1 /*********************************************************************
3 * File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
5 * Purpose : Loads settings from the configuration file into
6 * global variables. This file contains both the
7 * routine to load the configuration and the global
8 * variables it writes to.
10 * Copyright : Written by and Copyright (C) 2001-2017 the
11 * Privoxy team. https://www.privoxy.org/
13 * Based on the Internet Junkbuster originally written
14 * by and Copyright (C) 1997 Anonymous Coders and
15 * Junkbusters Corporation. http://www.junkbusters.com
17 * This program is free software; you can redistribute it
18 * and/or modify it under the terms of the GNU General
19 * Public License as published by the Free Software
20 * Foundation; either version 2 of the License, or (at
21 * your option) any later version.
23 * This program is distributed in the hope that it will
24 * be useful, but WITHOUT ANY WARRANTY; without even the
25 * implied warranty of MERCHANTABILITY or FITNESS FOR A
26 * PARTICULAR PURPOSE. See the GNU General Public
27 * License for more details.
29 * The GNU General Public License should be included with
30 * this file. If not, you can view it at
31 * http://www.gnu.org/copyleft/gpl.html
32 * or write to the Free Software Foundation, Inc., 59
33 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 *********************************************************************/
41 #include <sys/types.h>
55 # include <winsock2.h>
61 # endif /* ndef _WIN_CONSOLE */
63 #else /* ifndef _WIN32 */
67 # include <sys/wait.h>
69 # include <sys/time.h>
70 # include <sys/stat.h>
88 #ifdef FEATURE_CLIENT_TAGS
89 #include "client-tags.h"
93 * Default number of seconds after which an
94 * open connection will no longer be reused.
96 #define DEFAULT_KEEP_ALIVE_TIMEOUT 180
99 * Default backlog passed to listen().
101 #define DEFAULT_LISTEN_BACKLOG 128
103 #ifdef FEATURE_TOGGLE
104 /* Privoxy is enabled by default. */
105 int global_toggle_state = 1;
106 #endif /* def FEATURE_TOGGLE */
108 /* The filename of the configfile */
109 const char *configfile = NULL;
112 * CGI functions will later need access to the invocation args,
113 * so we will make argc and argv global.
116 char * const * Argv = NULL;
118 static struct file_list *current_configfile = NULL;
122 * This takes the "cryptic" hash of each keyword and aliases them to
123 * something a little more readable. This also makes changing the
124 * hash values easier if they should change or the hash algorthm changes.
125 * Use the included "hash" program to find out what the hash will be
126 * for any string supplied on the command line. (Or just put it in the
127 * config file and read the number from the error message in the log).
129 * Please keep this list sorted alphabetically (but with the Windows
130 * console and GUI specific options last).
133 #define hash_actions_file 1196306641U /* "actionsfile" */
134 #define hash_accept_intercepted_requests 1513024973U /* "accept-intercepted-requests" */
135 #define hash_admin_address 4112573064U /* "admin-address" */
136 #define hash_allow_cgi_request_crunching 258915987U /* "allow-cgi-request-crunching" */
137 #define hash_buffer_limit 1881726070U /* "buffer-limit */
138 #define hash_ca_cert_file 1622923720U /* "ca-cert-file" */
139 #define hash_ca_directory 1623615670U /* "ca-directory" */
140 #define hash_ca_key_file 1184187891U /* "ca-key-file" */
141 #define hash_ca_password 1184543320U /* "ca-password" */
142 #define hash_certificate_directory 1367994217U /* "certificate-directory" */
143 #define hash_client_header_order 2701453514U /* "client-header-order" */
144 #define hash_client_specific_tag 3353703383U /* "client-specific-tag" */
145 #define hash_client_tag_lifetime 647957580U /* "client-tag-lifetime" */
146 #define hash_compression_level 2464423563U /* "compression-level" */
147 #define hash_confdir 1978389U /* "confdir" */
148 #define hash_connection_sharing 1348841265U /* "connection-sharing" */
149 #define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */
150 #define hash_debug 78263U /* "debug" */
151 #define hash_default_server_timeout 2530089913U /* "default-server-timeout" */
152 #define hash_deny_access 1227333715U /* "deny-access" */
153 #define hash_enable_accept_filter 2909040407U /* "enable-accept-filter" */
154 #define hash_enable_edit_actions 2517097536U /* "enable-edit-actions" */
155 #define hash_enable_compression 3943696946U /* "enable-compression" */
156 #define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */
157 #define hash_enable_remote_toggle 2979744683U /* "enable-remote-toggle" */
158 #define hash_enable_remote_http_toggle 110543988U /* "enable-remote-http-toggle" */
159 #define hash_enforce_blocks 1862427469U /* "enforce-blocks" */
160 #define hash_filterfile 250887266U /* "filterfile" */
161 #define hash_forward 2029845U /* "forward" */
162 #define hash_forward_socks4 3963965521U /* "forward-socks4" */
163 #define hash_forward_socks4a 2639958518U /* "forward-socks4a" */
164 #define hash_forward_socks5 3963965522U /* "forward-socks5" */
165 #define hash_forward_socks5t 2639958542U /* "forward-socks5t" */
166 #define hash_forwarded_connect_retries 101465292U /* "forwarded-connect-retries" */
167 #define hash_handle_as_empty_returns_ok 1444873247U /* "handle-as-empty-doc-returns-ok" */
168 #define hash_hostname 10308071U /* "hostname" */
169 #define hash_keep_alive_timeout 3878599515U /* "keep-alive-timeout" */
170 #define hash_listen_address 1255650842U /* "listen-address" */
171 #define hash_listen_backlog 1255655735U /* "listen-backlog" */
172 #define hash_logdir 422889U /* "logdir" */
173 #define hash_logfile 2114766U /* "logfile" */
174 #define hash_max_client_connections 3595884446U /* "max-client-connections" */
175 #define hash_permit_access 3587953268U /* "permit-access" */
176 #define hash_proxy_info_url 3903079059U /* "proxy-info-url" */
177 #define hash_receive_buffer_size 2880297454U /* "receive-buffer-size */
178 #define hash_single_threaded 4250084780U /* "single-threaded" */
179 #define hash_socket_timeout 1809001761U /* "socket-timeout" */
180 #define hash_split_large_cgi_forms 671658948U /* "split-large-cgi-forms" */
181 #define hash_suppress_blocklists 1948693308U /* "suppress-blocklists" */
182 #define hash_templdir 11067889U /* "templdir" */
183 #define hash_temporary_directory 1824125181U /* "temporary-directory" */
184 #define hash_tolerate_pipelining 1360286620U /* "tolerate-pipelining" */
185 #define hash_toggle 447966U /* "toggle" */
186 #define hash_trust_info_url 430331967U /* "trust-info-url" */
187 #define hash_trust_x_forwarded_for 2971537414U /* "trust-x-forwarded-for" */
188 #define hash_trusted_cgi_referrer 4270883427U /* "trusted-cgi-referrer" */
189 #define hash_trusted_cas_file 2679803024U /* "trusted-cas-files" */
190 #define hash_trustfile 56494766U /* "trustfile" */
191 #define hash_usermanual 1416668518U /* "user-manual" */
192 #define hash_activity_animation 1817904738U /* "activity-animation" */
193 #define hash_close_button_minimizes 3651284693U /* "close-button-minimizes" */
194 #define hash_hide_console 2048809870U /* "hide-console" */
195 #define hash_log_buffer_size 2918070425U /* "log-buffer-size" */
196 #define hash_log_font_name 2866730124U /* "log-font-name" */
197 #define hash_log_font_size 2866731014U /* "log-font-size" */
198 #define hash_log_highlight_messages 4032101240U /* "log-highlight-messages" */
199 #define hash_log_max_lines 2868344173U /* "log-max-lines" */
200 #define hash_log_messages 2291744899U /* "log-messages" */
201 #define hash_show_on_task_bar 215410365U /* "show-on-task-bar" */
204 static void savearg(char *command, char *argument, struct configuration_spec * config);
205 #ifdef FEATURE_CLIENT_TAGS
206 static void free_client_specific_tags(struct client_tag_spec *tag_list);
209 /*********************************************************************
211 * Function : unload_configfile
213 * Description : Free the config structure and all components.
216 * 1 : data: struct configuration_spec to unload
220 *********************************************************************/
221 static void unload_configfile (void * data)
223 struct configuration_spec * config = (struct configuration_spec *)data;
224 struct forward_spec *cur_fwd = config->forward;
228 struct access_control_list *cur_acl = config->acl;
230 while (cur_acl != NULL)
232 struct access_control_list * next_acl = cur_acl->next;
237 #endif /* def FEATURE_ACL */
239 while (cur_fwd != NULL)
241 struct forward_spec * next_fwd = cur_fwd->next;
242 free_pattern_spec(cur_fwd->url);
244 freez(cur_fwd->gateway_host);
245 freez(cur_fwd->forward_host);
249 config->forward = NULL;
251 freez(config->confdir);
252 freez(config->logdir);
253 freez(config->templdir);
254 freez(config->hostname);
255 #ifdef FEATURE_EXTERNAL_FILTERS
256 freez(config->temporary_directory);
259 for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
261 freez(config->haddr[i]);
263 freez(config->logfile);
265 for (i = 0; i < MAX_AF_FILES; i++)
267 freez(config->actions_file_short[i]);
268 freez(config->actions_file[i]);
269 freez(config->re_filterfile_short[i]);
270 freez(config->re_filterfile[i]);
273 list_remove_all(config->ordered_client_headers);
275 freez(config->admin_address);
276 freez(config->proxy_info_url);
277 freez(config->proxy_args);
278 freez(config->usermanual);
279 freez(config->trusted_cgi_referrer);
281 #ifdef FEATURE_HTTPS_INSPECTION
282 freez(config->ca_password);
283 freez(config->ca_directory);
284 freez(config->ca_cert_file);
285 freez(config->ca_key_file);
286 freez(config->certificate_directory);
287 freez(config->trusted_cas_file);
291 freez(config->trustfile);
292 list_remove_all(config->trust_info);
293 #endif /* def FEATURE_TRUST */
295 #ifdef FEATURE_CLIENT_TAGS
296 free_client_specific_tags(config->client_tags);
303 #ifdef FEATURE_GRACEFUL_TERMINATION
304 /*********************************************************************
306 * Function : unload_current_config_file
308 * Description : Unloads current config file - reset to state at
309 * beginning of program.
315 *********************************************************************/
316 void unload_current_config_file(void)
318 if (current_configfile)
320 current_configfile->unloader = unload_configfile;
321 current_configfile = NULL;
327 #ifdef FEATURE_CLIENT_TAGS
328 /*********************************************************************
330 * Function : register_tag
332 * Description : Registers a client-specific-tag and its description
335 * 1 : config: The tag list
336 * 2 : name: The name of the client-specific-tag
337 * 3 : description: The human-readable description for the tag
341 *********************************************************************/
342 static void register_tag(struct client_tag_spec *tag_list,
343 const char *name, const char *description)
345 struct client_tag_spec *new_tag;
346 struct client_tag_spec *last_tag;
349 while (last_tag->next != NULL)
351 last_tag = last_tag->next;
353 if (last_tag->name == NULL)
360 new_tag = zalloc_or_die(sizeof(struct client_tag_spec));
362 new_tag->name = strdup_or_die(name);
363 new_tag->description = strdup_or_die(description);
364 if (new_tag != last_tag)
366 last_tag->next = new_tag;
371 /*********************************************************************
373 * Function : free_client_specific_tags
375 * Description : Frees client-specific tags and their descriptions
378 * 1 : tag_list: The tag list to free
382 *********************************************************************/
383 static void free_client_specific_tags(struct client_tag_spec *tag_list)
385 struct client_tag_spec *this_tag;
386 struct client_tag_spec *next_tag;
392 next_tag = next_tag->next;
394 freez(this_tag->name);
395 freez(this_tag->description);
397 if (this_tag != tag_list)
401 } while (next_tag != NULL);
403 #endif /* def FEATURE_CLIENT_TAGS */
406 /*********************************************************************
408 * Function : parse_numeric_value
410 * Description : Parse the value of a directive that can only have
411 * a single numeric value. Terminates with a fatal error
412 * if the value is NULL or not numeric.
415 * 1 : name: The name of the directive. Used for log messages.
416 * 2 : value: The value to parse
419 * Returns : The numerical value as integer
421 *********************************************************************/
422 static int parse_numeric_value(const char *name, const char *value)
427 assert(name != NULL);
428 assert(value != NULL);
430 if ((value == NULL) || (*value == '\0'))
432 log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
435 number = (int)strtol(value, &endptr, 0);
438 log_error(LOG_LEVEL_FATAL,
439 "Directive '%s' used with non-numerical value: '%s'", name, value);
447 /*********************************************************************
449 * Function : parse_toggle_value
451 * Description : Parse the value of a directive that can only be
452 * enabled or disabled. Terminates with a fatal error
453 * if the value is NULL or something other than 0 or 1.
456 * 1 : name: The name of the directive. Used for log messages.
457 * 2 : value: The value to parse
460 * Returns : The numerical toggle state
462 *********************************************************************/
463 static int parse_toggle_state(const char *name, const char *value)
466 assert(name != NULL);
467 assert(value != NULL);
469 if ((value == NULL) || (*value == '\0'))
471 log_error(LOG_LEVEL_FATAL, "Directive %s used without argument", name);
474 toggle_state = atoi(value);
477 * Also check the length as atoi() doesn't mind
478 * garbage after a valid integer, but we do.
480 if (((toggle_state != 0) && (toggle_state != 1)) || (strlen(value) != 1))
482 log_error(LOG_LEVEL_FATAL,
483 "Directive %s used with invalid argument '%s'. Use either '0' or '1'.",
492 /*********************************************************************
494 * Function : parse_client_header_order
496 * Description : Parse the value of the header-order directive
499 * 1 : ordered_header_list: List to insert the ordered
501 * 2 : ordered_headers: The ordered header names separated
507 *********************************************************************/
508 static void parse_client_header_order(struct list *ordered_header_list, const char *ordered_headers)
510 char *original_headers_copy;
513 int number_of_headers;
516 assert(ordered_header_list != NULL);
517 assert(ordered_headers != NULL);
519 if (ordered_headers == NULL)
521 log_error(LOG_LEVEL_FATAL, "header-order used without argument");
525 * XXX: This estimate is guaranteed to be high enough as we
526 * let ssplit() ignore empty fields, but also a bit wasteful.
527 * The same hack is used in get_last_url() so it looks like
528 * a real solution is needed.
530 max_segments = strlen(ordered_headers) / 2;
531 if (max_segments == 0)
535 vector = malloc_or_die(max_segments * sizeof(char *));
537 original_headers_copy = strdup_or_die(ordered_headers);
539 number_of_headers = ssplit(original_headers_copy, "\t ", vector, max_segments);
540 if (number_of_headers == -1)
542 log_error(LOG_LEVEL_FATAL, "Failed to split ordered headers");
545 for (i = 0; i < number_of_headers; i++)
547 if (JB_ERR_OK != enlist(ordered_header_list, vector[i]))
549 log_error(LOG_LEVEL_FATAL,
550 "Failed to enlist ordered header: %s", vector[i]);
555 freez(original_headers_copy);
562 /*********************************************************************
564 * Function : load_config
566 * Description : Load the config file and all parameters.
568 * XXX: more than thousand lines long
569 * and thus in serious need of refactoring.
573 * Returns : The configuration_spec, or NULL on error.
575 *********************************************************************/
576 struct configuration_spec * load_config(void)
580 FILE *configfp = NULL;
581 struct configuration_spec * config = NULL;
582 struct client_state * fake_csp;
583 struct file_list *fs;
584 unsigned long linenum = 0;
586 char *logfile = NULL;
587 #ifdef FEATURE_HTTPS_INSPECTION
588 char *ca_cert_file = NULL;
589 char *ca_key_file = NULL;
590 char *ca_directory = NULL;
591 char *trusted_cas_file = NULL;
592 char *certificate_directory = NULL;
595 if (!check_file_changed(current_configfile, configfile, &fs))
597 /* No need to load */
598 return ((struct configuration_spec *)current_configfile->f);
602 log_error(LOG_LEVEL_FATAL,
603 "can't check configuration file '%s': %E", configfile);
607 if (NULL != current_configfile)
609 log_error(LOG_LEVEL_INFO, "Reloading configuration file '%s'", configfile);
612 #ifdef FEATURE_TOGGLE
613 global_toggle_state = 1;
614 #endif /* def FEATURE_TOGGLE */
616 fs->f = config = zalloc_or_die(sizeof(*config));
619 * This is backwards from how it's usually done.
620 * Following the usual pattern, "fs" would be stored in a member
621 * variable in "csp", and then we'd access "config" from "fs->f",
622 * using a cast. However, "config" is used so often that a
623 * cast each time would be very ugly, and the extra indirection
624 * would waste CPU cycles. Therefore we store "config" in
625 * "csp->config", and "fs" in "csp->config->config_file_list".
627 config->config_file_list = fs;
632 config->multi_threaded = 1;
633 config->buffer_limit = 4096 * 1024;
634 config->receive_buffer_size = BUFFER_SIZE;
635 config->usermanual = strdup_or_die(USER_MANUAL_URL);
636 config->proxy_args = strdup_or_die("");
637 config->forwarded_connect_retries = 0;
638 #ifdef FEATURE_HTTPS_INSPECTION
639 config->ca_password = strdup("");
640 ca_cert_file = strdup("cacert.crt");
641 ca_key_file = strdup("cakey.pem");
642 ca_directory = strdup("./CA");
643 trusted_cas_file = strdup("trustedCAs.pem");
644 certificate_directory = strdup("./certs");
647 #ifdef FEATURE_CLIENT_TAGS
648 config->client_tag_lifetime = 60;
650 config->trust_x_forwarded_for = 0;
651 #if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
652 config->enable_accept_filter = 0;
654 config->listen_backlog = DEFAULT_LISTEN_BACKLOG;
655 config->trusted_cgi_referrer = NULL;
657 * 128 client sockets ought to be enough for everybody who can't
658 * be bothered to read the documentation to figure out how to
659 * increase the limit.
661 config->max_client_connections = 128;
662 config->socket_timeout = 300; /* XXX: Should be a macro. */
663 #ifdef FEATURE_CONNECTION_KEEP_ALIVE
664 config->default_server_timeout = 0;
665 config->keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT;
666 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
667 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
669 config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
670 config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
671 config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
672 config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
673 config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
674 #ifdef FEATURE_COMPRESSION
675 config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
677 * XXX: Run some benchmarks to see if there are better default values.
679 config->compression_level = 1;
681 config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
682 config->cors_allowed_origin = NULL;
684 configfp = fopen(configfile, "r");
685 if (NULL == configfp)
687 log_error(LOG_LEVEL_FATAL,
688 "can't open configuration file '%s': %E", configfile);
689 /* Never get here - LOG_LEVEL_FATAL causes program exit */
692 while (read_config_line(configfp, &linenum, &buf) != NULL)
694 char cmd[BUFFER_SIZE];
695 char arg[BUFFER_SIZE];
696 char tmp[BUFFER_SIZE];
698 struct access_control_list *cur_acl;
699 #endif /* def FEATURE_ACL */
700 struct forward_spec *cur_fwd;
703 unsigned int directive_hash;
705 strlcpy(tmp, buf, sizeof(tmp));
707 /* Copy command (i.e. up to space or tab) into cmd */
710 while (*p && (*p != ' ') && (*p != '\t'))
716 /* Skip over the whitespace in buf */
717 while (*p && ((*p == ' ') || (*p == '\t')))
722 /* Copy the argument into arg */
723 if (strlcpy(arg, p, sizeof(arg)) >= sizeof(arg))
725 log_error(LOG_LEVEL_FATAL, "Config line too long: %s", buf);
728 /* Should never happen, but check this anyway */
735 /* Make sure the command field is lower case */
736 for (p = cmd; *p; p++)
738 if (privoxy_isupper(*p))
740 *p = (char)privoxy_tolower(*p);
744 directive_hash = hash_string(cmd);
745 switch (directive_hash)
747 /* *************************************************************************
748 * actionsfile actions-file-name
749 * In confdir by default
750 * *************************************************************************/
751 case hash_actions_file :
753 while ((i < MAX_AF_FILES) && (NULL != config->actions_file[i]))
758 if (i >= MAX_AF_FILES)
760 log_error(LOG_LEVEL_FATAL, "Too many 'actionsfile' directives in config file - limit is %d.\n"
761 "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
764 config->actions_file_short[i] = strdup_or_die(arg);
765 config->actions_file[i] = make_path(config->confdir, arg);
768 /* *************************************************************************
769 * accept-intercepted-requests
770 * *************************************************************************/
771 case hash_accept_intercepted_requests:
772 if (parse_toggle_state(cmd, arg) == 1)
774 config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
778 config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
782 /* *************************************************************************
783 * admin-address email-address
784 * *************************************************************************/
785 case hash_admin_address :
786 freez(config->admin_address);
787 config->admin_address = strdup_or_die(arg);
790 /* *************************************************************************
791 * allow-cgi-request-crunching
792 * *************************************************************************/
793 case hash_allow_cgi_request_crunching:
794 if (parse_toggle_state(cmd, arg) == 1)
796 config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING;
800 config->feature_flags &= ~RUNTIME_FEATURE_CGI_CRUNCHING;
804 /* *************************************************************************
806 * *************************************************************************/
807 case hash_buffer_limit :
808 config->buffer_limit = (size_t)(1024 * parse_numeric_value(cmd, arg));
811 /* *************************************************************************
812 * client-header-order header-1 header-2 ... header-n
813 * *************************************************************************/
814 case hash_client_header_order:
815 list_remove_all(config->ordered_client_headers);
816 parse_client_header_order(config->ordered_client_headers, arg);
819 /* *************************************************************************
820 * client-specific-tag tag-name description
821 * *************************************************************************/
822 #ifdef FEATURE_CLIENT_TAGS
823 case hash_client_specific_tag:
829 description = strstr(arg, " ");
830 if (description == NULL)
832 log_error(LOG_LEVEL_FATAL,
833 "client-specific-tag '%s' lacks a description.", name);
837 * The length is limited because we don't want truncated
838 * HTML caused by the cgi interface using static buffer
841 if (strlen(name) > CLIENT_TAG_LENGTH_MAX)
843 log_error(LOG_LEVEL_FATAL,
844 "client-specific-tag '%s' is longer than %d characters.",
845 name, CLIENT_TAG_LENGTH_MAX);
848 register_tag(config->client_tags, name, description);
851 #endif /* def FEATURE_CLIENT_TAGS */
853 /* *************************************************************************
854 * client-tag-lifetime ttl
855 * *************************************************************************/
856 #ifdef FEATURE_CLIENT_TAGS
857 case hash_client_tag_lifetime:
859 int ttl = parse_numeric_value(cmd, arg);
862 config->client_tag_lifetime = (unsigned)ttl;
866 log_error(LOG_LEVEL_FATAL,
867 "client-tag-lifetime can't be negative.");
871 #endif /* def FEATURE_CLIENT_TAGS */
873 /* *************************************************************************
874 * confdir directory-name
875 * *************************************************************************/
877 freez(config->confdir);
878 config->confdir = make_path(NULL, arg);
881 /* *************************************************************************
882 * compression-level 0-9
883 * *************************************************************************/
884 #ifdef FEATURE_COMPRESSION
885 case hash_compression_level :
887 int compression_level = parse_numeric_value(cmd, arg);
888 if (-1 <= compression_level && compression_level <= 9)
890 config->compression_level = compression_level;
894 log_error(LOG_LEVEL_FATAL,
895 "Invalid compression-level value: %s", arg);
901 /* *************************************************************************
902 * connection-sharing (0|1)
903 * *************************************************************************/
904 #ifdef FEATURE_CONNECTION_SHARING
905 case hash_connection_sharing :
906 if (parse_toggle_state(cmd, arg) == 1)
908 config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING;
912 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
917 /* *************************************************************************
918 * cors-allowed-origin http://www.example.org
919 * *************************************************************************/
920 case hash_cors_allowed_origin :
922 * We don't validate the specified referrer as
923 * it's only used for string comparison.
925 freez(config->cors_allowed_origin);
926 config->cors_allowed_origin = strdup_or_die(arg);
929 /* *************************************************************************
931 * Specifies debug level, multiple values are ORed together.
932 * *************************************************************************/
934 config->debug |= parse_numeric_value(cmd, arg);
937 /* *************************************************************************
938 * default-server-timeout timeout
939 * *************************************************************************/
940 #ifdef FEATURE_CONNECTION_KEEP_ALIVE
941 case hash_default_server_timeout :
943 int timeout = parse_numeric_value(cmd, arg);
946 config->default_server_timeout = (unsigned int)timeout;
950 log_error(LOG_LEVEL_FATAL,
951 "Invalid default-server-timeout value: %s", arg);
957 /* *************************************************************************
958 * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
959 * *************************************************************************/
961 case hash_deny_access:
962 strlcpy(tmp, arg, sizeof(tmp));
963 vec_count = ssplit(tmp, " \t", vec, SZ(vec));
965 if ((vec_count != 1) && (vec_count != 2))
967 log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
968 "deny-access directive in configuration file.");
969 string_append(&config->proxy_args,
970 "<br>\nWARNING: Wrong number of parameters for "
971 "deny-access directive in configuration file.<br><br>\n");
975 /* allocate a new node */
976 cur_acl = zalloc_or_die(sizeof(*cur_acl));
977 cur_acl->action = ACL_DENY;
979 if (acl_addr(vec[0], cur_acl->src) < 0)
981 log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
982 "for deny-access directive in configuration file: \"%s\"", vec[0]);
983 string_append(&config->proxy_args,
984 "<br>\nWARNING: Invalid source address, port or netmask "
985 "for deny-access directive in configuration file: \"");
986 string_append(&config->proxy_args,
988 string_append(&config->proxy_args,
995 if (acl_addr(vec[1], cur_acl->dst) < 0)
997 log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
998 "for deny-access directive in configuration file: \"%s\"", vec[1]);
999 string_append(&config->proxy_args,
1000 "<br>\nWARNING: Invalid destination address, port or netmask "
1001 "for deny-access directive in configuration file: \"");
1002 string_append(&config->proxy_args,
1004 string_append(&config->proxy_args,
1013 cur_acl->wildcard_dst = 1;
1015 #endif /* def HAVE_RFC2553 */
1018 * Add it to the list. Note we reverse the list to get the
1019 * behaviour the user expects. With both the ACL and
1020 * actions file, the last match wins. However, the internal
1021 * implementations are different: The actions file is stored
1022 * in the same order as the file, and scanned completely.
1023 * With the ACL, we reverse the order as we load it, then
1024 * when we scan it we stop as soon as we get a match.
1026 cur_acl->next = config->acl;
1027 config->acl = cur_acl;
1030 #endif /* def FEATURE_ACL */
1032 #if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
1033 /* *************************************************************************
1034 * enable-accept-filter 0|1
1035 * *************************************************************************/
1036 case hash_enable_accept_filter :
1037 config->enable_accept_filter = parse_toggle_state(cmd, arg);
1039 #endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */
1041 /* *************************************************************************
1042 * enable-edit-actions 0|1
1043 * *************************************************************************/
1044 #ifdef FEATURE_CGI_EDIT_ACTIONS
1045 case hash_enable_edit_actions:
1046 if (parse_toggle_state(cmd, arg) == 1)
1048 config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
1052 config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
1055 #endif /* def FEATURE_CGI_EDIT_ACTIONS */
1057 /* *************************************************************************
1058 * enable-compression 0|1
1059 * *************************************************************************/
1060 #ifdef FEATURE_COMPRESSION
1061 case hash_enable_compression:
1062 if (parse_toggle_state(cmd, arg) == 1)
1064 config->feature_flags |= RUNTIME_FEATURE_COMPRESSION;
1068 config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
1071 #endif /* def FEATURE_COMPRESSION */
1073 /* *************************************************************************
1074 * enable-proxy-authentication-forwarding 0|1
1075 * *************************************************************************/
1076 case hash_enable_proxy_authentication_forwarding:
1077 if (parse_toggle_state(cmd, arg) == 1)
1079 config->feature_flags |= RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
1083 config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
1087 /* *************************************************************************
1088 * enable-remote-toggle 0|1
1089 * *************************************************************************/
1090 #ifdef FEATURE_TOGGLE
1091 case hash_enable_remote_toggle:
1092 if (parse_toggle_state(cmd, arg) == 1)
1094 config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE;
1098 config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
1101 #endif /* def FEATURE_TOGGLE */
1103 /* *************************************************************************
1104 * enable-remote-http-toggle 0|1
1105 * *************************************************************************/
1106 case hash_enable_remote_http_toggle:
1107 if (parse_toggle_state(cmd, arg) == 1)
1109 config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE;
1113 config->feature_flags &= ~RUNTIME_FEATURE_HTTP_TOGGLE;
1117 /* *************************************************************************
1118 * enforce-blocks 0|1
1119 * *************************************************************************/
1120 case hash_enforce_blocks:
1121 #ifdef FEATURE_FORCE_LOAD
1122 if (parse_toggle_state(cmd, arg) == 1)
1124 config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS;
1128 config->feature_flags &= ~RUNTIME_FEATURE_ENFORCE_BLOCKS;
1131 log_error(LOG_LEVEL_ERROR, "Ignoring directive 'enforce-blocks'. "
1132 "FEATURE_FORCE_LOAD is disabled, blocks will always be enforced.");
1133 #endif /* def FEATURE_FORCE_LOAD */
1136 /* *************************************************************************
1137 * filterfile file-name
1138 * In confdir by default.
1139 * *************************************************************************/
1140 case hash_filterfile :
1142 while ((i < MAX_AF_FILES) && (NULL != config->re_filterfile[i]))
1147 if (i >= MAX_AF_FILES)
1149 log_error(LOG_LEVEL_FATAL, "Too many 'filterfile' directives in config file - limit is %d.\n"
1150 "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
1153 config->re_filterfile_short[i] = strdup_or_die(arg);
1154 config->re_filterfile[i] = make_path(config->confdir, arg);
1158 /* *************************************************************************
1159 * forward url-pattern (.|http-proxy-host[:port])
1160 * *************************************************************************/
1162 strlcpy(tmp, arg, sizeof(tmp));
1163 vec_count = ssplit(tmp, " \t", vec, SZ(vec));
1167 log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for forward "
1168 "directive in configuration file.");
1169 string_append(&config->proxy_args,
1170 "<br>\nWARNING: Wrong number of parameters for "
1171 "forward directive in configuration file.");
1175 /* allocate a new node */
1176 cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
1177 cur_fwd->type = SOCKS_NONE;
1179 /* Save the URL pattern */
1180 if (create_pattern_spec(cur_fwd->url, vec[0]))
1182 log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward "
1183 "directive in configuration file.");
1184 string_append(&config->proxy_args,
1185 "<br>\nWARNING: Bad URL specifier for "
1186 "forward directive in configuration file.");
1191 /* Parse the parent HTTP proxy host:port */
1194 if (strcmp(p, ".") != 0)
1196 cur_fwd->forward_port = 8000;
1197 parse_forwarder_address(p,
1198 &cur_fwd->forward_host, &cur_fwd->forward_port,
1203 cur_fwd->next = config->forward;
1204 config->forward = cur_fwd;
1208 /* *************************************************************************
1209 * forward-socks4 url-pattern socks-proxy[:port] (.|http-proxy[:port])
1210 * *************************************************************************/
1211 case hash_forward_socks4:
1212 strlcpy(tmp, arg, sizeof(tmp));
1213 vec_count = ssplit(tmp, " \t", vec, SZ(vec));
1217 log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
1218 "forward-socks4 directive in configuration file.");
1219 string_append(&config->proxy_args,
1220 "<br>\nWARNING: Wrong number of parameters for "
1221 "forward-socks4 directive in configuration file.");
1225 /* allocate a new node */
1226 cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
1227 cur_fwd->type = SOCKS_4;
1229 /* Save the URL pattern */
1230 if (create_pattern_spec(cur_fwd->url, vec[0]))
1232 log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4 "
1233 "directive in configuration file.");
1234 string_append(&config->proxy_args,
1235 "<br>\nWARNING: Bad URL specifier for "
1236 "forward-socks4 directive in configuration file.");
1241 /* Parse the SOCKS proxy host[:port] */
1244 /* XXX: This check looks like a bug. */
1245 if (strcmp(p, ".") != 0)
1247 cur_fwd->gateway_port = 1080;
1248 parse_forwarder_address(p,
1249 &cur_fwd->gateway_host, &cur_fwd->gateway_port,
1253 /* Parse the parent HTTP proxy host[:port] */
1256 if (strcmp(p, ".") != 0)
1258 cur_fwd->forward_port = 8000;
1259 parse_forwarder_address(p,
1260 &cur_fwd->forward_host, &cur_fwd->forward_port,
1265 cur_fwd->next = config->forward;
1266 config->forward = cur_fwd;
1270 /* *************************************************************************
1271 * forward-socks4a url-pattern socks-proxy[:port] (.|http-proxy[:port])
1272 * *************************************************************************/
1273 case hash_forward_socks4a:
1274 case hash_forward_socks5:
1275 case hash_forward_socks5t:
1276 strlcpy(tmp, arg, sizeof(tmp));
1277 vec_count = ssplit(tmp, " \t", vec, SZ(vec));
1281 log_error(LOG_LEVEL_ERROR,
1282 "Wrong number of parameters for %s in configuration file.",
1284 string_append(&config->proxy_args,
1285 "<br>\nWARNING: Wrong number of parameters for ");
1286 string_append(&config->proxy_args, cmd);
1287 string_append(&config->proxy_args,
1288 "directive in configuration file.");
1292 /* allocate a new node */
1293 cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
1295 if (directive_hash == hash_forward_socks4a)
1297 cur_fwd->type = SOCKS_4A;
1299 else if (directive_hash == hash_forward_socks5)
1301 cur_fwd->type = SOCKS_5;
1305 assert(directive_hash == hash_forward_socks5t);
1306 cur_fwd->type = SOCKS_5T;
1309 /* Save the URL pattern */
1310 if (create_pattern_spec(cur_fwd->url, vec[0]))
1312 log_error(LOG_LEVEL_ERROR,
1313 "Bad URL specifier for %s in configuration file.",
1315 string_append(&config->proxy_args,
1316 "<br>\nWARNING: Bad URL specifier for ");
1317 string_append(&config->proxy_args, cmd);
1318 string_append(&config->proxy_args,
1319 "directive in configuration file.");
1324 /* Parse the SOCKS proxy [user:pass@]host[:port] */
1327 cur_fwd->gateway_port = 1080;
1328 parse_forwarder_address(p,
1329 &cur_fwd->gateway_host, &cur_fwd->gateway_port,
1330 &cur_fwd->auth_username, &cur_fwd->auth_password);
1332 /* Parse the parent HTTP proxy host[:port] */
1335 if (strcmp(p, ".") != 0)
1337 cur_fwd->forward_port = 8000;
1338 parse_forwarder_address(p,
1339 &cur_fwd->forward_host, &cur_fwd->forward_port,
1344 cur_fwd->next = config->forward;
1345 config->forward = cur_fwd;
1349 /* *************************************************************************
1350 * forwarded-connect-retries n
1351 * *************************************************************************/
1352 case hash_forwarded_connect_retries :
1353 config->forwarded_connect_retries = parse_numeric_value(cmd, arg);
1356 /* *************************************************************************
1357 * handle-as-empty-doc-returns-ok 0|1
1359 * Workaround for firefox hanging on blocked javascript pages.
1360 * Block with the "+handle-as-empty-document" flag and set the
1361 * "handle-as-empty-doc-returns-ok" run-time config flag so that
1362 * Privoxy returns a 200/OK status instead of a 403/Forbidden status
1363 * to the browser for blocked pages.
1364 ***************************************************************************/
1365 case hash_handle_as_empty_returns_ok:
1366 if (parse_toggle_state(cmd, arg) == 1)
1368 config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
1372 config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
1376 /* *************************************************************************
1377 * hostname hostname-to-show-on-cgi-pages
1378 * *************************************************************************/
1379 case hash_hostname :
1380 freez(config->hostname);
1381 config->hostname = strdup_or_die(arg);
1384 /* *************************************************************************
1385 * keep-alive-timeout timeout
1386 * *************************************************************************/
1387 #ifdef FEATURE_CONNECTION_KEEP_ALIVE
1388 case hash_keep_alive_timeout :
1390 int timeout = parse_numeric_value(cmd, arg);
1393 config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
1394 config->keep_alive_timeout = (unsigned int)timeout;
1398 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
1404 /* *************************************************************************
1405 * listen-address [ip][:port]
1406 * *************************************************************************/
1407 case hash_listen_address :
1409 while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i]))
1414 if (i >= MAX_LISTENING_SOCKETS)
1416 log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n"
1417 "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).",
1418 MAX_LISTENING_SOCKETS);
1420 config->haddr[i] = strdup_or_die(arg);
1423 /* *************************************************************************
1425 * *************************************************************************/
1426 case hash_listen_backlog :
1428 * We don't enfore an upper or lower limit because on
1429 * many platforms all values are valid and negative
1430 * number mean "use the highest value allowed".
1432 config->listen_backlog = parse_numeric_value(cmd, arg);
1435 /* *************************************************************************
1436 * logdir directory-name
1437 * *************************************************************************/
1439 freez(config->logdir);
1440 config->logdir = make_path(NULL, arg);
1443 /* *************************************************************************
1444 * logfile log-file-name
1445 * In logdir by default
1446 * *************************************************************************/
1450 logfile = make_path(config->logdir, arg);
1451 if (NULL == logfile)
1453 log_error(LOG_LEVEL_FATAL, "Out of memory while creating logfile path");
1458 /* *************************************************************************
1459 * max-client-connections number
1460 * *************************************************************************/
1461 case hash_max_client_connections :
1463 int max_client_connections = parse_numeric_value(cmd, arg);
1465 #if !defined(_WIN32) && !defined(HAVE_POLL)
1467 * Reject values below 1 for obvious reasons and values above
1468 * FD_SETSIZE/2 because Privoxy needs two sockets to serve
1469 * client connections that need forwarding.
1471 * We ignore the fact that the first three file descriptors
1472 * are usually set to /dev/null, one is used for logging
1473 * and yet another file descriptor is required to load
1476 if ((max_client_connections < 1) || (FD_SETSIZE/2 < max_client_connections))
1478 log_error(LOG_LEVEL_FATAL, "max-client-connections value %d"
1479 " is invalid. Value needs to be above 1 and below %d"
1480 " (FD_SETSIZE/2).", max_client_connections, FD_SETSIZE/2);
1484 * The Windows libc uses FD_SETSIZE for an array used
1485 * by select(), but has no problems with file descriptors
1486 * above the limit as long as no more than FD_SETSIZE are
1487 * passed to select().
1488 * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx
1490 * On platforms were we use poll() we don't have to enforce
1491 * an upper connection limit either.
1493 * XXX: Do OS/2 etc. belong here as well?
1495 if (max_client_connections < 1)
1497 log_error(LOG_LEVEL_FATAL, "max-client-connections value"
1498 " has to be a number above 1. %d is invalid.",
1499 max_client_connections);
1502 config->max_client_connections = max_client_connections;
1506 /* *************************************************************************
1507 * permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
1508 * *************************************************************************/
1510 case hash_permit_access:
1511 strlcpy(tmp, arg, sizeof(tmp));
1512 vec_count = ssplit(tmp, " \t", vec, SZ(vec));
1514 if ((vec_count != 1) && (vec_count != 2))
1516 log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
1517 "permit-access directive in configuration file.");
1518 string_append(&config->proxy_args,
1519 "<br>\nWARNING: Wrong number of parameters for "
1520 "permit-access directive in configuration file.<br><br>\n");
1525 /* allocate a new node */
1526 cur_acl = zalloc_or_die(sizeof(*cur_acl));
1527 cur_acl->action = ACL_PERMIT;
1529 if (acl_addr(vec[0], cur_acl->src) < 0)
1531 log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
1532 "for permit-access directive in configuration file: \"%s\"", vec[0]);
1533 string_append(&config->proxy_args,
1534 "<br>\nWARNING: Invalid source address, port or netmask for "
1535 "permit-access directive in configuration file: \"");
1536 string_append(&config->proxy_args,
1538 string_append(&config->proxy_args,
1545 if (acl_addr(vec[1], cur_acl->dst) < 0)
1547 log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
1548 "for permit-access directive in configuration file: \"%s\"", vec[1]);
1549 string_append(&config->proxy_args,
1550 "<br>\nWARNING: Invalid destination address, port or netmask for "
1551 "permit-access directive in configuration file: \"");
1552 string_append(&config->proxy_args,
1554 string_append(&config->proxy_args,
1563 cur_acl->wildcard_dst = 1;
1565 #endif /* def HAVE_RFC2553 */
1568 * Add it to the list. Note we reverse the list to get the
1569 * behaviour the user expects. With both the ACL and
1570 * actions file, the last match wins. However, the internal
1571 * implementations are different: The actions file is stored
1572 * in the same order as the file, and scanned completely.
1573 * With the ACL, we reverse the order as we load it, then
1574 * when we scan it we stop as soon as we get a match.
1576 cur_acl->next = config->acl;
1577 config->acl = cur_acl;
1580 #endif /* def FEATURE_ACL */
1582 /* *************************************************************************
1583 * proxy-info-url url
1584 * *************************************************************************/
1585 case hash_proxy_info_url :
1586 freez(config->proxy_info_url);
1587 config->proxy_info_url = strdup_or_die(arg);
1591 /* *************************************************************************
1592 * receive-buffer-size n
1593 * *************************************************************************/
1594 case hash_receive_buffer_size :
1595 config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg);
1596 if (config->receive_buffer_size < BUFFER_SIZE)
1598 log_error(LOG_LEVEL_INFO,
1599 "receive-buffer-size %d seems low and may cause problems."
1600 "Consider setting it to at least %d.",
1601 config->receive_buffer_size, BUFFER_SIZE);
1605 /* *************************************************************************
1606 * single-threaded 0|1
1607 * *************************************************************************/
1608 case hash_single_threaded :
1609 config->multi_threaded = 0 == parse_toggle_state(cmd, arg);
1612 /* *************************************************************************
1613 * socket-timeout numer_of_seconds
1614 * *************************************************************************/
1615 case hash_socket_timeout :
1617 int socket_timeout = parse_numeric_value(cmd, arg);
1618 if (0 <= socket_timeout)
1620 config->socket_timeout = socket_timeout;
1624 log_error(LOG_LEVEL_FATAL, "Invalid socket-timeout: '%s'", arg);
1629 /* *************************************************************************
1630 * split-large-cgi-forms
1631 * *************************************************************************/
1632 case hash_split_large_cgi_forms :
1633 if (parse_toggle_state(cmd, arg) == 1)
1635 config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
1639 config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
1643 /* *************************************************************************
1644 * templdir directory-name
1645 * *************************************************************************/
1646 case hash_templdir :
1647 freez(config->templdir);
1648 config->templdir = make_path(NULL, arg);
1651 #ifdef FEATURE_EXTERNAL_FILTERS
1652 /* *************************************************************************
1653 * temporary-directory directory-name
1654 * *************************************************************************/
1655 case hash_temporary_directory :
1656 freez(config->temporary_directory);
1657 config->temporary_directory = make_path(NULL, arg);
1661 /* *************************************************************************
1662 * tolerate-pipelining (0|1)
1663 * *************************************************************************/
1664 case hash_tolerate_pipelining :
1665 if (parse_toggle_state(cmd, arg) == 1)
1667 config->feature_flags |= RUNTIME_FEATURE_TOLERATE_PIPELINING;
1671 config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
1675 /* *************************************************************************
1677 * *************************************************************************/
1678 #ifdef FEATURE_TOGGLE
1680 global_toggle_state = parse_toggle_state(cmd, arg);
1682 #endif /* def FEATURE_TOGGLE */
1684 /* *************************************************************************
1685 * trust-info-url url
1686 * *************************************************************************/
1687 #ifdef FEATURE_TRUST
1688 case hash_trust_info_url :
1689 enlist(config->trust_info, arg);
1691 #endif /* def FEATURE_TRUST */
1693 /* *************************************************************************
1694 * trust-x-forwarded-for (0|1)
1695 * *************************************************************************/
1696 case hash_trust_x_forwarded_for :
1697 config->trust_x_forwarded_for = parse_toggle_state(cmd, arg);
1700 /* *************************************************************************
1701 * trusted-cgi-referrer http://www.example.org/some/path.html
1702 * *************************************************************************/
1703 case hash_trusted_cgi_referrer :
1705 * We don't validate the specified referrer as
1706 * it's only used for string comparison.
1708 freez(config->trusted_cgi_referrer);
1709 config->trusted_cgi_referrer = strdup_or_die(arg);
1712 /* *************************************************************************
1713 * trustfile filename
1714 * (In confdir by default.)
1715 * *************************************************************************/
1716 #ifdef FEATURE_TRUST
1717 case hash_trustfile :
1718 freez(config->trustfile);
1719 config->trustfile = make_path(config->confdir, arg);
1721 #endif /* def FEATURE_TRUST */
1723 /* *************************************************************************
1725 * *************************************************************************/
1726 case hash_usermanual :
1728 * XXX: If this isn't the first config directive, the
1729 * show-status page links to the website documentation
1730 * for the directives that were already parsed. Lame.
1732 freez(config->usermanual);
1733 config->usermanual = strdup_or_die(arg);
1736 #ifdef FEATURE_HTTPS_INSPECTION
1737 /* *************************************************************************
1738 * ca private key file password
1739 * *************************************************************************/
1740 case hash_ca_password:
1741 freez(config->ca_password);
1742 config->ca_password = strdup(arg);
1745 /* *************************************************************************
1746 * ca-directory directory
1747 * *************************************************************************/
1748 case hash_ca_directory:
1749 freez(ca_directory);
1750 ca_directory = make_path(NULL, arg);
1752 if (NULL == ca_directory)
1754 log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path");
1759 /* *************************************************************************
1760 * ca cert file ca-cert-file
1761 * In ca dir by default
1762 * *************************************************************************/
1763 case hash_ca_cert_file:
1764 freez(ca_cert_file);
1765 ca_cert_file = make_path(config->ca_directory, arg);
1767 if (NULL == ca_cert_file)
1769 log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path");
1774 /* *************************************************************************
1775 * ca key file ca-key-file
1776 * In ca dir by default
1777 * *************************************************************************/
1778 case hash_ca_key_file:
1780 ca_key_file = make_path(config->ca_directory, arg);
1782 if (NULL == ca_key_file)
1784 log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path");
1789 /* *************************************************************************
1790 * certificate-directory directory
1791 * *************************************************************************/
1792 case hash_certificate_directory:
1793 freez(certificate_directory);
1794 certificate_directory = make_path(NULL, arg);
1796 if (NULL == certificate_directory)
1798 log_error(LOG_LEVEL_FATAL,
1799 "Out of memory while creating certificate directory path");
1804 /* *************************************************************************
1805 * trusted CAs file name trusted-cas-file
1806 * *************************************************************************/
1807 case hash_trusted_cas_file:
1808 freez(trusted_cas_file);
1809 trusted_cas_file = make_path(config->ca_directory, arg);
1811 if (NULL == trusted_cas_file)
1813 log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path");
1819 /* *************************************************************************
1820 * Win32 Console options:
1821 * *************************************************************************/
1823 /* *************************************************************************
1825 * *************************************************************************/
1827 case hash_hide_console :
1830 #endif /*def _WIN_CONSOLE*/
1833 /* *************************************************************************
1834 * Win32 GUI options:
1835 * *************************************************************************/
1837 #if defined(_WIN32) && ! defined(_WIN_CONSOLE)
1838 /* *************************************************************************
1839 * activity-animation (0|1)
1840 * *************************************************************************/
1841 case hash_activity_animation :
1842 g_bShowActivityAnimation = parse_toggle_state(cmd, arg);
1845 /* *************************************************************************
1846 * close-button-minimizes (0|1)
1847 * *************************************************************************/
1848 case hash_close_button_minimizes :
1849 g_bCloseHidesWindow = parse_toggle_state(cmd, arg);
1852 /* *************************************************************************
1853 * log-buffer-size (0|1)
1854 * *************************************************************************/
1855 case hash_log_buffer_size :
1856 g_bLimitBufferSize = parse_toggle_state(cmd, arg);
1859 /* *************************************************************************
1860 * log-font-name fontname
1861 * *************************************************************************/
1862 case hash_log_font_name :
1863 if (strlcpy(g_szFontFaceName, arg,
1864 sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName))
1866 log_error(LOG_LEVEL_FATAL,
1867 "log-font-name argument '%s' is longer than %u characters.",
1868 arg, sizeof(g_szFontFaceName)-1);
1872 /* *************************************************************************
1874 * *************************************************************************/
1875 case hash_log_font_size :
1876 g_nFontSize = parse_numeric_value(cmd, arg);
1879 /* *************************************************************************
1880 * log-highlight-messages (0|1)
1881 * *************************************************************************/
1882 case hash_log_highlight_messages :
1883 g_bHighlightMessages = parse_toggle_state(cmd, arg);
1886 /* *************************************************************************
1888 * *************************************************************************/
1889 case hash_log_max_lines :
1890 g_nMaxBufferLines = parse_numeric_value(cmd, arg);
1893 /* *************************************************************************
1894 * log-messages (0|1)
1895 * *************************************************************************/
1896 case hash_log_messages :
1897 g_bLogMessages = parse_toggle_state(cmd, arg);
1900 /* *************************************************************************
1901 * show-on-task-bar (0|1)
1902 * *************************************************************************/
1903 case hash_show_on_task_bar :
1904 g_bShowOnTaskBar = parse_toggle_state(cmd, arg);
1907 #endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */
1910 /* *************************************************************************
1911 * Warnings about unsupported features
1912 * *************************************************************************/
1914 case hash_deny_access:
1915 #endif /* ndef FEATURE_ACL */
1916 #ifndef FEATURE_CGI_EDIT_ACTIONS
1917 case hash_enable_edit_actions:
1918 #endif /* ndef FEATURE_CGI_EDIT_ACTIONS */
1919 #ifndef FEATURE_TOGGLE
1920 case hash_enable_remote_toggle:
1921 #endif /* ndef FEATURE_TOGGLE */
1923 case hash_permit_access:
1924 #endif /* ndef FEATURE_ACL */
1925 #ifndef FEATURE_TOGGLE
1927 #endif /* ndef FEATURE_TOGGLE */
1928 #ifndef FEATURE_TRUST
1929 case hash_trustfile :
1930 case hash_trust_info_url :
1931 #endif /* ndef FEATURE_TRUST */
1933 #ifndef _WIN_CONSOLE
1934 case hash_hide_console :
1935 #endif /* ndef _WIN_CONSOLE */
1937 #if defined(_WIN_CONSOLE) || ! defined(_WIN32)
1938 case hash_activity_animation :
1939 case hash_close_button_minimizes :
1940 case hash_log_buffer_size :
1941 case hash_log_font_name :
1942 case hash_log_font_size :
1943 case hash_log_highlight_messages :
1944 case hash_log_max_lines :
1945 case hash_log_messages :
1946 case hash_show_on_task_bar :
1947 #endif /* defined(_WIN_CONSOLE) || ! defined(_WIN32) */
1948 /* These warnings are annoying - so hide them. -- Jon */
1949 /* log_error(LOG_LEVEL_INFO, "Unsupported directive \"%s\" ignored.", cmd); */
1952 /* *************************************************************************/
1954 /* *************************************************************************/
1956 * I decided that I liked this better as a warning than an
1957 * error. To change back to an error, just change log level
1958 * to LOG_LEVEL_FATAL.
1960 log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive "
1961 "'%s' (%uU) in line %lu in configuration file (%s).",
1962 buf, directive_hash, linenum, configfile);
1963 string_append(&config->proxy_args,
1964 " <strong class='warning'>Warning: Ignoring unrecognized directive:</strong>");
1967 /* *************************************************************************/
1968 } /* end switch(hash_string(cmd)) */
1970 /* Save the argument for the show-status page. */
1971 savearg(cmd, arg, config);
1973 } /* end while (read_config_line(...)) */
1977 set_debug_level(config->debug);
1979 freez(config->logfile);
1983 if (NULL != logfile)
1985 config->logfile = logfile;
1986 init_error_log(Argv[0], config->logfile);
1994 #ifdef FEATURE_HTTPS_INSPECTION
1996 * Setting SSL parameters from loaded values into structures
1998 freez(config->ca_directory);
1999 config->ca_directory = make_path(NULL, ca_directory);
2000 freez(ca_directory);
2002 freez(config->ca_cert_file);
2003 config->ca_cert_file = make_path(config->ca_directory, ca_cert_file);
2004 freez(ca_cert_file);
2006 freez(config->ca_key_file);
2007 config->ca_key_file = make_path(config->ca_directory, ca_key_file);
2010 freez(config->trusted_cas_file);
2011 config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file);
2012 freez(trusted_cas_file);
2014 freez(config->certificate_directory);
2015 config->certificate_directory = make_path(NULL, certificate_directory);
2016 freez(certificate_directory);
2018 #ifdef FEATURE_CONNECTION_KEEP_ALIVE
2019 if (config->default_server_timeout > config->keep_alive_timeout)
2021 log_error(LOG_LEVEL_ERROR,
2022 "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.",
2023 config->default_server_timeout, config->keep_alive_timeout);
2024 config->default_server_timeout = config->keep_alive_timeout;
2026 #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
2028 #ifdef FEATURE_CONNECTION_SHARING
2029 if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE)
2031 if (!config->multi_threaded)
2034 * While we could use keep-alive without multiple threads
2035 * if we didn't bother with enforcing the connection timeout,
2036 * that might make Tor users sad, even though they shouldn't
2037 * enable the single-threaded option anyway.
2039 * XXX: We could still use Proxy-Connection: keep-alive.
2041 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
2042 log_error(LOG_LEVEL_ERROR,
2043 "Config option single-threaded disables connection keep-alive.");
2046 else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING))
2048 log_error(LOG_LEVEL_ERROR, "Config option connection-sharing "
2049 "has no effect if keep-alive-timeout isn't set.");
2050 config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
2052 #endif /* def FEATURE_CONNECTION_SHARING */
2054 if (NULL == config->proxy_args)
2056 log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args");
2059 if (config->re_filterfile[0])
2061 add_loader(load_re_filterfiles, config);
2064 if (config->actions_file[0])
2066 add_loader(load_action_files, config);
2069 #ifdef FEATURE_TRUST
2070 if (config->trustfile)
2072 add_loader(load_trustfile, config);
2074 #endif /* def FEATURE_TRUST */
2076 if (NULL == config->haddr[0])
2078 config->haddr[0] = strdup_or_die(HADDR_DEFAULT);
2081 for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++)
2083 if ((*config->haddr[i] == '[')
2084 && (NULL != (p = strchr(config->haddr[i], ']')))
2086 && (0 < (config->hport[i] = atoi(p + 2))))
2089 memmove((void *)config->haddr[i], config->haddr[i] + 1,
2090 (size_t)(p - config->haddr[i]));
2092 else if (NULL != (p = strchr(config->haddr[i], ':'))
2093 && (0 < (config->hport[i] = atoi(p + 1))))
2099 log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]);
2100 /* Never get here - LOG_LEVEL_FATAL causes program exit */
2102 if (*config->haddr[i] == '\0')
2105 * Only the port specified. We stored it in config->hport[i]
2106 * and don't need its text representation anymore.
2107 * Use config->hport[i] == 0 to iterate listening addresses since
2110 freez(config->haddr[i]);
2115 * Want to run all the loaders once now.
2117 * Need to set up a fake csp, so they can get to the config.
2119 fake_csp = zalloc_or_die(sizeof(*fake_csp));
2120 fake_csp->config = config;
2122 if (run_loader(fake_csp))
2125 log_error(LOG_LEVEL_FATAL, "A loader failed while loading config file. Exiting.");
2126 /* Never get here - LOG_LEVEL_FATAL causes program exit */
2130 /* FIXME: this is a kludge for win32 */
2131 #if defined(_WIN32) && !defined (_WIN_CONSOLE)
2133 g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */
2134 g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */
2135 g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */
2136 g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */
2138 #ifdef FEATURE_TRUST
2139 g_trustfile = config->trustfile;
2140 #endif /* def FEATURE_TRUST */
2143 #endif /* defined(_WIN32) && !defined (_WIN_CONSOLE) */
2144 /* FIXME: end kludge */
2147 if (current_configfile == NULL)
2149 config->need_bind = 1;
2153 struct configuration_spec * oldcfg = (struct configuration_spec *)
2154 current_configfile->f;
2156 * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i]
2158 config->need_bind = 0;
2160 for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
2162 if (config->hport[i] != oldcfg->hport[i])
2164 config->need_bind = 1;
2166 else if (config->haddr[i] == NULL)
2168 if (oldcfg->haddr[i] != NULL)
2170 config->need_bind = 1;
2173 else if (oldcfg->haddr[i] == NULL)
2175 config->need_bind = 1;
2177 else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i]))
2179 config->need_bind = 1;
2183 current_configfile->unloader = unload_configfile;
2186 fs->next = files->next;
2189 current_configfile = fs;
2195 /*********************************************************************
2197 * Function : savearg
2199 * Description : Called from `load_config'. It saves each non-empty
2200 * and non-comment line from config into
2201 * config->proxy_args. This is used to create the
2202 * show-status page. On error, frees
2203 * config->proxy_args and sets it to NULL
2206 * 1 : command = config setting that was found
2207 * 2 : argument = the setting's argument (if any)
2208 * 3 : config = Configuration to save into.
2212 *********************************************************************/
2213 static void savearg(char *command, char *argument, struct configuration_spec * config)
2222 * Add config option name embedded in
2223 * link to its section in the user-manual
2225 buf = strdup_or_die("\n<a href=\"");
2226 if (!strncmpic(config->usermanual, "file://", 7) ||
2227 !strncmpic(config->usermanual, "http", 4))
2229 string_append(&buf, config->usermanual);
2233 string_append(&buf, "http://" CGI_SITE_2_HOST "/user-manual/");
2235 string_append(&buf, CONFIG_HELP_PREFIX);
2236 string_join (&buf, string_toupper(command));
2237 string_append(&buf, "\">");
2238 string_append(&buf, command);
2239 string_append(&buf, "</a> ");
2243 freez(config->proxy_args);
2247 if ((NULL != argument) && ('\0' != *argument))
2249 s = html_encode(argument);
2253 freez(config->proxy_args);
2257 if (strncmpic(argument, "http://", 7) == 0)
2259 string_append(&buf, "<a href=\"");
2260 string_append(&buf, s);
2261 string_append(&buf, "\">");
2262 string_join (&buf, s);
2263 string_append(&buf, "</a>");
2267 string_join (&buf, s);
2271 string_append(&buf, "<br>");
2272 string_join(&config->proxy_args, buf);