Commit Graph

302 Commits

Author SHA1 Message Date
Nick Mathewson
5a66de7015 Initial work to set CLOEXEC on all possible fds
Still to go: some pipes, all stdio files.
2010-11-20 00:58:40 -05:00
Nick Mathewson
73d93c033d Autodetect the number of CPUs when possible if NumCPUs==0
This is needed for IOCP, since telling the IOCP backend about all
your CPUs is a good idea.  It'll also come in handy with asn's
multithreaded crypto stuff, and for people who run servers without
reading the manual.
2010-09-28 14:42:21 -04:00
Nick Mathewson
c0c7868250 Make the windows build succeed with or without -DUNICODE enabled.
This should keep WinCE working (unicode always-on) and get Win98
working again (unicode never-on).

There are two places where we explicitly use ASCII-only APIs, still:
in ntmain.c and in the unit tests.

This patch also fixes a bug in windoes tor_listdir that would cause
the first file to be listed an arbitrary number of times that was
also introduced with WinCE support.

Should fix bug 1797.
2010-08-20 13:40:01 -04:00
Nick Mathewson
51377ae1bb Merge commit 'sebastian/mlockall' 2010-08-03 10:50:18 -04:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
Nick Mathewson
312f4ee410 Make pointer types correct in WinCE patch 2010-05-24 12:30:19 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
valerino
8d31141ccb Port Tor to work on Windows CE
Most of the changes here are switches to use APIs available on Windows
CE.  The most pervasive change is that Windows CE only provides the
wide-character ("FooW") variants of most of the windows function, and
doesn't support the older ASCII verions at all.

This patch will require use of the wcecompat library to get working
versions of the posix-style fd-based file IO functions.

[commit message by nickm]
2010-05-24 11:46:45 -04:00
Nick Mathewson
af9dd4af02 Fix two compile-blockers in tor_vasprintf().
1) mingw doesn't have _vscprintf(); mingw instead has a working snprintf.

2) windows compilers that _do_ have a working _vscprintf spell it so; they do
   not spell it _vcsprintf().
2010-04-19 16:37:26 -04:00
Nick Mathewson
927425150b Merge branch 'asprintf' 2010-04-02 12:30:46 -04:00
Nick Mathewson
897b0ebbac better handle the case where *strp is in asprintf args 2010-02-28 21:46:46 -05:00
Sebastian Hahn
4aa56cbd2d Remove the request for current memlock limits
The getrlimit call didn't have any effect. Also make some logging
less verbose on default log level, and refactor a bit.
2010-02-28 14:48:47 +01:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Nick Mathewson
6fa8dacb97 Add a tor_asprintf() function, and use it in a couple of places.
asprintf() is a GNU extension that some BSDs have picked up: it does a printf
into a newly allocated chunk of RAM.

Our tor_asprintf() differs from standard asprintf() in that:
  - Like our other malloc functions, it asserts on OOM.
  - It works on windows.
  - It always sets its return-field.
2010-02-25 16:09:10 -05:00
Mike Perry
f4d6315afa Remove misc unnecessary newlines found by new check. 2010-02-22 16:52:11 -08:00
Nick Mathewson
79bdfb63e9 Remove the --enable-iphone option as needless.
On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
2010-02-12 23:06:05 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Sebastian Hahn
4728bd904f Fix build on Solaris by disabling support for DisableAllSwap
Fixes bug 1198. Solaris doesn't have RLIMIT_MEMLOCK for get/setrlimit,
so disable support because we don't know if all memory can be locked.
2010-01-19 05:04:50 +01:00
Roger Dingledine
356c927476 don't list windows capabilities in windows uname
we never used them, and maybe it's a bad idea to publish them
2010-01-15 15:56:53 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Nick Mathewson
2b1bb233b3 Use the same mlockall checks with tor_set_max_memlock 2009-11-20 14:45:29 -05:00
Nick Mathewson
444eff6286 Fix compilation on OSX 10.3.
On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'.  This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.

This patch adds an additional test for the declaration.
2009-11-20 13:28:16 -05:00
Jacob Appelbaum
6f1fe7e941 Fix compilation with with bionic libc.
This fixes bug 1147:

 bionic doesn't have an actual implementation of mlockall();
 mlockall() is merely in the headers but not actually in the library.
 This prevents Tor compilation with the bionic libc for Android handsets.
2009-11-14 16:45:14 -05:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Sebastian Hahn
5e01a86b42 some cleanups:
documentation fix for get_uint64
remove extra "." from a log line
fix a long line
2009-09-15 07:12:12 -04:00
Nick Mathewson
3886467f38 Add a new tor_strtok_r for platforms that don't have one, plus tests.
I don't think we actually use (or plan to use) strtok_r in a reentrant
way anywhere in our code, but would be nice not to have to think about
whether we're doing it.
2009-08-09 17:30:15 -07:00
Nick Mathewson
fd992deeea Don't attempt to log messages to a controller from a worker thread.
This patch adds a function to determine whether we're in the main
thread, and changes control_event_logmsg() to return immediately if
we're in a subthread.  This is necessary because otherwise we will
call connection_write_to_buf, which modifies non-locked data
structures.

Bugfix on 0.2.0.x; fix for at least one of the things currently
called "bug 977".
2009-05-30 18:16:24 -04:00
Nick Mathewson
ec7e054668 Spell-check Tor. 2009-05-27 17:55:51 -04:00
Nick Mathewson
c36efb0c45 Use a mutex to protect the count of open sockets.
This matters because a cpuworker can close its socket when it
finishes.  Cpuworker typically runs in another thread, so without a
lock here, we can have a race condition and get confused about how
many sockets are open.  Possible fix for bug 939.
2009-05-13 09:38:48 -04:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Nick Mathewson
cbbc0c9c86 Actually use tor_sscanf() to parse untrusted input.
svn:r18761
2009-03-03 18:02:36 +00:00
Nick Mathewson
9f8d095e0f Add and use set/get_uint64 on onion tags. [bug 604; backportable]
It seems that 64-bit Sparc Solaris demands 64-bit-aligned access to
uint64_t, but does not 64-bit-align the stack-allocated char array we
use for cpuworker tags.  So this patch adds a set/get_uint64 pair, and
uses them to access the conn_id field in the tag.

svn:r18743
2009-03-02 19:15:05 +00:00
Nick Mathewson
f99098cca4 Use prctl to reenable core dumps when we have setuid to a non-root user.
svn:r18449
2009-02-09 15:20:17 +00:00
Nick Mathewson
fe987d3a17 Remove some deadcode and use tor_inet_aton uniformly.
svn:r18422
2009-02-09 03:13:05 +00:00
Nick Mathewson
3f8ab367c1 Fix warning on panther compile, and bug 913. Backport candidate.
svn:r18203
2009-01-21 03:51:14 +00:00
Nick Mathewson
a87980c2eb Add a better (non-locale-having) ctypes implementation to avoid protocol and parsing mismatches on different platforms.
svn:r18189
2009-01-20 21:33:56 +00:00
Nick Mathewson
9c94b428d9 Fix the oldest bug in a while: stop accepting 1.2.3 as a valid IPv4 address on any platform.
svn:r17887
2009-01-04 19:47:17 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
52932d6f1a Remove some code that is #ifdefed out, and that we no longer seem to use, if we ever did.
svn:r17827
2008-12-30 04:16:49 +00:00
Nick Mathewson
b4d387c28b Make freelist_len in memarea.c static; document a few variables.
svn:r17741
2008-12-22 19:14:08 +00:00
Nick Mathewson
b68379b13b Add DOCDOC entries for undocumented static and global variables.
svn:r17739
2008-12-22 19:00:05 +00:00
Nick Mathewson
1e5f457461 Fix most DOCDOCs remaining and/or added by redox.
svn:r17734
2008-12-22 17:53:04 +00:00
Nick Mathewson
1725c0c8a5 Add DOCDOC comments for all undocumented functions. Add missing *s to other comments so that they will get recognized as doxygen.
svn:r17729
2008-12-22 14:56:28 +00:00
Nick Mathewson
98066d62bc Lower sprintf buffer max to ~SSIZE_T_MAX from SIZE_T_CEILING, since we need to compare it to a signed int.
svn:r17600
2008-12-11 21:11:22 +00:00
Nick Mathewson
d60d8976b9 Better error message when told to setuid to ourself.
svn:r17543
2008-12-09 23:26:12 +00:00
Nick Mathewson
07c8b2be21 Compile without warnings on mingw.
svn:r17522
2008-12-08 19:52:26 +00:00
Nick Mathewson
6fb06f334a Try to fix windows mmap code.
svn:r17493
2008-12-05 19:36:35 +00:00
Nick Mathewson
7f793fa733 Simplify mmap object layout to avoid confusing static analysis tools, and us too.
svn:r17490
2008-12-05 02:17:41 +00:00
Nick Mathewson
2be5215181 Fix a hard-to-trigger memory leak in log_credential status. Found by Coverity scan. CID 349.
svn:r17484
2008-12-05 01:29:59 +00:00
Roger Dingledine
96a185d9b7 style cleanup
svn:r17457
2008-12-02 23:42:21 +00:00
Nick Mathewson
6221bdd294 Add two lseek wrappers to compat.[ch]: one to return current fd position, and one to move the fd to the end of the file.
svn:r17454
2008-12-02 23:26:04 +00:00
Nick Mathewson
4cddcf8873 Cast uid_t and gid_t to unsigned before passing to printf %u.
svn:r17392
2008-11-26 16:13:12 +00:00
Nick Mathewson
bc597758dc Use fcntl for file locking when flock() is not available.
svn:r17391
2008-11-26 16:10:56 +00:00
Nick Mathewson
a95e0e7355 apply sebastian's fix for bug 859. Apparently on win32 one must lock at least one byte when locking, but locking a nonexistant byte is okay. )
svn:r17244
2008-11-11 15:29:40 +00:00
Nick Mathewson
6c50ab6e61 Document a couple of functions.
svn:r17239
2008-11-10 20:40:01 +00:00
Roger Dingledine
c62d5f6a5c beg nick for some documentation on the locking functions
svn:r17233
2008-11-10 00:48:13 +00:00
Roger Dingledine
0554e87f58 better error message when you set User but start tor as non-root.
hopefully will address bug 857.


svn:r17232
2008-11-10 00:41:07 +00:00
Nick Mathewson
13e079f9ec Log a little more when credential-switching fails.
svn:r17228
2008-11-09 16:54:54 +00:00
Roger Dingledine
b32e600d50 while we're cleaning code, get rid of some unreachable code at
the bottom of switch_id


svn:r17205
2008-11-07 04:35:41 +00:00
Roger Dingledine
14773f42a7 now that we drop privs more thoroughly, switch_id() is no longer
idempotent. so now we remember if we've succeeded, and if so we
don't even try.


svn:r17204
2008-11-07 04:34:47 +00:00
Roger Dingledine
7c65792500 remove more redundant code from r17200
svn:r17203
2008-11-07 04:11:03 +00:00
Nick Mathewson
1b98f45b3d Developers should usually configure with --enable-gcc-warnings, and should regularly make check-spaces. Also, int fn() does not mean the same in C as it does in C++ or Java.
svn:r17201
2008-11-07 02:53:46 +00:00
Steven Murdoch
9d68ed08e9 Patch from Jacob Appelbaum and me to make User option more robust, properly set supplementary groups, deprecated the Group option, and log more information on credential switching
svn:r17200
2008-11-07 02:06:12 +00:00
Nick Mathewson
c33dde4ac1 Fix mingw build with --enable-gcc-warnings set.
svn:r16759
2008-09-04 21:58:09 +00:00
Roger Dingledine
9f823f54d5 remove some redundant includes. i expect the first one to be a problem
for tas, but who knows.


svn:r16723
2008-09-01 21:16:07 +00:00
Nick Mathewson
f80ac31d74 Add a lockfile to the Tor data directory to avoid situations where two Tors start with the same datadir, or where a --list-fingerprints races with a server to create keys, or such.
svn:r16722
2008-09-01 20:06:26 +00:00
Nick Mathewson
88e6162649 r17848@tombo: nickm | 2008-08-22 12:10:11 -0400
Make definition of tor_mutex_t go into compat.h, so that it is possible to inline mutexes in critical objects.  Add init/uninit functions for mutexes allocated inside other structs.


svn:r16623
2008-08-22 16:24:52 +00:00
Nick Mathewson
9da0482007 r17358@pc-10-8-1-079: nickm | 2008-07-25 16:41:03 +0200
Split out the address manipulation functions from compat and util: they were about 21% of the total of those, and spread out too much.


svn:r16208
2008-07-25 14:43:24 +00:00
Nick Mathewson
3ce6e2fba2 r17346@aud-055: nickm | 2008-07-24 15:37:19 +0200
Make generic address manipulation functions work better.  Switch address policy code to use tor_addr_t, so it can handle IPv6.  That is a good place to start.


svn:r16178
2008-07-24 13:44:04 +00:00
Nick Mathewson
09cd8fa371 r19795@catbus: nickm | 2008-05-16 14:54:24 -0400
Rename tor_addr_t manipulation functions for a consistent style.


svn:r14639
2008-05-16 19:19:49 +00:00
Nick Mathewson
05b184de01 r15304@tombo: nickm | 2008-04-23 16:31:40 -0400
Forward-port: I had apparently broken OSX and Freebsd by not initializing threading before we initialize the logging system.  This patch should do so, and fix bug 671.


svn:r14430
2008-04-23 20:32:31 +00:00
Nick Mathewson
299014b2c7 r15251@tombo: nickm | 2008-04-22 11:59:46 -0400
On platforms using pthreads, allow a thread to acquire a lock it already holds.  This is crucial for logging: otherwise any log message thrown from inside the logging process (especially from control.c) will deadlock.  Win32 CriticalSections are already recursive.  Bug spotted by nwf.  Bugfix on 0.2.0.16-alpha.  Backport candidate. I hope this is portable.


svn:r14406
2008-04-22 15:59:59 +00:00
Nick Mathewson
199d65d059 r18927@catbus: nickm | 2008-03-18 11:11:49 -0400
Combine common code in set_max_file_descriptors(): all that varies from platform to platform in the no-getrlimit() case is the connection limit and the platform name.


svn:r14101
2008-03-18 15:11:52 +00:00
Nick Mathewson
fba2599680 r18923@catbus: nickm | 2008-03-18 11:01:22 -0400
Add missing typecasts to log message  in set_max_file_descriptors to tell gcc everything is okay on windows.  Fixes bug 630.


svn:r14099
2008-03-18 15:01:36 +00:00
Nick Mathewson
031c212776 r18360@catbus: nickm | 2008-02-21 22:26:32 -0500
Make torint.h define ssize_t more robustly; add spaces to last patch


svn:r13670
2008-02-22 03:26:35 +00:00
Nick Mathewson
688b7ddf83 r18358@catbus: nickm | 2008-02-21 22:21:57 -0500
Remove extraneous commas in compat.c


svn:r13669
2008-02-22 03:23:20 +00:00
Nick Mathewson
69300eb606 r14374@tombo: nickm | 2008-02-21 16:57:39 -0500
Fix all remaining shorten-64-to-32 errors in src/common.  Some were genuine problems.  Many were compatibility errors with libraries (openssl, zlib) that like predate size_t.  Partial backport candidate.


svn:r13665
2008-02-21 21:57:47 +00:00
Nick Mathewson
daefbfe691 r14371@tombo: nickm | 2008-02-21 16:13:18 -0500
Fix all -Wshorten-64-to-32 warnings that appear on my macbook.


svn:r13662
2008-02-21 21:15:31 +00:00
Nick Mathewson
1df0647c66 r18291@catbus: nickm | 2008-02-20 22:35:32 -0500
Resolve all DOCDOC issues, and document some other undocumented code, and fix a changelog entry.


svn:r13638
2008-02-21 03:38:46 +00:00
Nick Mathewson
93aa335516 r18269@catbus: nickm | 2008-02-20 17:28:24 -0500
Apply patch from Sebastian Hahn: stop imposing an arbitrary maximum on the number of file descriptors used for busy servers.  Bug reported by Olaf Selke.


svn:r13626
2008-02-20 22:28:26 +00:00
Nick Mathewson
0399538b90 r18233@catbus: nickm | 2008-02-19 18:46:07 -0500
Count sockets returned from socketpair() too.  This is probably not the socket counting bug.


svn:r13600
2008-02-19 23:46:08 +00:00
Nick Mathewson
9479dd3768 r18226@catbus: nickm | 2008-02-19 18:01:01 -0500
Brown-paper-bag time.  We were failing to count all the sockets from accept().


svn:r13595
2008-02-19 23:01:07 +00:00
Nick Mathewson
632c035ad9 r18221@catbus: nickm | 2008-02-19 17:46:16 -0500
New debugging code to figure out what is happending with socket counts.


svn:r13593
2008-02-19 22:46:19 +00:00
Roger Dingledine
d61835a4ba clean up the socket counting thing. third time's a charm.
svn:r13581
2008-02-19 19:48:07 +00:00
Nick Mathewson
f4dc006fb5 r18198@catbus: nickm | 2008-02-19 14:30:30 -0500
Try to *fix* the socket counting problem, and add an info log to detect whether we really fixed it


svn:r13580
2008-02-19 19:30:41 +00:00
Roger Dingledine
ab4d3888e4 hunt for killerchicken's socket counting problem
svn:r13578
2008-02-19 19:27:55 +00:00
Roger Dingledine
740097a65e We were leaking a file descriptor if Tor started with a zero-length
cached-descriptors file. Patch by freddy77; bugfix on 0.1.2.


svn:r13488
2008-02-13 07:23:37 +00:00
Roger Dingledine
f882a2fc5e tweak
svn:r13443
2008-02-09 10:45:49 +00:00
Nick Mathewson
842a33ff20 Update some copyright notices: it is now 2008.
svn:r13412
2008-02-07 05:31:47 +00:00
Nick Mathewson
ac69319d3f r17899@catbus: nickm | 2008-02-05 14:14:06 -0500
Fix a couple of XXX020 items. Also, disable all "condition" sychronization code, since Tor does not use it yet


svn:r13380
2008-02-05 19:40:19 +00:00
Roger Dingledine
1d8a8063b9 clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
svn:r12786
2007-12-12 21:09:01 +00:00
Nick Mathewson
593ab7e808 r15106@tombo: nickm | 2007-12-04 00:08:35 -0500
Change tor_addr_t to be a tagged union of in_addr and in6_addr, not of sockaddr_in and sockaddr_in6.  It's hardly used in the main code as it is, but let's get it right before it gets popular.


svn:r12660
2007-12-04 05:19:56 +00:00
Nick Mathewson
512d3b161c r16450@catbus: nickm | 2007-11-06 09:18:11 -0500
Fix compile on sparc64


svn:r12394
2007-11-06 14:19:14 +00:00
Nick Mathewson
3a6287615b r16367@catbus: nickm | 2007-11-02 13:13:15 -0400
Space fixes.


svn:r12345
2007-11-02 17:16:34 +00:00
Nick Mathewson
dfc689bda2 r14652@tombo: nickm | 2007-11-02 12:02:13 -0400
If setting our rlimit to rlim_max or cap fails, fall back to OPEN_FILES if defiled.  This makes Tor run on OSX 10.5, while allowing OSX to mend its ways in the future.


svn:r12341
2007-11-02 16:02:26 +00:00
Nick Mathewson
e76581f97e r14647@tombo: nickm | 2007-11-02 10:48:37 -0400
Use rlim_t instead of unsigned long to manipulate rlimit values.


svn:r12339
2007-11-02 14:50:37 +00:00
Nick Mathewson
4750c46aea r16128@catbus: nickm | 2007-10-24 22:52:16 -0400
Fix windows mmap changes.


svn:r12171
2007-10-25 02:53:24 +00:00
Nick Mathewson
99d72f7295 r16100@catbus: nickm | 2007-10-24 11:33:52 -0400
Make tor_mmap_file() set and preserve errno in a useful way.


svn:r12153
2007-10-24 15:45:42 +00:00
Nick Mathewson
1f244d3943 r14639@catbus: nickm | 2007-08-17 17:45:28 -0400
Compile without warnings on MinGW, even with --enable-gcc-warnings enabled.


svn:r11157
2007-08-17 21:46:34 +00:00