- freez((char *)trustfile);
- trustfile = strdup(arg);
- continue;
-
- case hash_trust_info_url :
- enlist(trust_info, arg);
- continue;
-#endif /* def TRUST_FILES */
-
- case hash_debug :
- debug |= atoi(arg);
- continue;
-
-#if defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST)
- case hash_tinygif :
- freez((char *)tinygifurl);
- tinygif = atoi(arg);
- if(3 == tinygif)
- {
- p = arg;
- while((*p >= '0') && (*p <= '9'))
- {
- p++;
- }
- while((*p == ' ') || (*p == '\t'))
- {
- p++;
- }
- if (*p)
- {
- q = malloc(strlen(p) + 5);
- if (q)
- {
- strcpy(q, p);
- strcat(q, "\r\n\r\n");
- tinygifurl = q;
- }
- }
- }
- if ((tinygif != 1) &&
- (tinygif != 2) &&
- ((tinygif != 3) || (tinygifurl==NULL)) )
- {
- log_error(LOG_LEVEL_ERROR, "tinygif setting invalid.");
- }
- continue;
-#endif /* defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST) */
-
- case hash_add_forwarded_header :
- add_forwarded = 1;
- continue;
-
- case hash_single_threaded :
- multi_threaded = 0;
- continue;
-
- case hash_suppress_vanilla_wafer :
- suppress_vanilla_wafer = 1;
- continue;
-
- case hash_wafer :
- enlist(wafer_list, arg);
- continue;
-
- case hash_add_header :
- enlist(xtra_list, arg);
- continue;
-
- case hash_permissions_file :
- freez((char *)permissions_file);
- permissions_file = strdup(arg);
- continue;
-
- case hash_logfile :
- freez((char *)logfile);
- logfile = strdup(arg);
- continue;
-
- case hash_blockfile :
- freez((char *)blockfile);
- blockfile = strdup(arg);
- continue;
-
-#ifdef USE_IMAGE_LIST
- case hash_imagefile :
- freez((char *)imagefile);
- imagefile = strdup(arg);
- continue;
-#endif /* def USE_IMAGE_LIST */
-
-#ifdef JAR_FILES
- case hash_jarfile :
- freez((char *)jarfile);
- jarfile = strdup(arg);
- continue;
-#endif /* def JAR_FILES */
-
- case hash_listen_address :
- freez((char *)haddr);
- haddr = strdup(arg);
- continue;
-
- case hash_forwardfile :
- freez((char *)forwardfile);
- forwardfile = strdup(arg);
- continue;
-
-#ifdef ACL_FILES
- case hash_aclfile :
- freez((char *)aclfile);
- aclfile = strdup(arg);
- continue;
-#endif /* def ACL_FILES */
-
-#ifdef PCRS
- case hash_re_filterfile :
- freez((char *)re_filterfile);
- re_filterfile = strdup(arg);
- continue;
-#endif /* def PCRS */
-
- case hash_user_agent :
- freez((char *)uagent);
- uagent = strdup(arg);
- continue;
+ if ((value == NULL) || (*value == '\0'))
+ {
+ log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
+ }
- /*
- * Offer choice of correct spelling according to dictionary,
- * or the misspelling used in the HTTP spec.
- */
- case hash_referrer :
- case hash_referer :
- freez((char *)referrer);
- referrer = strdup(arg);
- continue;
+ toggle_state = atoi(value);
- case hash_from :
- freez((char *)from);
- from = strdup(arg);
- continue;
+ /*
+ * Also check the length as atoi() doesn't mind
+ * garbage after a valid integer, but we do.
+ */
+ if (((toggle_state != 0) && (toggle_state != 1)) || (strlen(value) != 1))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Directive %s used with invalid argument '%s'. Use either '0' or '1'.",
+ name, value);
+ }
-#ifdef _WIN_CONSOLE
- case hash_hide_console :
- hideConsole = 1;
- continue;
-#endif /*def _WIN_CONSOLE*/
+ return toggle_state;
-#ifndef SPLIT_PROXY_ARGS
- case hash_suppress_blocklists :
- if (arg[0] != '\0')
- {
- suppress_message = strdup(arg);
- }
- else
- {
- /* There will be NO reference in proxy-args. */
- suppress_message = NULL;
- }
+}
- suppress_blocklists = 1;
- continue;
-#endif /* ndef SPLIT_PROXY_ARGS */
-#ifdef TOGGLE
- case hash_toggle :
- g_bToggleIJB = atoi(arg);
- continue;
-#endif /* def TOGGLE */
+/*********************************************************************
+ *
+ * Function : parse_client_header_order
+ *
+ * Description : Parse the value of the header-order directive
+ *
+ * Parameters :
+ * 1 : ordered_header_list: List to insert the ordered
+ * headers into.
+ * 2 : ordered_headers: The ordered header names separated
+ * by spaces or tabs.
+ *
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void parse_client_header_order(struct list *ordered_header_list, const char *ordered_headers)
+{
+ char *original_headers_copy;
+ char **vector;
+ size_t max_segments;
+ int number_of_headers;
+ int i;
-#if defined(_WIN32) && ! defined(_WIN_CONSOLE)
- case hash_activity_animation :
- g_bShowActivityAnimation = atoi(arg);
- continue;
+ assert(ordered_header_list != NULL);
+ assert(ordered_headers != NULL);
- case hash_log_messages :
- g_bLogMessages = atoi(arg);
- continue;
+ if (ordered_headers == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL, "header-order used without argument");
+ }
- case hash_log_highlight_messages :
- g_bHighlightMessages = atoi(arg);
- continue;
+ /*
+ * XXX: This estimate is guaranteed to be high enough as we
+ * let ssplit() ignore empty fields, but also a bit wasteful.
+ * The same hack is used in get_last_url() so it looks like
+ * a real solution is needed.
+ */
+ max_segments = strlen(ordered_headers) / 2;
+ if (max_segments == 0)
+ {
+ max_segments = 1;
+ }
+ vector = malloc_or_die(max_segments * sizeof(char *));
- case hash_log_buffer_size :
- g_bLimitBufferSize = atoi(arg);
- continue;
+ original_headers_copy = strdup_or_die(ordered_headers);
- case hash_log_max_lines :
- g_nMaxBufferLines = atoi(arg);
- continue;
+ number_of_headers = ssplit(original_headers_copy, "\t ", vector, max_segments);
+ if (number_of_headers == -1)
+ {
+ log_error(LOG_LEVEL_FATAL, "Failed to split ordered headers");
+ }
- case hash_log_font_name :
- strcpy( g_szFontFaceName, arg );
- continue;
+ for (i = 0; i < number_of_headers; i++)
+ {
+ if (JB_ERR_OK != enlist(ordered_header_list, vector[i]))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Failed to enlist ordered header: %s", vector[i]);
+ }
+ }
- case hash_log_font_size :
- g_nFontSize = atoi(arg);
- continue;
+ freez(vector);
+ freez(original_headers_copy);
- case hash_show_on_task_bar :
- g_bShowOnTaskBar = atoi(arg);
- continue;
+ return;
- case hash_close_button_minimizes :
- g_bCloseHidesWindow = atoi(arg);
- continue;
-#endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */
+}
- /* Warnings about unsupported features */
-
-#ifndef TRUST_FILES
- case hash_trustfile :
- case hash_trust_info_url :
-#endif /* ndef TRUST_FILES */
-#ifndef USE_IMAGE_LIST
- case hash_imagefile :
-#endif /* ndef USE_IMAGE_LIST */
-#ifndef PCRS
- case hash_re_filterfile :
-#endif /* ndef PCRS */
-#ifndef TOGGLE
- case hash_toggle :
-#endif /* ndef TOGGLE */
-#if defined(_WIN_CONSOLE) || ! defined(_WIN32)
- case hash_activity_animation :
- case hash_log_messages :
- case hash_log_highlight_messages :
- case hash_log_buffer_size :
- case hash_log_max_lines :
- case hash_log_font_name :
- case hash_log_font_size :
- case hash_show_on_task_bar :
- case hash_close_button_minimizes :
-#endif /* defined(_WIN_CONSOLE) || ! defined(_WIN32) */
-#ifndef _WIN_CONSOLE
- case hash_hide_console :
-#endif /* ndef _WIN_CONSOLE */
-#if !defined(DETECT_MSIE_IMAGES) && !defined(USE_IMAGE_LIST)
- case hash_tinygif :
-#endif /* !defined(DETECT_MSIE_IMAGES) && !defined(USE_IMAGE_LIST) */
-#ifndef JAR_FILES
- case hash_jarfile :
-#endif /* ndef JAR_FILES */
-#ifndef ACL_FILES
- case hash_aclfile :
-#endif /* ndef ACL_FILES */
-
-#ifdef SPLIT_PROXY_ARGS
- case hash_suppress_blocklists :
-#endif /* def SPLIT_PROXY_ARGS */
- log_error(LOG_LEVEL_INFO, "Unsupported directive \"%s\" ignored.", cmd);
- continue;
-
- default :
- /*\r
- * I decided that I liked this better as a warning than an\r
- * error. To change back to an error, just change log level\r
- * to LOG_LEVEL_FATAL.\r
- */\r
- log_error(LOG_LEVEL_ERROR, "Unrecognized directive (%lulu) in "
- "configuration file: \"%s\"", hash_string( cmd ), buf);
- p = malloc( BUFSIZ );
- if (p != NULL)
- {
- sprintf( p, "<br>\nWARNING: unrecognized directive : %s<br><br>\n", buf );
- proxy_args->invocation = strsav( proxy_args->invocation, p );
- freez( p );
- }
- continue;
- }
- }
- fclose(configfp);
- }
- init_error_log(Argv[0], logfile, debug);
+/*********************************************************************
+ *
+ * Function : load_config
+ *
+ * Description : Load the config file and all parameters.
+ *
+ * XXX: more than thousand lines long
+ * and thus in serious need of refactoring.
+ *
+ * Parameters : None
+ *
+ * Returns : The configuration_spec, or NULL on error.
+ *
+ *********************************************************************/
+struct configuration_spec * load_config(void)
+{
+ char *buf = NULL;
+ char *p, *q;
+ FILE *configfp = NULL;
+ struct configuration_spec * config = NULL;
+ struct client_state * fake_csp;
+ struct file_list *fs;
+ unsigned long linenum = 0;
+ int i;
+ char *logfile = NULL;
+#ifdef FEATURE_HTTPS_INSPECTION
+ char *ca_cert_file = NULL;
+ char *ca_key_file = NULL;
+ char *ca_directory = NULL;
+ char *trusted_cas_file = NULL;
+ char *certificate_directory = NULL;
+#endif
- if (permissions_file)
+ if (!check_file_changed(current_configfile, configfile, &fs))
{
- add_loader(load_permissions_file);
+ /* No need to load */
+ return ((struct configuration_spec *)current_configfile->f);
}
-
- if (blockfile)
+ if (NULL == fs)
{
- add_loader(load_blockfile);
+ log_error(LOG_LEVEL_FATAL,
+ "can't check configuration file '%s': %E", configfile);
+ return NULL;
}
-#ifdef USE_IMAGE_LIST
- if (imagefile)
+ if (NULL != current_configfile)
{
- add_loader(load_imagefile);
+ log_error(LOG_LEVEL_INFO, "Reloading configuration file '%s'", configfile);
}
-#endif /* def USE_IMAGE_LIST */
-#ifdef TRUST_FILES
- if (trustfile)
- {
- add_loader(load_trustfile);
- }
-#endif /* def TRUST_FILES */
+#ifdef FEATURE_TOGGLE
+ global_toggle_state = 1;
+#endif /* def FEATURE_TOGGLE */
- if (forwardfile)
- {
- add_loader(load_forwardfile);
- }
+ fs->f = config = zalloc_or_die(sizeof(*config));
-#ifdef ACL_FILES
- if (aclfile)
- {
- add_loader(load_aclfile);
- }
-#endif /* def ACL_FILES */
+ /*
+ * This is backwards from how it's usually done.
+ * Following the usual pattern, "fs" would be stored in a member
+ * variable in "csp", and then we'd access "config" from "fs->f",
+ * using a cast. However, "config" is used so often that a
+ * cast each time would be very ugly, and the extra indirection
+ * would waste CPU cycles. Therefore we store "config" in
+ * "csp->config", and "fs" in "csp->config->config_file_list".
+ */
+ config->config_file_list = fs;
+
+ /*
+ * Set to defaults
+ */
+ config->multi_threaded = 1;
+ config->buffer_limit = 4096 * 1024;
+ config->receive_buffer_size = BUFFER_SIZE;
+ config->usermanual = strdup_or_die(USER_MANUAL_URL);
+ config->proxy_args = strdup_or_die("");
+ config->forwarded_connect_retries = 0;
+#ifdef FEATURE_HTTPS_INSPECTION
+ config->ca_password = strdup_or_die("");
+ ca_cert_file = strdup_or_die("cacert.crt");
+ ca_key_file = strdup_or_die("cakey.pem");
+ ca_directory = strdup_or_die("./CA");
+ trusted_cas_file = strdup_or_die("trustedCAs.pem");
+ certificate_directory = strdup_or_die("./certs");
+#endif
+
+#ifdef FEATURE_CLIENT_TAGS
+ config->client_tag_lifetime = 60;
+#endif
+ config->trust_x_forwarded_for = 0;
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+ config->enable_accept_filter = 0;
+#endif
+ config->listen_backlog = DEFAULT_LISTEN_BACKLOG;
+ config->trusted_cgi_referrer = NULL;
+ /*
+ * 128 client sockets ought to be enough for everybody who can't
+ * be bothered to read the documentation to figure out how to
+ * increase the limit.
+ */
+ config->max_client_connections = 128;
+ config->socket_timeout = 300; /* XXX: Should be a macro. */
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ config->default_server_timeout = 0;
+ config->keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+#endif
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
+ config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
+ config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+#ifdef FEATURE_COMPRESSION
+ config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
+ /*
+ * XXX: Run some benchmarks to see if there are better default values.
+ */
+ config->compression_level = 1;
+#endif
+ config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ config->cors_allowed_origin = NULL;
-#ifdef PCRS
- if (re_filterfile)
+ configfp = fopen(configfile, "r");
+ if (NULL == configfp)
{
- add_loader(load_re_filterfile);
+ log_error(LOG_LEVEL_FATAL,
+ "can't open configuration file '%s': %E", configfile);
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
}
-#endif /* def PCRS */
-#ifdef JAR_FILES
- if ( NULL != jarfile )
+ while (read_config_line(configfp, &linenum, &buf) != NULL)
{
- if ( NULL == (jar = fopen(jarfile, "a")) )
+ char cmd[BUFFER_SIZE];
+ char arg[BUFFER_SIZE];
+ char tmp[BUFFER_SIZE];
+#ifdef FEATURE_ACL
+ struct access_control_list *cur_acl;
+#endif /* def FEATURE_ACL */
+ struct forward_spec *cur_fwd;
+ int vec_count;
+ char *vec[3];
+ unsigned int directive_hash;
+
+ strlcpy(tmp, buf, sizeof(tmp));
+
+ /* Copy command (i.e. up to space or tab) into cmd */
+ p = buf;
+ q = cmd;
+ while (*p && (*p != ' ') && (*p != '\t'))
{
- log_error(LOG_LEVEL_FATAL, "can't open jarfile '%s': %E", jarfile);
- /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ *q++ = *p++;
}
- setbuf(jar, NULL);
- }
-#endif /* def JAR_FILES */
-
- if ( NULL == haddr )
- {
- haddr = strdup( HADDR_DEFAULT );
- }
+ *q = '\0';
- if ( NULL != haddr )
- {
- if ((p = strchr(haddr, ':')))
+ /* Skip over the whitespace in buf */
+ while (*p && ((*p == ' ') || (*p == '\t')))
{
- *p++ = '\0';
- if (*p)
- {
- hport = atoi(p);
- }
+ p++;
}
- if (hport <= 0)
+ /* Copy the argument into arg */
+ if (strlcpy(arg, p, sizeof(arg)) >= sizeof(arg))
{
- *--p = ':';
- log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", haddr);
- /* Never get here - LOG_LEVEL_FATAL causes program exit */\r
+ log_error(LOG_LEVEL_FATAL, "Config line too long: %s", buf);
}
- if (*haddr == '\0')
+
+ /* Should never happen, but check this anyway */
+ if (*cmd == '\0')
{
- haddr = NULL;
+ freez(buf);
+ continue;
}
- }
- if (run_loader(NULL))
- {
- log_error(LOG_LEVEL_FATAL, "A loader failed while loading config file. Exiting.");\r
- /* Never get here - LOG_LEVEL_FATAL causes program exit */\r
- }
+ /* Make sure the command field is lower case */
+ for (p = cmd; *p; p++)
+ {
+ if (privoxy_isupper(*p))
+ {
+ *p = (char)privoxy_tolower(*p);
+ }
+ }
-#ifdef JAR_FILES
- /*
- * If we're logging cookies in a cookie jar, and the user has not
- * supplied any wafers, and the user has not told us to suppress the
- * vanilla wafer, then send the vanilla wafer.
- */
- if ((jarfile != NULL)
- && (wafer_list->next == NULL)
- && (suppress_vanilla_wafer == 0))
- {
- enlist(wafer_list, VANILLA_WAFER);
- }
-#endif /* def JAR_FILES */
+ directive_hash = hash_string(cmd);
+ switch (directive_hash)
+ {
+/* *************************************************************************
+ * actionsfile actions-file-name
+ * In confdir by default
+ * *************************************************************************/
+ case hash_actions_file :
+ i = 0;
+ while ((i < MAX_AF_FILES) && (NULL != config->actions_file[i]))
+ {
+ i++;
+ }
- end_proxy_args();
+ if (i >= MAX_AF_FILES)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'actionsfile' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
+ MAX_AF_FILES);
+ }
+ config->actions_file_short[i] = strdup_or_die(arg);
+ config->actions_file[i] = make_path(config->confdir, arg);
+
+ break;
+/* *************************************************************************
+ * accept-intercepted-requests
+ * *************************************************************************/
+ case hash_accept_intercepted_requests:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ }
+ break;
+
+/* *************************************************************************
+ * admin-address email-address
+ * *************************************************************************/
+ case hash_admin_address :
+ freez(config->admin_address);
+ config->admin_address = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * allow-cgi-request-crunching
+ * *************************************************************************/
+ case hash_allow_cgi_request_crunching:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_CRUNCHING;
+ }
+ break;
+
+/* *************************************************************************
+ * buffer-limit n
+ * *************************************************************************/
+ case hash_buffer_limit :
+ config->buffer_limit = (size_t)(1024 * parse_numeric_value(cmd, arg));
+ break;
+
+/* *************************************************************************
+ * client-header-order header-1 header-2 ... header-n
+ * *************************************************************************/
+ case hash_client_header_order:
+ list_remove_all(config->ordered_client_headers);
+ parse_client_header_order(config->ordered_client_headers, arg);
+ break;
+
+/* *************************************************************************
+ * client-specific-tag tag-name description
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_specific_tag:
+ {
+ char *name;
+ char *description;
+
+ name = arg;
+ description = strstr(arg, " ");
+ if (description == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' lacks a description.", name);
+ }
+ *description = '\0';
+ /*
+ * The length is limited because we don't want truncated
+ * HTML caused by the cgi interface using static buffer
+ * sizes.
+ */
+ if (strlen(name) > CLIENT_TAG_LENGTH_MAX)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' is longer than %d characters.",
+ name, CLIENT_TAG_LENGTH_MAX);
+ }
+ description++;
+ register_tag(config->client_tags, name, description);
+ }
+ break;
+#endif /* def FEATURE_CLIENT_TAGS */
+
+/* *************************************************************************
+ * client-tag-lifetime ttl
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_tag_lifetime:
+ {
+ int ttl = parse_numeric_value(cmd, arg);
+ if (0 <= ttl)
+ {
+ config->client_tag_lifetime = (unsigned)ttl;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-tag-lifetime can't be negative.");
+ }
+ break;
+ }
+#endif /* def FEATURE_CLIENT_TAGS */
+
+/* *************************************************************************
+ * confdir directory-name
+ * *************************************************************************/
+ case hash_confdir :
+ freez(config->confdir);
+ config->confdir = make_path(NULL, arg);
+ break;
+
+/* *************************************************************************
+ * compression-level 0-9
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_compression_level :
+ {
+ int compression_level = parse_numeric_value(cmd, arg);
+ if (-1 <= compression_level && compression_level <= 9)
+ {
+ config->compression_level = compression_level;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid compression-level value: %s", arg);
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * connection-sharing (0|1)
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_SHARING
+ case hash_connection_sharing :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ break;
+#endif
+
+/* *************************************************************************
+ * cors-allowed-origin http://www.example.org
+ * *************************************************************************/
+ case hash_cors_allowed_origin :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->cors_allowed_origin);
+ config->cors_allowed_origin = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * debug n
+ * Specifies debug level, multiple values are ORed together.
+ * *************************************************************************/
+ case hash_debug :
+ config->debug |= parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * default-server-timeout timeout
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ case hash_default_server_timeout :
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 <= timeout)
+ {
+ config->default_server_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid default-server-timeout value: %s", arg);
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
+ * *************************************************************************/
+#ifdef FEATURE_ACL
+ case hash_deny_access:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if ((vec_count != 1) && (vec_count != 2))
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "deny-access directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "deny-access directive in configuration file.<br><br>\n");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
+ cur_acl->action = ACL_DENY;
+
+ if (acl_addr(vec[0], cur_acl->src) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
+ "for deny-access directive in configuration file: \"%s\"", vec[0]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid source address, port or netmask "
+ "for deny-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[0]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ if (vec_count == 2)
+ {
+ if (acl_addr(vec[1], cur_acl->dst) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
+ "for deny-access directive in configuration file: \"%s\"", vec[1]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid destination address, port or netmask "
+ "for deny-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[1]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ }
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
+
+ /*
+ * Add it to the list. Note we reverse the list to get the
+ * behaviour the user expects. With both the ACL and
+ * actions file, the last match wins. However, the internal
+ * implementations are different: The actions file is stored
+ * in the same order as the file, and scanned completely.
+ * With the ACL, we reverse the order as we load it, then
+ * when we scan it we stop as soon as we get a match.
+ */
+ cur_acl->next = config->acl;
+ config->acl = cur_acl;
+
+ break;
+#endif /* def FEATURE_ACL */
+
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+/* *************************************************************************
+ * enable-accept-filter 0|1
+ * *************************************************************************/
+ case hash_enable_accept_filter :
+ config->enable_accept_filter = parse_toggle_state(cmd, arg);
+ break;
+#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */
+
+/* *************************************************************************
+ * enable-edit-actions 0|1
+ * *************************************************************************/
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ case hash_enable_edit_actions:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
+ break;
+#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+
+/* *************************************************************************
+ * enable-compression 0|1
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_enable_compression:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_COMPRESSION;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
+ }
+ break;
+#endif /* def FEATURE_COMPRESSION */
+
+/* *************************************************************************
+ * enable-proxy-authentication-forwarding 0|1
+ * *************************************************************************/
+ case hash_enable_proxy_authentication_forwarding:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ break;
+
+/* *************************************************************************
+ * enable-remote-toggle 0|1
+ * *************************************************************************/
+#ifdef FEATURE_TOGGLE
+ case hash_enable_remote_toggle:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
+ }
+ break;
+#endif /* def FEATURE_TOGGLE */
+
+/* *************************************************************************
+ * enable-remote-http-toggle 0|1
+ * *************************************************************************/
+ case hash_enable_remote_http_toggle:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_HTTP_TOGGLE;
+ }
+ break;
+
+/* *************************************************************************
+ * enforce-blocks 0|1
+ * *************************************************************************/
+ case hash_enforce_blocks:
+#ifdef FEATURE_FORCE_LOAD
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+#else
+ log_error(LOG_LEVEL_ERROR, "Ignoring directive 'enforce-blocks'. "
+ "FEATURE_FORCE_LOAD is disabled, blocks will always be enforced.");
+#endif /* def FEATURE_FORCE_LOAD */
+ break;
+
+/* *************************************************************************
+ * filterfile file-name
+ * In confdir by default.
+ * *************************************************************************/
+ case hash_filterfile :
+ i = 0;
+ while ((i < MAX_AF_FILES) && (NULL != config->re_filterfile[i]))
+ {
+ i++;
+ }
+
+ if (i >= MAX_AF_FILES)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'filterfile' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
+ MAX_AF_FILES);
+ }
+ config->re_filterfile_short[i] = strdup_or_die(arg);
+ config->re_filterfile[i] = make_path(config->confdir, arg);
+
+ break;
+
+/* *************************************************************************
+ * forward url-pattern (.|http-proxy-host[:port])
+ * *************************************************************************/
+ case hash_forward:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 2)
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for forward "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "forward directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+ cur_fwd->type = SOCKS_NONE;
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for "
+ "forward directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the parent HTTP proxy host:port */
+ p = vec[1];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forward-socks4 url-pattern socks-proxy[:port] (.|http-proxy[:port])
+ * *************************************************************************/
+ case hash_forward_socks4:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 3)
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "forward-socks4 directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "forward-socks4 directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+ cur_fwd->type = SOCKS_4;
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4 "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for "
+ "forward-socks4 directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the SOCKS proxy host[:port] */
+ p = vec[1];
+
+ /* XXX: This check looks like a bug. */
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ NULL, NULL);
+ }
+
+ /* Parse the parent HTTP proxy host[:port] */
+ p = vec[2];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forward-socks4a url-pattern socks-proxy[:port] (.|http-proxy[:port])
+ * *************************************************************************/
+ case hash_forward_socks4a:
+ case hash_forward_socks5:
+ case hash_forward_socks5t:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 3)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Wrong number of parameters for %s in configuration file.",
+ cmd);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+
+ if (directive_hash == hash_forward_socks4a)
+ {
+ cur_fwd->type = SOCKS_4A;
+ }
+ else if (directive_hash == hash_forward_socks5)
+ {
+ cur_fwd->type = SOCKS_5;
+ }
+ else
+ {
+ assert(directive_hash == hash_forward_socks5t);
+ cur_fwd->type = SOCKS_5T;
+ }
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Bad URL specifier for %s in configuration file.",
+ cmd);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the SOCKS proxy [user:pass@]host[:port] */
+ p = vec[1];
+
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ &cur_fwd->auth_username, &cur_fwd->auth_password);
+
+ /* Parse the parent HTTP proxy host[:port] */
+ p = vec[2];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forwarded-connect-retries n
+ * *************************************************************************/
+ case hash_forwarded_connect_retries :
+ config->forwarded_connect_retries = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * handle-as-empty-doc-returns-ok 0|1
+ *
+ * Workaround for firefox hanging on blocked javascript pages.
+ * Block with the "+handle-as-empty-document" flag and set the
+ * "handle-as-empty-doc-returns-ok" run-time config flag so that
+ * Privoxy returns a 200/OK status instead of a 403/Forbidden status
+ * to the browser for blocked pages.
+ ***************************************************************************/
+ case hash_handle_as_empty_returns_ok:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ break;
+
+/* *************************************************************************
+ * hostname hostname-to-show-on-cgi-pages
+ * *************************************************************************/
+ case hash_hostname :
+ freez(config->hostname);
+ config->hostname = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * keep-alive-timeout timeout
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ case hash_keep_alive_timeout :
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 < timeout)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ config->keep_alive_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * listen-address [ip][:port]
+ * *************************************************************************/
+ case hash_listen_address :
+ i = 0;
+ while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i]))
+ {
+ i++;
+ }
+
+ if (i >= MAX_LISTENING_SOCKETS)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).",
+ MAX_LISTENING_SOCKETS);
+ }
+ config->haddr[i] = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * listen-backlog n
+ * *************************************************************************/
+ case hash_listen_backlog :
+ /*
+ * We don't enfore an upper or lower limit because on
+ * many platforms all values are valid and negative
+ * number mean "use the highest value allowed".
+ */
+ config->listen_backlog = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * logdir directory-name
+ * *************************************************************************/
+ case hash_logdir :
+ freez(config->logdir);
+ config->logdir = make_path(NULL, arg);
+ break;
+
+/* *************************************************************************
+ * logfile log-file-name
+ * In logdir by default
+ * *************************************************************************/
+ case hash_logfile :
+ if (daemon_mode)
+ {
+ logfile = make_path(config->logdir, arg);
+ if (NULL == logfile)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating logfile path");
+ }
+ }
+ break;
+
+/* *************************************************************************
+ * max-client-connections number
+ * *************************************************************************/
+ case hash_max_client_connections :
+ {
+ int max_client_connections = parse_numeric_value(cmd, arg);
+
+#if !defined(_WIN32) && !defined(HAVE_POLL)
+ /*
+ * Reject values below 1 for obvious reasons and values above
+ * FD_SETSIZE/2 because Privoxy needs two sockets to serve
+ * client connections that need forwarding.
+ *
+ * We ignore the fact that the first three file descriptors
+ * are usually set to /dev/null, one is used for logging
+ * and yet another file descriptor is required to load
+ * config files.
+ */
+ if ((max_client_connections < 1) || (FD_SETSIZE/2 < max_client_connections))
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value %d"
+ " is invalid. Value needs to be above 1 and below %d"
+ " (FD_SETSIZE/2).", max_client_connections, FD_SETSIZE/2);
+ }
+#else
+ /*
+ * The Windows libc uses FD_SETSIZE for an array used
+ * by select(), but has no problems with file descriptors
+ * above the limit as long as no more than FD_SETSIZE are
+ * passed to select().
+ * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx
+ *
+ * On platforms were we use poll() we don't have to enforce
+ * an upper connection limit either.
+ */
+ if (max_client_connections < 1)
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value"
+ " has to be a number above 1. %d is invalid.",
+ max_client_connections);
+ }
+#endif
+ config->max_client_connections = max_client_connections;
+ break;
+ }
+
+/* *************************************************************************
+ * permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
+ * *************************************************************************/
+#ifdef FEATURE_ACL
+ case hash_permit_access:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if ((vec_count != 1) && (vec_count != 2))
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "permit-access directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "permit-access directive in configuration file.<br><br>\n");
+
+ break;
+ }
+
+ /* allocate a new node */
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
+ cur_acl->action = ACL_PERMIT;
+
+ if (acl_addr(vec[0], cur_acl->src) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
+ "for permit-access directive in configuration file: \"%s\"", vec[0]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid source address, port or netmask for "
+ "permit-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[0]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ if (vec_count == 2)
+ {
+ if (acl_addr(vec[1], cur_acl->dst) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
+ "for permit-access directive in configuration file: \"%s\"", vec[1]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid destination address, port or netmask for "
+ "permit-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[1]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ }
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
+
+ /*
+ * Add it to the list. Note we reverse the list to get the
+ * behaviour the user expects. With both the ACL and
+ * actions file, the last match wins. However, the internal
+ * implementations are different: The actions file is stored
+ * in the same order as the file, and scanned completely.
+ * With the ACL, we reverse the order as we load it, then
+ * when we scan it we stop as soon as we get a match.
+ */
+ cur_acl->next = config->acl;
+ config->acl = cur_acl;
+
+ break;
+#endif /* def FEATURE_ACL */
+
+/* *************************************************************************
+ * proxy-info-url url
+ * *************************************************************************/
+ case hash_proxy_info_url :
+ freez(config->proxy_info_url);
+ config->proxy_info_url = strdup_or_die(arg);
+ break;
+
+
+/* *************************************************************************
+ * receive-buffer-size n
+ * *************************************************************************/
+ case hash_receive_buffer_size :
+ config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg);
+ if (config->receive_buffer_size < BUFFER_SIZE)
+ {
+ log_error(LOG_LEVEL_INFO,
+ "receive-buffer-size %lu seems low and may cause problems. "
+ "Consider setting it to at least %d.",
+ config->receive_buffer_size, BUFFER_SIZE);
+ }
+ break;
+
+/* *************************************************************************
+ * single-threaded 0|1
+ * *************************************************************************/
+ case hash_single_threaded :
+ config->multi_threaded = 0 == parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * socket-timeout numer_of_seconds
+ * *************************************************************************/
+ case hash_socket_timeout :
+ {
+ int socket_timeout = parse_numeric_value(cmd, arg);
+ if (0 <= socket_timeout)
+ {
+ config->socket_timeout = socket_timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid socket-timeout: '%s'", arg);
+ }
+ break;
+ }
+
+/* *************************************************************************
+ * split-large-cgi-forms
+ * *************************************************************************/
+ case hash_split_large_cgi_forms :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
+ }
+ break;
+
+/* *************************************************************************
+ * templdir directory-name
+ * *************************************************************************/
+ case hash_templdir :
+ freez(config->templdir);
+ config->templdir = make_path(NULL, arg);
+ break;
+
+#ifdef FEATURE_EXTERNAL_FILTERS
+/* *************************************************************************
+ * temporary-directory directory-name
+ * *************************************************************************/
+ case hash_temporary_directory :
+ freez(config->temporary_directory);
+ config->temporary_directory = make_path(NULL, arg);
+ break;
+#endif
+
+/* *************************************************************************
+ * tolerate-pipelining (0|1)
+ * *************************************************************************/
+ case hash_tolerate_pipelining :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ break;
+
+/* *************************************************************************
+ * toggle (0|1)
+ * *************************************************************************/
+#ifdef FEATURE_TOGGLE
+ case hash_toggle :
+ global_toggle_state = parse_toggle_state(cmd, arg);
+ break;
+#endif /* def FEATURE_TOGGLE */
+
+/* *************************************************************************
+ * trust-info-url url
+ * *************************************************************************/
+#ifdef FEATURE_TRUST
+ case hash_trust_info_url :
+ enlist(config->trust_info, arg);
+ break;
+#endif /* def FEATURE_TRUST */
+
+/* *************************************************************************
+ * trust-x-forwarded-for (0|1)
+ * *************************************************************************/
+ case hash_trust_x_forwarded_for :
+ config->trust_x_forwarded_for = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * trusted-cgi-referrer http://www.example.org/some/path.html
+ * *************************************************************************/
+ case hash_trusted_cgi_referrer :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->trusted_cgi_referrer);
+ config->trusted_cgi_referrer = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * trustfile filename
+ * (In confdir by default.)
+ * *************************************************************************/
+#ifdef FEATURE_TRUST
+ case hash_trustfile :
+ freez(config->trustfile);
+ config->trustfile = make_path(config->confdir, arg);
+ break;
+#endif /* def FEATURE_TRUST */
+
+/* *************************************************************************
+ * usermanual url
+ * *************************************************************************/
+ case hash_usermanual :
+ /*
+ * XXX: If this isn't the first config directive, the
+ * show-status page links to the website documentation
+ * for the directives that were already parsed. Lame.
+ */
+ freez(config->usermanual);
+ config->usermanual = strdup_or_die(arg);
+ break;
+
+#ifdef FEATURE_HTTPS_INSPECTION
+/* *************************************************************************
+ * ca private key file password
+ * *************************************************************************/
+ case hash_ca_password:
+ freez(config->ca_password);
+ config->ca_password = strdup(arg);
+ break;
+
+/* *************************************************************************
+ * ca-directory directory
+ * *************************************************************************/
+ case hash_ca_directory:
+ freez(ca_directory);
+ ca_directory = make_path(NULL, arg);
+
+ if (NULL == ca_directory)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca cert file ca-cert-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_cert_file:
+ freez(ca_cert_file);
+ ca_cert_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_cert_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca key file ca-key-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_key_file:
+ freez(ca_key_file);
+ ca_key_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_key_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * certificate-directory directory
+ * *************************************************************************/
+ case hash_certificate_directory:
+ freez(certificate_directory);
+ certificate_directory = make_path(NULL, arg);
+
+ if (NULL == certificate_directory)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Out of memory while creating certificate directory path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * cipher-list list-of-ciphers
+ * *************************************************************************/
+ case hash_cipher_list:
+ freez(config->cipher_list);
+ config->cipher_list = strdup_or_die(arg);
+
+ break;
+
+/* *************************************************************************
+ * trusted CAs file name trusted-cas-file
+ * *************************************************************************/
+ case hash_trusted_cas_file:
+ freez(trusted_cas_file);
+ trusted_cas_file = make_path(config->ca_directory, arg);
+
+ if (NULL == trusted_cas_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path");
+ }
+
+ break;
+#endif
+
+/* *************************************************************************
+ * Win32 Console options:
+ * *************************************************************************/
+
+/* *************************************************************************
+ * hide-console
+ * *************************************************************************/
+#ifdef _WIN_CONSOLE
+ case hash_hide_console :
+ hideConsole = 1;
+ break;
+#endif /*def _WIN_CONSOLE*/
+
+
+/* *************************************************************************
+ * Win32 GUI options:
+ * *************************************************************************/
+
+#if defined(_WIN32) && ! defined(_WIN_CONSOLE)
+/* *************************************************************************
+ * activity-animation (0|1)
+ * *************************************************************************/
+ case hash_activity_animation :
+ g_bShowActivityAnimation = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * close-button-minimizes (0|1)
+ * *************************************************************************/
+ case hash_close_button_minimizes :
+ g_bCloseHidesWindow = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-buffer-size (0|1)
+ * *************************************************************************/
+ case hash_log_buffer_size :
+ g_bLimitBufferSize = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-font-name fontname
+ * *************************************************************************/
+ case hash_log_font_name :
+ if (strlcpy(g_szFontFaceName, arg,
+ sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "log-font-name argument '%s' is longer than %u characters.",
+ arg, sizeof(g_szFontFaceName)-1);
+ }
+ break;
+
+/* *************************************************************************
+ * log-font-size n
+ * *************************************************************************/
+ case hash_log_font_size :
+ g_nFontSize = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-highlight-messages (0|1)
+ * *************************************************************************/
+ case hash_log_highlight_messages :
+ g_bHighlightMessages = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-max-lines n
+ * *************************************************************************/
+ case hash_log_max_lines :
+ g_nMaxBufferLines = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-messages (0|1)
+ * *************************************************************************/
+ case hash_log_messages :
+ g_bLogMessages = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * show-on-task-bar (0|1)
+ * *************************************************************************/
+ case hash_show_on_task_bar :
+ g_bShowOnTaskBar = parse_toggle_state(cmd, arg);
+ break;
+
+#endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */
+
+
+/* *************************************************************************
+ * Warnings about unsupported features
+ * *************************************************************************/
+#ifndef FEATURE_ACL
+ case hash_deny_access:
+#endif /* ndef FEATURE_ACL */
+#ifndef FEATURE_CGI_EDIT_ACTIONS
+ case hash_enable_edit_actions:
+#endif /* ndef FEATURE_CGI_EDIT_ACTIONS */
+#ifndef FEATURE_TOGGLE
+ case hash_enable_remote_toggle:
+#endif /* ndef FEATURE_TOGGLE */
+#ifndef FEATURE_ACL
+ case hash_permit_access:
+#endif /* ndef FEATURE_ACL */
+#ifndef FEATURE_TOGGLE
+ case hash_toggle :
+#endif /* ndef FEATURE_TOGGLE */
+#ifndef FEATURE_TRUST
+ case hash_trustfile :
+ case hash_trust_info_url :
+#endif /* ndef FEATURE_TRUST */
+
+#ifndef _WIN_CONSOLE
+ case hash_hide_console :
+#endif /* ndef _WIN_CONSOLE */
+
+#if defined(_WIN_CONSOLE) || ! defined(_WIN32)
+ case hash_activity_animation :
+ case hash_close_button_minimizes :
+ case hash_log_buffer_size :
+ case hash_log_font_name :
+ case hash_log_font_size :
+ case hash_log_highlight_messages :
+ case hash_log_max_lines :
+ case hash_log_messages :
+ case hash_show_on_task_bar :
+#endif /* defined(_WIN_CONSOLE) || ! defined(_WIN32) */
+ /* These warnings are annoying - so hide them. -- Jon */
+ /* log_error(LOG_LEVEL_INFO, "Unsupported directive \"%s\" ignored.", cmd); */
+ break;
+
+/* *************************************************************************/
+ default :
+/* *************************************************************************/
+ /*
+ * I decided that I liked this better as a warning than an
+ * error. To change back to an error, just change log level
+ * to LOG_LEVEL_FATAL.
+ */
+ log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive "
+ "'%s' (%uU) in line %lu in configuration file (%s).",
+ buf, directive_hash, linenum, configfile);
+ string_append(&config->proxy_args,
+ " <strong class='warning'>Warning: Ignoring unrecognized directive:</strong>");
+ break;
+
+/* *************************************************************************/
+ } /* end switch(hash_string(cmd)) */
+
+ /* Save the argument for the show-status page. */
+ savearg(cmd, arg, config);
+ freez(buf);
+ } /* end while (read_config_line(...)) */
+
+ fclose(configfp);
+
+ set_debug_level(config->debug);
+
+ freez(config->logfile);
+
+ if (daemon_mode)
+ {
+ if (NULL != logfile)
+ {
+ config->logfile = logfile;
+ init_error_log(Argv[0], config->logfile);
+ }
+ else
+ {
+ disable_logging();
+ }
+ }
+
+#ifdef FEATURE_HTTPS_INSPECTION
+ /*
+ * Setting SSL parameters from loaded values into structures
+ */
+ freez(config->ca_directory);
+ config->ca_directory = make_path(NULL, ca_directory);
+ freez(ca_directory);
+
+ freez(config->ca_cert_file);
+ config->ca_cert_file = make_path(config->ca_directory, ca_cert_file);
+ freez(ca_cert_file);
+
+ freez(config->ca_key_file);
+ config->ca_key_file = make_path(config->ca_directory, ca_key_file);
+ freez(ca_key_file);
+
+ freez(config->trusted_cas_file);
+ config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file);
+ freez(trusted_cas_file);
+
+ freez(config->certificate_directory);
+ config->certificate_directory = make_path(NULL, certificate_directory);
+ freez(certificate_directory);
+#endif
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ if (config->default_server_timeout > config->keep_alive_timeout)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.",
+ config->default_server_timeout, config->keep_alive_timeout);
+ config->default_server_timeout = config->keep_alive_timeout;
+ }
+#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+
+#ifdef FEATURE_CONNECTION_SHARING
+ if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE)
+ {
+ if (!config->multi_threaded)
+ {
+ /*
+ * While we could use keep-alive without multiple threads
+ * if we didn't bother with enforcing the connection timeout,
+ * that might make Tor users sad, even though they shouldn't
+ * enable the single-threaded option anyway.
+ *
+ * XXX: We could still use Proxy-Connection: keep-alive.
+ */
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ log_error(LOG_LEVEL_ERROR,
+ "Config option single-threaded disables connection keep-alive.");
+ }
+ }
+ else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING))
+ {
+ log_error(LOG_LEVEL_ERROR, "Config option connection-sharing "
+ "has no effect if keep-alive-timeout isn't set.");
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+#endif /* def FEATURE_CONNECTION_SHARING */
+
+ if (NULL == config->proxy_args)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args");
+ }
+
+ if (config->re_filterfile[0])
+ {
+ add_loader(load_re_filterfiles, config);
+ }
+
+ if (config->actions_file[0])
+ {
+ add_loader(load_action_files, config);
+ }
+
+#ifdef FEATURE_TRUST
+ if (config->trustfile)
+ {
+ add_loader(load_trustfile, config);
+ }
+#endif /* def FEATURE_TRUST */
+
+ if (NULL == config->haddr[0])
+ {
+ config->haddr[0] = strdup_or_die(HADDR_DEFAULT);
+ }
+
+ for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++)
+ {
+ if ((*config->haddr[i] == '[')
+ && (NULL != (p = strchr(config->haddr[i], ']')))
+ && (p[1] == ':')
+ && (0 < (config->hport[i] = atoi(p + 2))))
+ {
+ *p = '\0';
+ memmove((void *)config->haddr[i], config->haddr[i] + 1,
+ (size_t)(p - config->haddr[i]));
+ }
+ else if (NULL != (p = strchr(config->haddr[i], ':'))
+ && (0 < (config->hport[i] = atoi(p + 1))))
+ {
+ *p = '\0';
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]);
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ }
+ if (*config->haddr[i] == '\0')
+ {
+ /*
+ * Only the port specified. We stored it in config->hport[i]
+ * and don't need its text representation anymore.
+ * Use config->hport[i] == 0 to iterate listening addresses since
+ * now.
+ */
+ freez(config->haddr[i]);
+ }
+ }
+
+ /*
+ * Want to run all the loaders once now.
+ *
+ * Need to set up a fake csp, so they can get to the config.
+ */
+ fake_csp = zalloc_or_die(sizeof(*fake_csp));
+ fake_csp->config = config;
+
+ if (run_loader(fake_csp))
+ {
+ freez(fake_csp);
+ log_error(LOG_LEVEL_FATAL, "A loader failed while loading config file. Exiting.");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ }
+ freez(fake_csp);
+
+/* FIXME: this is a kludge for win32 */
+#if defined(_WIN32) && !defined (_WIN_CONSOLE)
+
+ g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */
+ g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */
+ g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */
+ g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */
+
+#ifdef FEATURE_TRUST
+ g_trustfile = config->trustfile;
+#endif /* def FEATURE_TRUST */
+
+
+#endif /* defined(_WIN32) && !defined (_WIN_CONSOLE) */
+/* FIXME: end kludge */
+
+
+ if (current_configfile == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else
+ {
+ struct configuration_spec * oldcfg = (struct configuration_spec *)
+ current_configfile->f;
+ /*
+ * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i]
+ */
+ config->need_bind = 0;
+
+ for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
+ {
+ if (config->hport[i] != oldcfg->hport[i])
+ {
+ config->need_bind = 1;
+ }
+ else if (config->haddr[i] == NULL)
+ {
+ if (oldcfg->haddr[i] != NULL)
+ {
+ config->need_bind = 1;
+ }
+ }
+ else if (oldcfg->haddr[i] == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i]))
+ {
+ config->need_bind = 1;
+ }
+ }
+
+ current_configfile->unloader = unload_configfile;
+ }
+
+ fs->next = files->next;
+ files->next = fs;
+
+ current_configfile = fs;
+
+ return (config);
+}
+
+
+/*********************************************************************
+ *
+ * Function : savearg
+ *
+ * Description : Called from `load_config'. It saves each non-empty
+ * and non-comment line from config into
+ * config->proxy_args. This is used to create the
+ * show-status page. On error, frees
+ * config->proxy_args and sets it to NULL
+ *
+ * Parameters :
+ * 1 : command = config setting that was found
+ * 2 : argument = the setting's argument (if any)
+ * 3 : config = Configuration to save into.
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void savearg(char *command, char *argument, struct configuration_spec * config)
+{
+ char * buf;
+ char * s;
+
+ assert(command);
+ assert(argument);
+
+ /*
+ * Add config option name embedded in
+ * link to its section in the user-manual
+ */
+ buf = strdup_or_die("\n<a href=\"");
+ if (!strncmpic(config->usermanual, "file://", 7) ||
+ !strncmpic(config->usermanual, "http", 4))
+ {
+ string_append(&buf, config->usermanual);
+ }
+ else
+ {
+ string_append(&buf, "http://" CGI_SITE_2_HOST "/user-manual/");
+ }
+ string_append(&buf, CONFIG_HELP_PREFIX);
+ string_join (&buf, string_toupper(command));
+ string_append(&buf, "\">");
+ string_append(&buf, command);
+ string_append(&buf, "</a> ");
+
+ if (NULL == buf)
+ {
+ freez(config->proxy_args);
+ return;
+ }
+
+ if ((NULL != argument) && ('\0' != *argument))
+ {
+ s = html_encode(argument);
+ if (NULL == s)
+ {
+ freez(buf);
+ freez(config->proxy_args);
+ return;
+ }
+
+ if (strncmpic(argument, "http://", 7) == 0)
+ {
+ string_append(&buf, "<a href=\"");
+ string_append(&buf, s);
+ string_append(&buf, "\">");
+ string_join (&buf, s);
+ string_append(&buf, "</a>");
+ }
+ else
+ {
+ string_join (&buf, s);
+ }
+ }
+ string_append(&buf, "<br>");
+ string_join(&config->proxy_args, buf);
}