test_options.c (149326B)
1 /* Copyright (c) 2001-2004, Roger Dingledine. 2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. 3 * Copyright (c) 2007-2021, The Tor Project, Inc. */ 4 /* See LICENSE for licensing information */ 5 6 #define CONFIG_PRIVATE 7 #define RELAY_CONFIG_PRIVATE 8 #define LOG_PRIVATE 9 #define ROUTERSET_PRIVATE 10 #include "core/or/or.h" 11 #include "lib/confmgt/confmgt.h" 12 #include "app/config/config.h" 13 #include "feature/dirauth/dirauth_config.h" 14 #include "feature/dirauth/dirauth_options_st.h" 15 #include "feature/dirauth/dirauth_sys.h" 16 #include "feature/relay/relay_config.h" 17 #include "test/test.h" 18 #include "lib/geoip/geoip.h" 19 20 #include "feature/nodelist/routerset.h" 21 #include "core/mainloop/mainloop.h" 22 #include "app/main/subsysmgr.h" 23 #include "test/log_test_helpers.h" 24 #include "test/resolve_test_helpers.h" 25 #include "lib/crypt_ops/crypto_options_st.h" 26 #include "lib/crypt_ops/crypto_sys.h" 27 28 #include "lib/sandbox/sandbox.h" 29 #include "lib/memarea/memarea.h" 30 #include "lib/osinfo/uname.h" 31 #include "lib/encoding/confline.h" 32 #include "core/or/policies.h" 33 #include "test/test_helpers.h" 34 #include "test/opts_test_helpers.h" 35 #include "lib/net/resolve.h" 36 37 #ifdef HAVE_SYS_PARAM_H 38 #include <sys/param.h> 39 #endif 40 41 typedef struct { 42 int severity; 43 log_domain_mask_t domain; 44 char *msg; 45 } logmsg_t; 46 47 static smartlist_t *messages = NULL; 48 49 static void 50 log_cback(int severity, log_domain_mask_t domain, const char *msg) 51 { 52 logmsg_t *x = tor_malloc(sizeof(*x)); 53 x->severity = severity; 54 x->domain = domain; 55 x->msg = tor_strdup(msg); 56 if (!messages) 57 messages = smartlist_new(); 58 smartlist_add(messages, x); 59 } 60 61 static void 62 setup_log_callback(void) 63 { 64 log_severity_list_t lst; 65 memset(&lst, 0, sizeof(lst)); 66 lst.masks[SEVERITY_MASK_IDX(LOG_ERR)] = LD_ALL_DOMAINS; 67 lst.masks[SEVERITY_MASK_IDX(LOG_WARN)] = LD_ALL_DOMAINS; 68 lst.masks[SEVERITY_MASK_IDX(LOG_NOTICE)] = LD_ALL_DOMAINS; 69 add_callback_log(&lst, log_cback); 70 mark_logs_temp(); 71 } 72 73 static char * 74 dump_logs(void) 75 { 76 smartlist_t *msgs; 77 char *out; 78 if (! messages) 79 return tor_strdup(""); 80 msgs = smartlist_new(); 81 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, x) { 82 smartlist_add_asprintf(msgs, "[%s] %s", 83 log_level_to_string(x->severity), x->msg); 84 } SMARTLIST_FOREACH_END(x); 85 out = smartlist_join_strings(msgs, "", 0, NULL); 86 SMARTLIST_FOREACH(msgs, char *, cp, tor_free(cp)); 87 smartlist_free(msgs); 88 return out; 89 } 90 91 static void 92 clear_log_messages(void) 93 { 94 if (!messages) 95 return; 96 SMARTLIST_FOREACH(messages, logmsg_t *, m, 97 { tor_free(m->msg); tor_free(m); }); 98 smartlist_free(messages); 99 messages = NULL; 100 } 101 102 #define setup_options(opt) \ 103 do { \ 104 opt = options_new(); \ 105 opt->command = CMD_RUN_TOR; \ 106 options_init(opt); \ 107 } while (0) 108 109 #ifdef COCCI 110 111 #define ENABLE_AUTHORITY_MIN "" 112 #define ENABLE_AUTHORITY_V3_MIN "" 113 #define ENABLE_AUTHORITY_BRIDGE_MIN "" 114 #define AUTHORITY_OPT_REQ_ "" 115 #define ENABLE_AUTHORITY "" 116 #define ENABLE_AUTHORITY_V3 "" 117 #define ENABLE_AUTHORITY_BRIDGE "" 118 119 #else /* !defined(COCCI) */ 120 121 #define ENABLE_AUTHORITY_MIN \ 122 "AuthoritativeDirectory 1\n" 123 124 #define ENABLE_AUTHORITY_V3_MIN \ 125 ENABLE_AUTHORITY_MIN \ 126 "V3AuthoritativeDir 1\n" 127 128 #define ENABLE_AUTHORITY_BRIDGE_MIN \ 129 ENABLE_AUTHORITY_MIN \ 130 "BridgeAuthoritativeDir 1\n" 131 132 #define AUTHORITY_OPT_REQ_ \ 133 "Address 192.0.2.111\n" \ 134 "ContactInfo a@example.org\n" \ 135 "DirPort 1025\n" \ 136 "ORPort 1026\n" 137 138 /* Not actually valid: requires v3 / bridge */ 139 #define ENABLE_AUTHORITY \ 140 ENABLE_AUTHORITY_MIN \ 141 AUTHORITY_OPT_REQ_ 142 143 #define ENABLE_AUTHORITY_V3 \ 144 ENABLE_AUTHORITY_V3_MIN \ 145 AUTHORITY_OPT_REQ_ 146 147 #define ENABLE_AUTHORITY_BRIDGE \ 148 ENABLE_AUTHORITY_BRIDGE_MIN \ 149 AUTHORITY_OPT_REQ_ 150 151 #endif /* defined(COCCI) */ 152 153 #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \ 154 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \ 155 " 083C 538F 4403 8BBF A077 587D D755\n" 156 #define VALID_ALT_BRIDGE_AUTH \ 157 "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \ 158 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \ 159 " 083C 538F 4403 8BBF A077 587D D755\n" 160 #define VALID_ALT_DIR_AUTH \ 161 "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \ 162 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \ 163 " 083C 538F 4403 8BBF A077 587D D755\n" 164 165 static int 166 test_options_checklog(const char *configuration, int expect_log_severity, 167 const char *expect_log) 168 { 169 int found = 0, ret = -1; 170 char *actual_log = NULL; 171 172 if (messages) { 173 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, m) { 174 if (m->severity == expect_log_severity && 175 strstr(m->msg, expect_log)) { 176 found = 1; 177 break; 178 } 179 } SMARTLIST_FOREACH_END(m); 180 } 181 if (!found) { 182 actual_log = dump_logs(); 183 TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.", 184 log_level_to_string(expect_log_severity), expect_log, 185 configuration, actual_log)); 186 } 187 ret = 0; 188 189 done: 190 tor_free(actual_log); 191 return ret; 192 } 193 194 static int 195 test_options_checkmsgs(const char *configuration, 196 const char *expect_errmsg, 197 int expect_log_severity, 198 const char *expect_log, 199 char *msg) 200 { 201 if (expect_errmsg && !msg) { 202 TT_DIE(("Expected error message <%s> from <%s>, but got none.", 203 expect_errmsg, configuration)); 204 } else if (expect_errmsg && !strstr(msg, expect_errmsg)) { 205 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.", 206 expect_errmsg, configuration, msg)); 207 } else if (!expect_errmsg && msg) { 208 TT_DIE(("Expected no error message from <%s> but got <%s>.", 209 configuration, msg)); 210 } 211 if (expect_log) { 212 return test_options_checklog(configuration, expect_log_severity, 213 expect_log); 214 } 215 return 0; 216 217 done: 218 return -1; 219 } 220 221 /* Which phases of config parsing/validation to check for messages/logs */ 222 enum { PH_GETLINES, PH_ASSIGN, PH_VALIDATE }; 223 224 static void 225 test_options_validate_impl(const char *configuration, 226 const char *expect_errmsg, 227 int expect_log_severity, 228 const char *expect_log, 229 int phase) 230 { 231 or_options_t *opt=NULL; 232 config_line_t *cl=NULL; 233 char *msg=NULL; 234 int r; 235 236 setup_options(opt); 237 238 r = config_get_lines(configuration, &cl, 1); 239 if (phase == PH_GETLINES) { 240 if (test_options_checkmsgs(configuration, expect_errmsg, 241 expect_log_severity, 242 expect_log, msg)) 243 goto done; 244 } 245 if (r) 246 goto done; 247 248 r = config_assign(get_options_mgr(), opt, cl, 0, &msg); 249 if (phase == PH_ASSIGN) { 250 if (test_options_checkmsgs(configuration, expect_errmsg, 251 expect_log_severity, 252 expect_log, msg)) 253 goto done; 254 } 255 tt_int_op((r == 0), OP_EQ, (msg == NULL)); 256 if (r) 257 goto done; 258 259 r = options_validate(NULL, opt, &msg); 260 if (phase == PH_VALIDATE) { 261 if (test_options_checkmsgs(configuration, expect_errmsg, 262 expect_log_severity, 263 expect_log, msg)) 264 goto done; 265 } 266 tt_int_op((r == 0), OP_EQ, (msg == NULL)); 267 268 done: 269 escaped(NULL); 270 policies_free_all(); 271 config_free_lines(cl); 272 or_options_free(opt); 273 tor_free(msg); 274 clear_log_messages(); 275 } 276 277 #define WANT_ERR(config, msg, ph) \ 278 test_options_validate_impl((config), (msg), 0, NULL, (ph)) 279 #define WANT_LOG(config, severity, msg, ph) \ 280 test_options_validate_impl((config), NULL, (severity), (msg), (ph)) 281 #define WANT_ERR_LOG(config, msg, severity, logmsg, ph) \ 282 test_options_validate_impl((config), (msg), (severity), (logmsg), (ph)) 283 #define OK(config, ph) \ 284 test_options_validate_impl((config), NULL, 0, NULL, (ph)) 285 286 static void 287 test_options_validate(void *arg) 288 { 289 (void)arg; 290 setup_log_callback(); 291 sandbox_disable_getaddrinfo_cache(); 292 mock_hostname_resolver(); 293 294 WANT_ERR("ExtORPort 500000", "Invalid ExtORPort", PH_VALIDATE); 295 296 WANT_ERR_LOG("ServerTransportOptions trebuchet", 297 "ServerTransportOptions did not parse", 298 LOG_WARN, "Too few arguments", PH_VALIDATE); 299 OK("ServerTransportOptions trebuchet sling=snappy", PH_VALIDATE); 300 OK("ServerTransportOptions trebuchet sling=", PH_VALIDATE); 301 WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy", 302 "ServerTransportOptions did not parse", 303 LOG_WARN, "\"slingsnappy\" is not a k=v", PH_VALIDATE); 304 305 WANT_ERR("BridgeRelay 1\nDirCache 0", 306 "We're a bridge but DirCache is disabled.", PH_VALIDATE); 307 308 WANT_ERR("HeartbeatPeriod 21 snarks", 309 "Unknown unit in 21 snarks", PH_ASSIGN); 310 WANT_ERR("LogTimeGranularity 21 snarks", 311 "Unknown unit in 21 snarks", PH_ASSIGN); 312 OK("HeartbeatPeriod 1 hour", PH_VALIDATE); 313 OK("LogTimeGranularity 100 milliseconds", PH_VALIDATE); 314 315 WANT_LOG("ControlSocket \"string with trailing garbage\" bogus", LOG_WARN, 316 "Error while parsing configuration: " 317 "Excess data after quoted string", PH_GETLINES); 318 WANT_LOG("ControlSocket \"bogus escape \\@\"", LOG_WARN, 319 "Error while parsing configuration: " 320 "Invalid escape sequence in quoted string", PH_GETLINES); 321 322 close_temp_logs(); 323 clear_log_messages(); 324 unmock_hostname_resolver(); 325 return; 326 } 327 328 #define MEGABYTEIFY(mb) (UINT64_C(mb) << 20) 329 static void 330 test_have_enough_mem_for_dircache(void *arg) 331 { 332 (void)arg; 333 or_options_t *opt=NULL; 334 config_line_t *cl=NULL; 335 char *msg=NULL; 336 int r; 337 const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg; 338 339 setup_options(opt); 340 setup_log_callback(); 341 342 r = config_get_lines(configuration, &cl, 1); 343 tt_int_op(r, OP_EQ, 0); 344 345 r = config_assign(get_options_mgr(), opt, cl, 0, &msg); 346 tt_int_op(r, OP_EQ, 0); 347 348 /* 300 MB RAM available, DirCache enabled */ 349 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg); 350 tt_int_op(r, OP_EQ, 0); 351 tt_ptr_op(msg, OP_EQ, NULL); 352 353 /* 200 MB RAM available, DirCache enabled */ 354 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg); 355 tt_int_op(r, OP_EQ, -1); 356 expect_errmsg = "Being a directory cache (default) with less than "; 357 if (!strstr(msg, expect_errmsg)) { 358 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.", 359 expect_errmsg, configuration, msg)); 360 } 361 tor_free(msg); 362 363 config_free_lines(cl); cl = NULL; 364 configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1"; 365 r = config_get_lines(configuration, &cl, 1); 366 tt_int_op(r, OP_EQ, 0); 367 368 r = config_assign(get_options_mgr(), opt, cl, 0, &msg); 369 tt_int_op(r, OP_EQ, 0); 370 371 /* 300 MB RAM available, DirCache enabled, Bridge */ 372 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg); 373 tt_int_op(r, OP_EQ, 0); 374 tt_ptr_op(msg, OP_EQ, NULL); 375 376 /* 200 MB RAM available, DirCache enabled, Bridge */ 377 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg); 378 tt_int_op(r, OP_EQ, -1); 379 expect_errmsg = "Running a Bridge with less than "; 380 if (!strstr(msg, expect_errmsg)) { 381 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.", 382 expect_errmsg, configuration, msg)); 383 } 384 tor_free(msg); 385 386 config_free_lines(cl); cl = NULL; 387 configuration = "ORPort 8080\nDirCache 0"; 388 r = config_get_lines(configuration, &cl, 1); 389 tt_int_op(r, OP_EQ, 0); 390 391 r = config_assign(get_options_mgr(), opt, cl, 0, &msg); 392 tt_int_op(r, OP_EQ, 0); 393 394 /* 200 MB RAM available, DirCache disabled */ 395 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg); 396 tt_int_op(r, OP_EQ, 0); 397 tt_ptr_op(msg, OP_EQ, NULL); 398 399 /* 300 MB RAM available, DirCache disabled */ 400 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg); 401 tt_int_op(r, OP_EQ, -1); 402 expect_errmsg = "DirCache is disabled and we are configured as a "; 403 if (!strstr(msg, expect_errmsg)) { 404 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.", 405 expect_errmsg, configuration, msg)); 406 } 407 tor_free(msg); 408 409 clear_log_messages(); 410 411 done: 412 if (msg) 413 tor_free(msg); 414 or_options_free(opt); 415 config_free_lines(cl); 416 return; 417 } 418 419 static const char *fixed_get_uname_result = NULL; 420 421 static const char * 422 fixed_get_uname(void) 423 { 424 return fixed_get_uname_result; 425 } 426 427 typedef struct { 428 or_options_t *opt; 429 } options_test_data_t; 430 431 static void free_options_test_data(options_test_data_t *td); 432 433 static options_test_data_t * 434 get_options_test_data(const char *conf) 435 { 436 int rv = -1; 437 char *msg = NULL; 438 config_line_t *cl=NULL; 439 options_test_data_t *result = tor_malloc(sizeof(options_test_data_t)); 440 result->opt = options_new(); 441 442 options_init(result->opt); 443 444 rv = config_get_lines(conf, &cl, 1); 445 tt_int_op(rv, OP_EQ, 0); 446 rv = config_assign(get_options_mgr(), result->opt, cl, 0, &msg); 447 if (msg) { 448 /* Display the parse error message by comparing it with an empty string */ 449 tt_str_op(msg, OP_EQ, ""); 450 } 451 tt_int_op(rv, OP_EQ, 0); 452 config_free_lines(cl); 453 result->opt->LogTimeGranularity = 1; 454 result->opt->TokenBucketRefillInterval = 1; 455 rv = config_get_lines("", &cl, 1); 456 tt_int_op(rv, OP_EQ, 0); 457 458 done: 459 config_free_lines(cl); 460 if (rv != 0) { 461 free_options_test_data(result); 462 result = NULL; 463 /* Callers expect a non-NULL result, so just die if we can't provide one. 464 */ 465 tor_assert(0); 466 } 467 return result; 468 } 469 470 static void 471 free_options_test_data(options_test_data_t *td) 472 { 473 if (!td) return; 474 or_options_free(td->opt); 475 tor_free(td); 476 } 477 478 static void 479 test_options_validate__uname_for_server(void *ignored) 480 { 481 (void)ignored; 482 char *msg; 483 484 #ifndef _WIN32 485 int unset_home_env = 0; 486 if (setenv("HOME", "/home/john", 0) == 0) 487 unset_home_env = 1; 488 #endif 489 490 options_test_data_t *tdata = get_options_test_data( 491 "ORPort 127.0.0.1:5555\n" 492 "ContactInfo nobody@example.com"); 493 setup_capture_of_logs(LOG_WARN); 494 495 MOCK(get_uname, fixed_get_uname); 496 fixed_get_uname_result = "Windows 95"; 497 options_validate(NULL, tdata->opt, &msg); 498 expect_log_msg("Tor is running as a server, but you" 499 " are running Windows 95; this probably won't work. See https://www" 500 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n"); 501 tor_free(msg); 502 503 fixed_get_uname_result = "Windows 98"; 504 mock_clean_saved_logs(); 505 options_validate(NULL, tdata->opt, &msg); 506 expect_log_msg("Tor is running as a server, but you" 507 " are running Windows 98; this probably won't work. See https://www" 508 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n"); 509 tor_free(msg); 510 511 fixed_get_uname_result = "Windows Me"; 512 mock_clean_saved_logs(); 513 options_validate(NULL, tdata->opt, &msg); 514 expect_log_msg("Tor is running as a server, but you" 515 " are running Windows Me; this probably won't work. See https://www" 516 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n"); 517 tor_free(msg); 518 519 fixed_get_uname_result = "Windows 2000"; 520 mock_clean_saved_logs(); 521 options_validate(NULL, tdata->opt, &msg); 522 expect_no_log_msg("Tor is running as a server, but you "); 523 tor_free(msg); 524 525 done: 526 UNMOCK(get_uname); 527 free_options_test_data(tdata); 528 tor_free(msg); 529 teardown_capture_of_logs(); 530 #ifndef _WIN32 531 if (unset_home_env) 532 unsetenv("HOME"); 533 #endif 534 } 535 536 static void 537 test_options_validate__outbound_addresses(void *ignored) 538 { 539 (void)ignored; 540 int ret; 541 char *msg; 542 options_test_data_t *tdata = get_options_test_data( 543 "OutboundBindAddress xxyy!!!sdfaf"); 544 545 ret = options_validate(NULL, tdata->opt, &msg); 546 tt_int_op(ret, OP_EQ, -1); 547 tt_str_op(msg, OP_EQ, "Multiple outbound bind addresses configured: " 548 "xxyy!!!sdfaf"); 549 550 done: 551 free_options_test_data(tdata); 552 tor_free(msg); 553 } 554 555 static void 556 test_options_validate__data_directory(void *ignored) 557 { 558 (void)ignored; 559 int ret; 560 char *msg; 561 options_test_data_t *tdata = get_options_test_data( 562 "DataDirectory longreallyl" 563 "ongLONGLONGlongreallylong" 564 "LONGLONGlongreallylongLON" 565 "GLONGlongreallylongLONGLO" 566 "NGlongreallylongLONGLONGl" 567 "ongreallylongLONGLONGlong" 568 "reallylongLONGLONGlongrea" 569 "llylongLONGLONGlongreally" 570 "longLONGLONGlongreallylon" 571 "gLONGLONGlongreallylongLO" 572 "NGLONGlongreallylongLONGL" 573 "ONGlongreallylongLONGLONG" 574 "longreallylongLONGLONGlon" 575 "greallylongLONGLONGlongre" 576 "allylongLONGLONGlongreall" 577 "ylongLONGLONGlongreallylo" 578 "ngLONGLONGlongreallylongL" 579 "ONGLONGlongreallylongLONG" 580 "LONG"); // 440 characters 581 582 ret = options_validate(NULL, tdata->opt, &msg); 583 tt_int_op(ret, OP_EQ, -1); 584 tt_str_op(msg, OP_EQ, "Invalid DataDirectory"); 585 586 done: 587 free_options_test_data(tdata); 588 tor_free(msg); 589 } 590 591 static void 592 test_options_validate__nickname(void *ignored) 593 { 594 (void)ignored; 595 int ret; 596 char *msg; 597 options_test_data_t *tdata = get_options_test_data( 598 "Nickname ThisNickNameIsABitTooLong"); 599 600 ret = options_validate(NULL, tdata->opt, &msg); 601 tt_int_op(ret, OP_EQ, -1); 602 tt_str_op(msg, OP_EQ, 603 "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between " 604 "1 and 19 characters inclusive, and must contain only the " 605 "characters [a-zA-Z0-9]."); 606 tor_free(msg); 607 608 free_options_test_data(tdata); 609 tdata = get_options_test_data("Nickname AMoreValidNick"); 610 ret = options_validate(NULL, tdata->opt, &msg); 611 tt_int_op(ret, OP_EQ, 0); 612 tor_free(msg); 613 614 free_options_test_data(tdata); 615 tdata = get_options_test_data("DataDirectory /tmp/somewhere"); 616 ret = options_validate(NULL, tdata->opt, &msg); 617 tt_int_op(ret, OP_EQ, 0); 618 619 done: 620 free_options_test_data(tdata); 621 tor_free(msg); 622 } 623 624 static void 625 test_options_validate__contactinfo(void *ignored) 626 { 627 (void)ignored; 628 int ret; 629 char *msg; 630 options_test_data_t *tdata = get_options_test_data( 631 "ORPort 127.0.0.1:5555"); 632 setup_capture_of_logs(LOG_DEBUG); 633 tdata->opt->ContactInfo = NULL; 634 635 ret = options_validate(NULL, tdata->opt, &msg); 636 tt_int_op(ret, OP_EQ, 0); 637 expect_log_msg( 638 "Your ContactInfo config option is not set. Please strongly " 639 "consider setting it, so we can contact you if your relay is " 640 "misconfigured, end-of-life, or something else goes wrong. It " 641 "is also possible that your relay might get rejected from the " 642 "network due to a missing valid contact address.\n"); 643 tor_free(msg); 644 645 free_options_test_data(tdata); 646 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n" 647 "ContactInfo hella@example.org"); 648 mock_clean_saved_logs(); 649 ret = options_validate(NULL, tdata->opt, &msg); 650 tt_int_op(ret, OP_EQ, 0); 651 expect_no_log_msg( 652 "Your ContactInfo config option is not set. Please strongly " 653 "consider setting it, so we can contact you if your relay is " 654 "misconfigured, end-of-life, or something else goes wrong. It " 655 "is also possible that your relay might get rejected from the " 656 "network due to a missing valid contact address.\n"); 657 tor_free(msg); 658 659 done: 660 teardown_capture_of_logs(); 661 free_options_test_data(tdata); 662 tor_free(msg); 663 } 664 665 static void 666 test_options_validate__logs(void *ignored) 667 { 668 (void)ignored; 669 int ret; 670 (void)ret; 671 char *msg; 672 int orig_quiet_level = quiet_level; 673 options_test_data_t *tdata = get_options_test_data(""); 674 tdata->opt->Logs = NULL; 675 tdata->opt->RunAsDaemon = 0; 676 677 ret = options_validate(NULL, tdata->opt, &msg); 678 tt_assert(!tdata->opt->Logs); 679 tor_free(msg); 680 tt_int_op(ret, OP_EQ, 0); 681 682 free_options_test_data(tdata); 683 tdata = get_options_test_data(""); 684 tdata->opt->Logs = NULL; 685 tdata->opt->RunAsDaemon = 0; 686 quiet_level = 1; 687 ret = options_validate(NULL, tdata->opt, &msg); 688 tt_assert(!tdata->opt->Logs); 689 tor_free(msg); 690 tt_int_op(ret, OP_EQ, 0); 691 692 free_options_test_data(tdata); 693 tdata = get_options_test_data(""); 694 tdata->opt->Logs = NULL; 695 tdata->opt->RunAsDaemon = 0; 696 quiet_level = 2; 697 ret = options_validate(NULL, tdata->opt, &msg); 698 tt_assert(!tdata->opt->Logs); 699 tor_free(msg); 700 tt_int_op(ret, OP_EQ, 0); 701 702 free_options_test_data(tdata); 703 tdata = get_options_test_data(""); 704 tdata->opt->Logs = NULL; 705 tdata->opt->RunAsDaemon = 0; 706 ret = options_validate(NULL, tdata->opt, &msg); 707 tt_assert(!tdata->opt->Logs); 708 tor_free(msg); 709 tt_int_op(ret, OP_EQ, 0); 710 711 free_options_test_data(tdata); 712 tdata = get_options_test_data(""); 713 tdata->opt->Logs = NULL; 714 tdata->opt->RunAsDaemon = 1; 715 ret = options_validate(NULL, tdata->opt, &msg); 716 tt_assert(!tdata->opt->Logs); 717 tor_free(msg); 718 #ifdef _WIN32 719 /* Can't RunAsDaemon on Windows. */ 720 tt_int_op(ret, OP_EQ, -1); 721 #else 722 tt_int_op(ret, OP_EQ, 0); 723 #endif /* defined(_WIN32) */ 724 725 free_options_test_data(tdata); 726 tdata = get_options_test_data(""); 727 tdata->opt->RunAsDaemon = 0; 728 config_line_t *cl=NULL; 729 config_get_lines("Log foo", &cl, 1); 730 tdata->opt->Logs = cl; 731 ret = options_validate(NULL, tdata->opt, &msg); 732 tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl); 733 tt_int_op(ret, OP_EQ, -1); 734 735 done: 736 quiet_level = orig_quiet_level; 737 free_options_test_data(tdata); 738 tor_free(msg); 739 } 740 741 /* static config_line_t * */ 742 /* mock_config_line(const char *key, const char *val) */ 743 /* { */ 744 /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */ 745 /* memset(config_line, 0, sizeof(config_line_t)); */ 746 /* config_line->key = tor_strdup(key); */ 747 /* config_line->value = tor_strdup(val); */ 748 /* return config_line; */ 749 /* } */ 750 751 static void 752 test_options_validate__authdir(void *ignored) 753 { 754 (void)ignored; 755 int ret; 756 char *msg; 757 setup_capture_of_logs(LOG_INFO); 758 options_test_data_t *tdata = get_options_test_data( 759 ENABLE_AUTHORITY_V3_MIN 760 "Address this.should.not!exist!.example.org"); 761 const dirauth_options_t *da_opt; 762 763 sandbox_disable_getaddrinfo_cache(); 764 765 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); 766 ret = options_validate(NULL, tdata->opt, &msg); 767 UNMOCK(tor_addr_lookup); 768 tt_int_op(ret, OP_EQ, -1); 769 tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for" 770 " details."); 771 expect_log_msg("Could not resolve local Address " 772 "'this.should.not!exist!.example.org'. Failing.\n"); 773 tor_free(msg); 774 775 free_options_test_data(tdata); 776 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN 777 "Address 100.200.10.1"); 778 mock_clean_saved_logs(); 779 ret = options_validate(NULL, tdata->opt, &msg); 780 tt_int_op(ret, OP_EQ, -1); 781 tt_str_op(msg, OP_EQ, "Authoritative directory servers must set " 782 "ContactInfo"); 783 tor_free(msg); 784 785 free_options_test_data(tdata); 786 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN 787 "Address 100.200.10.1\n"); 788 mock_clean_saved_logs(); 789 ret = options_validate(NULL, tdata->opt, &msg); 790 tt_int_op(ret, OP_EQ, -1); 791 tt_str_op(msg, OP_EQ, 792 "Authoritative directory servers must set ContactInfo"); 793 tor_free(msg); 794 795 free_options_test_data(tdata); 796 tdata = get_options_test_data(ENABLE_AUTHORITY_MIN 797 "Address 100.200.10.1\n" 798 "TestingTorNetwork 1\n"); 799 mock_clean_saved_logs(); 800 ret = options_validate(NULL, tdata->opt, &msg); 801 tt_int_op(ret, OP_EQ, -1); 802 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)" 803 "AuthoritativeDir is set."); 804 tor_free(msg); 805 806 free_options_test_data(tdata); 807 tdata = get_options_test_data(ENABLE_AUTHORITY); 808 mock_clean_saved_logs(); 809 ret = options_validate(NULL, tdata->opt, &msg); 810 tt_int_op(ret, OP_EQ, -1); 811 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)" 812 "AuthoritativeDir is set."); 813 tor_free(msg); 814 815 free_options_test_data(tdata); 816 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 817 "RecommendedVersions 1.2, 3.14\n"); 818 mock_clean_saved_logs(); 819 options_validate(NULL, tdata->opt, &msg); 820 da_opt = get_dirauth_options(tdata->opt); 821 tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14"); 822 tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14"); 823 tor_free(msg); 824 825 free_options_test_data(tdata); 826 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 827 "RecommendedVersions 1.2, 3.14\n" 828 "RecommendedClientVersions 25\n" 829 "RecommendedServerVersions 4.18\n"); 830 mock_clean_saved_logs(); 831 options_validate(NULL, tdata->opt, &msg); 832 da_opt = get_dirauth_options(tdata->opt); 833 tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "25"); 834 tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "4.18"); 835 tor_free(msg); 836 837 free_options_test_data(tdata); 838 tdata = get_options_test_data(ENABLE_AUTHORITY 839 "VersioningAuthoritativeDirectory 1\n" 840 "RecommendedVersions 1.2, 3.14\n" 841 "RecommendedClientVersions 25\n" 842 "RecommendedServerVersions 4.18\n"); 843 mock_clean_saved_logs(); 844 options_validate(NULL, tdata->opt, &msg); 845 da_opt = get_dirauth_options(tdata->opt); 846 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)" 847 "AuthoritativeDir is set."); 848 tor_free(msg); 849 850 free_options_test_data(tdata); 851 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 852 "VersioningAuthoritativeDirectory 1\n" 853 "RecommendedServerVersions 4.18\n"); 854 mock_clean_saved_logs(); 855 options_validate(NULL, tdata->opt, &msg); 856 da_opt = get_dirauth_options(tdata->opt); 857 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " 858 "Recommended*Versions."); 859 tor_free(msg); 860 861 free_options_test_data(tdata); 862 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 863 "VersioningAuthoritativeDirectory 1\n" 864 "RecommendedClientVersions 4.18\n"); 865 mock_clean_saved_logs(); 866 options_validate(NULL, tdata->opt, &msg); 867 da_opt = get_dirauth_options(tdata->opt); 868 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " 869 "Recommended*Versions."); 870 tor_free(msg); 871 da_opt = NULL; 872 873 free_options_test_data(tdata); 874 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 875 "UseEntryGuards 1\n"); 876 mock_clean_saved_logs(); 877 options_validate(NULL, tdata->opt, &msg); 878 expect_log_msg("Authoritative directory servers " 879 "can't set UseEntryGuards. Disabling.\n"); 880 tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0); 881 tor_free(msg); 882 883 free_options_test_data(tdata); 884 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 885 "DownloadExtraInfo 0\n"); 886 mock_clean_saved_logs(); 887 options_validate(NULL, tdata->opt, &msg); 888 expect_log_msg("Authoritative directories always try" 889 " to download extra-info documents. Setting DownloadExtraInfo.\n"); 890 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1); 891 tor_free(msg); 892 893 free_options_test_data(tdata); 894 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 895 "V3BandwidthsFile non-existent-file\n"); 896 mock_clean_saved_logs(); 897 options_validate(NULL, tdata->opt, &msg); 898 expect_log_msg("Can't open bandwidth file at configured location: " 899 "non-existent-file\n"); 900 tor_free(msg); 901 902 free_options_test_data(tdata); 903 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 904 "GuardfractionFile non-existent-file\n"); 905 mock_clean_saved_logs(); 906 options_validate(NULL, tdata->opt, &msg); 907 expect_log_msg("Cannot open guardfraction file 'non-existent-file'. " 908 "Failing.\n"); 909 tor_free(msg); 910 911 free_options_test_data(tdata); 912 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN 913 "Address 100.200.10.1\n" 914 "ORPort 2000\n" 915 "ContactInfo hello@hello.com\n"); 916 mock_clean_saved_logs(); 917 ret = options_validate(NULL, tdata->opt, &msg); 918 tt_int_op(ret, OP_EQ, -1); 919 tt_str_op(msg, OP_EQ, 920 "Running as authoritative directory, but no DirPort set."); 921 tor_free(msg); 922 923 free_options_test_data(tdata); 924 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN 925 "Address 100.200.10.1\n" 926 "ORPort 2000\n" 927 "ContactInfo hello@hello.com\n"); 928 mock_clean_saved_logs(); 929 ret = options_validate(NULL, tdata->opt, &msg); 930 tt_int_op(ret, OP_EQ, -1); 931 tt_str_op(msg, OP_EQ, 932 "Running as authoritative directory, but no DirPort set."); 933 tor_free(msg); 934 935 free_options_test_data(tdata); 936 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN 937 "Address 100.200.10.1\n" 938 "DirPort 999\n" 939 "ContactInfo hello@hello.com\n"); 940 mock_clean_saved_logs(); 941 ret = options_validate(NULL, tdata->opt, &msg); 942 tt_int_op(ret, OP_EQ, -1); 943 tt_str_op(msg, OP_EQ, 944 "Running as authoritative directory, but no ORPort set."); 945 tor_free(msg); 946 947 free_options_test_data(tdata); 948 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN 949 "Address 100.200.10.1\n" 950 "DirPort 999\n" 951 "ContactInfo hello@hello.com\n"); 952 mock_clean_saved_logs(); 953 ret = options_validate(NULL, tdata->opt, &msg); 954 tt_int_op(ret, OP_EQ, -1); 955 tt_str_op(msg, OP_EQ, 956 "Running as authoritative directory, but no ORPort set."); 957 tor_free(msg); 958 959 free_options_test_data(tdata); 960 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 961 "ClientOnly 1\n"); 962 /* We have to call the dirauth-specific function, and fake port parsing, 963 * to hit this case */ 964 tdata->opt->DirPort_set = 1; 965 tdata->opt->ORPort_set = 1; 966 mock_clean_saved_logs(); 967 ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg); 968 tt_int_op(ret, OP_EQ, -1); 969 tt_str_op(msg, OP_EQ, "Running as authoritative directory, " 970 "but ClientOnly also set."); 971 tor_free(msg); 972 973 free_options_test_data(tdata); 974 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE 975 "ClientOnly 1\n"); 976 /* We have to call the dirauth-specific function, and fake port parsing, 977 * to hit this case */ 978 tdata->opt->DirPort_set = 1; 979 tdata->opt->ORPort_set = 1; 980 mock_clean_saved_logs(); 981 ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg); 982 tt_int_op(ret, OP_EQ, -1); 983 tt_str_op(msg, OP_EQ, "Running as authoritative directory, " 984 "but ClientOnly also set."); 985 tor_free(msg); 986 987 done: 988 teardown_capture_of_logs(); 989 // sandbox_free_getaddrinfo_cache(); 990 free_options_test_data(tdata); 991 tor_free(msg); 992 } 993 994 static void 995 test_options_validate__relay_with_hidden_services(void *ignored) 996 { 997 (void)ignored; 998 char *msg; 999 int ret; 1000 setup_capture_of_logs(LOG_DEBUG); 1001 options_test_data_t *tdata = get_options_test_data( 1002 "ORPort 127.0.0.1:5555\n" 1003 "HiddenServiceDir " 1004 "/Library/Tor/var/lib/tor/hidden_service/\n" 1005 "HiddenServicePort 80 127.0.0.1:8080\n" 1006 ); 1007 1008 ret = options_validate(NULL, tdata->opt, &msg); 1009 tt_int_op(ret, OP_EQ, 0); 1010 expect_log_msg( 1011 "Tor is currently configured as a relay and a hidden service. " 1012 "That's not very secure: you should probably run your hidden servi" 1013 "ce in a separate Tor process, at least -- see " 1014 "https://bugs.torproject.org/tpo/core/tor/8742.\n"); 1015 1016 done: 1017 teardown_capture_of_logs(); 1018 free_options_test_data(tdata); 1019 tor_free(msg); 1020 } 1021 1022 static void 1023 test_options_validate__listen_ports(void *ignored) 1024 { 1025 (void)ignored; 1026 int ret; 1027 char *msg; 1028 setup_capture_of_logs(LOG_WARN); 1029 options_test_data_t *tdata = get_options_test_data("SOCKSPort 0"); 1030 ret = options_validate(NULL, tdata->opt, &msg); 1031 tt_int_op(ret, OP_EQ, 0); 1032 expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort " 1033 "are all undefined, and there aren't any hidden services " 1034 "configured. " 1035 " Tor will still run, but probably won't do anything.\n"); 1036 done: 1037 teardown_capture_of_logs(); 1038 free_options_test_data(tdata); 1039 tor_free(msg); 1040 } 1041 1042 static void 1043 test_options_validate__transproxy(void *ignored) 1044 { 1045 (void)ignored; 1046 int ret; 1047 char *msg; 1048 options_test_data_t *tdata; 1049 1050 #ifdef USE_TRANSPARENT 1051 // Test default trans proxy 1052 tdata = get_options_test_data("TransProxyType default\n"); 1053 1054 ret = options_validate(NULL, tdata->opt, &msg); 1055 tt_int_op(ret, OP_EQ, 0); 1056 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT); 1057 tor_free(msg); 1058 1059 // Test pf-divert trans proxy 1060 free_options_test_data(tdata); 1061 tdata = get_options_test_data("TransProxyType pf-divert\n"); 1062 ret = options_validate(NULL, tdata->opt, &msg); 1063 tt_int_op(ret, OP_EQ, -1); 1064 1065 #if !defined(OpenBSD) && !defined(DARWIN) 1066 tt_str_op(msg, OP_EQ, 1067 "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature."); 1068 #else 1069 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT); 1070 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without " 1071 "any valid TransPort."); 1072 #endif /* !defined(OpenBSD) && !defined(DARWIN) */ 1073 tor_free(msg); 1074 1075 // Test tproxy trans proxy 1076 free_options_test_data(tdata); 1077 tdata = get_options_test_data("TransProxyType tproxy\n"); 1078 ret = options_validate(NULL, tdata->opt, &msg); 1079 tt_int_op(ret, OP_EQ, -1); 1080 1081 #if !defined(__linux__) 1082 tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature."); 1083 #else 1084 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY); 1085 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid " 1086 "TransPort."); 1087 #endif /* !defined(__linux__) */ 1088 tor_free(msg); 1089 1090 // Test ipfw trans proxy 1091 free_options_test_data(tdata); 1092 tdata = get_options_test_data("TransProxyType ipfw\n"); 1093 ret = options_validate(NULL, tdata->opt, &msg); 1094 tt_int_op(ret, OP_EQ, -1); 1095 1096 #ifndef KERNEL_MAY_SUPPORT_IPFW 1097 tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specific and OS X/Darwin-specific " 1098 "feature."); 1099 #else 1100 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW); 1101 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid " 1102 "TransPort."); 1103 #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */ 1104 tor_free(msg); 1105 1106 // Test unknown trans proxy 1107 free_options_test_data(tdata); 1108 tdata = get_options_test_data("TransProxyType non-existent\n"); 1109 ret = options_validate(NULL, tdata->opt, &msg); 1110 tt_int_op(ret, OP_EQ, -1); 1111 tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType"); 1112 tor_free(msg); 1113 1114 // Test trans proxy success 1115 free_options_test_data(tdata); 1116 tdata = NULL; 1117 1118 #if defined(__linux__) 1119 tdata = get_options_test_data("TransProxyType tproxy\n" 1120 "TransPort 127.0.0.1:123\n"); 1121 ret = options_validate(NULL, tdata->opt, &msg); 1122 tt_int_op(ret, OP_EQ, 0); 1123 #elif defined(KERNEL_MAY_SUPPORT_IPFW) 1124 tdata = get_options_test_data("TransProxyType ipfw\n" 1125 "TransPort 127.0.0.1:123\n"); 1126 ret = options_validate(NULL, tdata->opt, &msg); 1127 tt_int_op(ret, OP_EQ, 0); 1128 tor_free(msg); 1129 #elif defined(OpenBSD) 1130 tdata = get_options_test_data("TransProxyType pf-divert\n" 1131 "TransPort 127.0.0.1:123\n"); 1132 ret = options_validate(NULL, tdata->opt, &msg); 1133 tt_int_op(ret, OP_EQ, 0); 1134 tor_free(msg); 1135 #elif defined(__NetBSD__) 1136 tdata = get_options_test_data("TransProxyType default\n" 1137 "TransPort 127.0.0.1:123\n"); 1138 ret = options_validate(NULL, tdata->opt, &msg); 1139 tt_int_op(ret, OP_EQ, 0); 1140 tor_free(msg); 1141 #endif /* defined(__linux__) || ... */ 1142 1143 // Assert that a test has run for some TransProxyType 1144 tt_assert(tdata); 1145 1146 #else /* !defined(USE_TRANSPARENT) */ 1147 tdata = get_options_test_data("TransPort 127.0.0.1:555\n"); 1148 1149 ret = options_validate(NULL, tdata->opt, &msg); 1150 tt_int_op(ret, OP_EQ, -1); 1151 tt_str_op(msg, OP_EQ, "TransPort is disabled in this build."); 1152 tor_free(msg); 1153 #endif /* defined(USE_TRANSPARENT) */ 1154 1155 done: 1156 free_options_test_data(tdata); 1157 tor_free(msg); 1158 } 1159 1160 static country_t opt_tests_geoip_get_country(const char *country); 1161 ATTR_UNUSED static int opt_tests_geoip_get_country_called = 0; 1162 1163 static country_t 1164 opt_tests_geoip_get_country(const char *countrycode) 1165 { 1166 (void)countrycode; 1167 opt_tests_geoip_get_country_called++; 1168 1169 return 1; 1170 } 1171 1172 static void 1173 test_options_validate__exclude_nodes(void *ignored) 1174 { 1175 (void)ignored; 1176 1177 MOCK(geoip_get_country, 1178 opt_tests_geoip_get_country); 1179 1180 int ret; 1181 char *msg; 1182 setup_capture_of_logs(LOG_WARN); 1183 options_test_data_t *tdata = get_options_test_data( 1184 "ExcludeExitNodes {us}\n"); 1185 1186 ret = options_validate(NULL, tdata->opt, &msg); 1187 tt_int_op(ret, OP_EQ, 0); 1188 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1); 1189 tt_str_op((char *) 1190 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)), 1191 OP_EQ, "{us}"); 1192 tor_free(msg); 1193 1194 free_options_test_data(tdata); 1195 tdata = get_options_test_data("ExcludeNodes {cn}\n"); 1196 ret = options_validate(NULL, tdata->opt, &msg); 1197 tt_int_op(ret, OP_EQ, 0); 1198 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1); 1199 tt_str_op((char *) 1200 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)), 1201 OP_EQ, "{cn}"); 1202 tor_free(msg); 1203 1204 free_options_test_data(tdata); 1205 tdata = get_options_test_data("ExcludeNodes {cn}\n" 1206 "ExcludeExitNodes {us} {cn}\n"); 1207 ret = options_validate(NULL, tdata->opt, &msg); 1208 tt_int_op(ret, OP_EQ, 0); 1209 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2); 1210 tt_str_op((char *) 1211 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)), 1212 OP_EQ, "{us} {cn}"); 1213 tt_str_op((char *) 1214 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)), 1215 OP_EQ, "{cn}"); 1216 tor_free(msg); 1217 1218 free_options_test_data(tdata); 1219 tdata = get_options_test_data("ExcludeNodes {cn}\n" 1220 "StrictNodes 1\n"); 1221 mock_clean_saved_logs(); 1222 ret = options_validate(NULL, tdata->opt, &msg); 1223 tt_int_op(ret, OP_EQ, 0); 1224 expect_log_msg( 1225 "You have asked to exclude certain relays from all positions " 1226 "in your circuits. Expect hidden services and other Tor " 1227 "features to be broken in unpredictable ways.\n"); 1228 tor_free(msg); 1229 1230 free_options_test_data(tdata); 1231 tdata = get_options_test_data("ExcludeNodes {cn}\n"); 1232 mock_clean_saved_logs(); 1233 ret = options_validate(NULL, tdata->opt, &msg); 1234 tt_int_op(ret, OP_EQ, 0); 1235 expect_no_log_msg( 1236 "You have asked to exclude certain relays from all positions " 1237 "in your circuits. Expect hidden services and other Tor " 1238 "features to be broken in unpredictable ways.\n"); 1239 tor_free(msg); 1240 1241 done: 1242 UNMOCK(geoip_get_country); 1243 teardown_capture_of_logs(); 1244 free_options_test_data(tdata); 1245 tor_free(msg); 1246 } 1247 1248 static void 1249 test_options_validate__node_families(void *ignored) 1250 { 1251 (void)ignored; 1252 int ret; 1253 char *msg; 1254 options_test_data_t *tdata = get_options_test_data( 1255 "NodeFamily flux, flax\n" 1256 "NodeFamily somewhere\n"); 1257 1258 ret = options_validate(NULL, tdata->opt, &msg); 1259 tt_int_op(ret, OP_EQ, 0); 1260 tt_assert(tdata->opt->NodeFamilySets); 1261 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2); 1262 tt_str_op((char *)(smartlist_get( 1263 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)), 1264 OP_EQ, "flux"); 1265 tt_str_op((char *)(smartlist_get( 1266 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)), 1267 OP_EQ, "flax"); 1268 tt_str_op((char *)(smartlist_get( 1269 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)), 1270 OP_EQ, "somewhere"); 1271 tor_free(msg); 1272 1273 free_options_test_data(tdata); 1274 tdata = get_options_test_data(""); 1275 1276 ret = options_validate(NULL, tdata->opt, &msg); 1277 tt_int_op(ret, OP_EQ, 0); 1278 tt_assert(!tdata->opt->NodeFamilySets); 1279 tor_free(msg); 1280 1281 free_options_test_data(tdata); 1282 tdata = get_options_test_data("NodeFamily !flux\n"); 1283 1284 ret = options_validate(NULL, tdata->opt, &msg); 1285 tt_int_op(ret, OP_EQ, -1); 1286 tt_assert(tdata->opt->NodeFamilySets); 1287 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0); 1288 tor_free(msg); 1289 1290 done: 1291 free_options_test_data(tdata); 1292 tor_free(msg); 1293 } 1294 1295 static void 1296 test_options_validate__token_bucket(void *ignored) 1297 { 1298 (void)ignored; 1299 int ret; 1300 char *msg; 1301 options_test_data_t *tdata = get_options_test_data(""); 1302 1303 tdata->opt->TokenBucketRefillInterval = 0; 1304 ret = options_validate(NULL, tdata->opt, &msg); 1305 tt_int_op(ret, OP_EQ, -1); 1306 tt_str_op(msg, OP_EQ, 1307 "TokenBucketRefillInterval must be between 1 and 1000 inclusive."); 1308 tor_free(msg); 1309 1310 tdata->opt->TokenBucketRefillInterval = 1001; 1311 ret = options_validate(NULL, tdata->opt, &msg); 1312 tt_int_op(ret, OP_EQ, -1); 1313 tt_str_op(msg, OP_EQ, 1314 "TokenBucketRefillInterval must be between 1 and 1000 inclusive."); 1315 tor_free(msg); 1316 1317 done: 1318 free_options_test_data(tdata); 1319 tor_free(msg); 1320 } 1321 1322 static void 1323 test_options_validate__fetch_dir(void *ignored) 1324 { 1325 (void)ignored; 1326 int ret; 1327 char *msg; 1328 options_test_data_t *tdata = get_options_test_data( 1329 "FetchDirInfoExtraEarly 1\n" 1330 "FetchDirInfoEarly 0\n"); 1331 1332 ret = options_validate(NULL, tdata->opt, &msg); 1333 tt_int_op(ret, OP_EQ, -1); 1334 tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you" 1335 " also set FetchDirInfoEarly"); 1336 tor_free(msg); 1337 1338 free_options_test_data(tdata); 1339 tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n" 1340 "FetchDirInfoEarly 1\n"); 1341 1342 ret = options_validate(NULL, tdata->opt, &msg); 1343 tt_int_op(ret, OP_EQ, 0); 1344 tor_free(msg); 1345 1346 done: 1347 free_options_test_data(tdata); 1348 tor_free(msg); 1349 } 1350 1351 static void 1352 test_options_validate__conn_limit(void *ignored) 1353 { 1354 (void)ignored; 1355 int ret; 1356 char *msg; 1357 options_test_data_t *tdata = get_options_test_data( 1358 "ConnLimit 0\n"); 1359 1360 ret = options_validate(NULL, tdata->opt, &msg); 1361 tt_int_op(ret, OP_EQ, -1); 1362 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0"); 1363 tor_free(msg); 1364 1365 free_options_test_data(tdata); 1366 tdata = get_options_test_data("ConnLimit 1\n"); 1367 1368 ret = options_validate(NULL, tdata->opt, &msg); 1369 tt_int_op(ret, OP_EQ, 0); 1370 tor_free(msg); 1371 1372 done: 1373 free_options_test_data(tdata); 1374 tor_free(msg); 1375 } 1376 1377 static void 1378 test_options_validate__paths_needed(void *ignored) 1379 { 1380 (void)ignored; 1381 int ret; 1382 char *msg; 1383 1384 #ifndef _WIN32 1385 int unset_home_env = 0; 1386 if (setenv("HOME", "/home/john", 0) == 0) 1387 unset_home_env = 1; 1388 #endif 1389 1390 setup_capture_of_logs(LOG_WARN); 1391 options_test_data_t *tdata = get_options_test_data( 1392 "PathsNeededToBuildCircuits 0.1\n"); 1393 1394 ret = options_validate(NULL, tdata->opt, &msg); 1395 tt_int_op(ret, OP_EQ, 0); 1396 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 && 1397 tdata->opt->PathsNeededToBuildCircuits < 0.26); 1398 expect_log_msg("PathsNeededToBuildCircuits is too low. " 1399 "Increasing to 0.25\n"); 1400 tor_free(msg); 1401 1402 free_options_test_data(tdata); 1403 mock_clean_saved_logs(); 1404 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n"); 1405 1406 ret = options_validate(NULL, tdata->opt, &msg); 1407 tt_int_op(ret, OP_EQ, 0); 1408 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 && 1409 tdata->opt->PathsNeededToBuildCircuits < 0.96); 1410 expect_log_msg("PathsNeededToBuildCircuits is " 1411 "too high. Decreasing to 0.95\n"); 1412 tor_free(msg); 1413 1414 free_options_test_data(tdata); 1415 mock_clean_saved_logs(); 1416 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n"); 1417 1418 ret = options_validate(NULL, tdata->opt, &msg); 1419 tt_int_op(ret, OP_EQ, 0); 1420 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 && 1421 tdata->opt->PathsNeededToBuildCircuits < 0.92); 1422 expect_no_log_msg_containing("PathsNeededToBuildCircuits"); 1423 tor_free(msg); 1424 1425 done: 1426 teardown_capture_of_logs(); 1427 free_options_test_data(tdata); 1428 tor_free(msg); 1429 #ifndef _WIN32 1430 if (unset_home_env) 1431 unsetenv("HOME"); 1432 #endif 1433 } 1434 1435 static void 1436 test_options_validate__max_client_circuits(void *ignored) 1437 { 1438 (void)ignored; 1439 int ret; 1440 char *msg; 1441 options_test_data_t *tdata = get_options_test_data( 1442 "MaxClientCircuitsPending 0\n"); 1443 1444 ret = options_validate(NULL, tdata->opt, &msg); 1445 tt_int_op(ret, OP_EQ, -1); 1446 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024," 1447 " but was set to 0"); 1448 tor_free(msg); 1449 1450 free_options_test_data(tdata); 1451 tdata = get_options_test_data("MaxClientCircuitsPending 1025\n"); 1452 1453 ret = options_validate(NULL, tdata->opt, &msg); 1454 tt_int_op(ret, OP_EQ, -1); 1455 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024," 1456 " but was set to 1025"); 1457 tor_free(msg); 1458 1459 free_options_test_data(tdata); 1460 tdata = get_options_test_data("MaxClientCircuitsPending 1\n"); 1461 1462 ret = options_validate(NULL, tdata->opt, &msg); 1463 tt_int_op(ret, OP_EQ, 0); 1464 tor_free(msg); 1465 1466 done: 1467 free_options_test_data(tdata); 1468 tor_free(msg); 1469 } 1470 1471 static void 1472 test_options_validate__ports(void *ignored) 1473 { 1474 (void)ignored; 1475 int ret; 1476 char *msg; 1477 options_test_data_t *tdata = get_options_test_data("FirewallPorts 65537\n"); 1478 1479 ret = options_validate(NULL, tdata->opt, &msg); 1480 tt_int_op(ret, OP_EQ, -1); 1481 tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts"); 1482 tor_free(msg); 1483 1484 free_options_test_data(tdata); 1485 tdata = get_options_test_data("FirewallPorts 1\n" 1486 "LongLivedPorts 124444\n"); 1487 1488 ret = options_validate(NULL, tdata->opt, &msg); 1489 tt_int_op(ret, OP_EQ, -1); 1490 tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts"); 1491 tor_free(msg); 1492 1493 free_options_test_data(tdata); 1494 tdata = get_options_test_data("FirewallPorts 1\n" 1495 "LongLivedPorts 2\n" 1496 "RejectPlaintextPorts 112233\n"); 1497 1498 ret = options_validate(NULL, tdata->opt, &msg); 1499 tt_int_op(ret, OP_EQ, -1); 1500 tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts"); 1501 tor_free(msg); 1502 1503 free_options_test_data(tdata); 1504 tdata = get_options_test_data("FirewallPorts 1\n" 1505 "LongLivedPorts 2\n" 1506 "RejectPlaintextPorts 3\n" 1507 "WarnPlaintextPorts 65536\n"); 1508 1509 ret = options_validate(NULL, tdata->opt, &msg); 1510 tt_int_op(ret, OP_EQ, -1); 1511 tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts"); 1512 tor_free(msg); 1513 1514 free_options_test_data(tdata); 1515 tdata = get_options_test_data("FirewallPorts 1\n" 1516 "LongLivedPorts 2\n" 1517 "RejectPlaintextPorts 3\n" 1518 "WarnPlaintextPorts 4\n"); 1519 1520 ret = options_validate(NULL, tdata->opt, &msg); 1521 tt_int_op(ret, OP_EQ, 0); 1522 tor_free(msg); 1523 1524 done: 1525 free_options_test_data(tdata); 1526 tor_free(msg); 1527 } 1528 1529 static void 1530 test_options_validate__reachable_addresses(void *ignored) 1531 { 1532 (void)ignored; 1533 int ret; 1534 char *msg; 1535 setup_capture_of_logs(LOG_NOTICE); 1536 options_test_data_t *tdata = get_options_test_data("FascistFirewall 1\n"); 1537 1538 ret = options_validate(NULL, tdata->opt, &msg); 1539 tt_int_op(ret, OP_EQ, 0); 1540 expect_log_msg("Converting FascistFirewall config " 1541 "option to new format: \"ReachableDirAddresses *:80\"\n"); 1542 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80"); 1543 expect_log_msg("Converting FascistFirewall config " 1544 "option to new format: \"ReachableORAddresses *:443\"\n"); 1545 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443"); 1546 tor_free(msg); 1547 1548 free_options_test_data(tdata); 1549 mock_clean_saved_logs(); 1550 tdata = get_options_test_data("FascistFirewall 1\n" 1551 "ReachableDirAddresses *:81\n" 1552 "ReachableORAddresses *:444\n"); 1553 tt_assert(tdata->opt->FirewallPorts); 1554 SMARTLIST_FOREACH(tdata->opt->FirewallPorts, char *, cp, tor_free(cp)); 1555 smartlist_clear(tdata->opt->FirewallPorts); 1556 ret = options_validate(NULL, tdata->opt, &msg); 1557 tt_int_op(ret, OP_EQ, 0); 1558 #if 0 1559 /* This does not actually produce any logs, and did not produce any relevant 1560 * logs before. */ 1561 expect_log_entry(); 1562 #endif 1563 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81"); 1564 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444"); 1565 tor_free(msg); 1566 1567 free_options_test_data(tdata); 1568 mock_clean_saved_logs(); 1569 tdata = get_options_test_data("FascistFirewall 1\n" 1570 "FirewallPort 123\n"); 1571 1572 ret = options_validate(NULL, tdata->opt, &msg); 1573 tt_int_op(ret, OP_EQ, 0); 1574 expect_log_msg("Converting FascistFirewall and " 1575 "FirewallPorts config options to new format: " 1576 "\"ReachableAddresses *:123\"\n"); 1577 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123"); 1578 tor_free(msg); 1579 1580 free_options_test_data(tdata); 1581 mock_clean_saved_logs(); 1582 tdata = get_options_test_data("FascistFirewall 1\n" 1583 "ReachableAddresses *:82\n" 1584 "ReachableAddresses *:83\n" 1585 "ReachableAddresses reject *:*\n"); 1586 1587 ret = options_validate(NULL, tdata->opt, &msg); 1588 tt_int_op(ret, OP_EQ, 0); 1589 #if 0 1590 /* This does not actually produce any logs, and did not produce any relevant 1591 * logs before. */ 1592 expect_log_entry(); 1593 #endif 1594 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82"); 1595 tor_free(msg); 1596 1597 free_options_test_data(tdata); 1598 mock_clean_saved_logs(); 1599 tdata = get_options_test_data("FascistFirewall 1\n" 1600 "ReachableAddresses *:82\n"); 1601 1602 ret = options_validate(NULL, tdata->opt, &msg); 1603 tt_int_op(ret, OP_EQ, 0); 1604 tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL); 1605 tor_free(msg); 1606 1607 #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \ 1608 " the rest of the Internet, so they must not set Reachable*Addresses or" \ 1609 " FascistFirewall or FirewallPorts or ClientUseIPv4 0." 1610 1611 free_options_test_data(tdata); 1612 tdata = get_options_test_data("ReachableAddresses *:82\n" 1613 "ORPort 127.0.0.1:5555\n"); 1614 1615 ret = options_validate(NULL, tdata->opt, &msg); 1616 tt_int_op(ret, OP_EQ, -1); 1617 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG); 1618 tor_free(msg); 1619 1620 free_options_test_data(tdata); 1621 tdata = get_options_test_data("ReachableORAddresses *:82\n" 1622 "ORPort 127.0.0.1:5555\n"); 1623 1624 ret = options_validate(NULL, tdata->opt, &msg); 1625 tt_int_op(ret, OP_EQ, -1); 1626 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG); 1627 tor_free(msg); 1628 1629 free_options_test_data(tdata); 1630 tdata = get_options_test_data("ReachableDirAddresses *:82\n" 1631 "ORPort 127.0.0.1:5555\n"); 1632 1633 ret = options_validate(NULL, tdata->opt, &msg); 1634 tt_int_op(ret, OP_EQ, -1); 1635 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG); 1636 tor_free(msg); 1637 1638 free_options_test_data(tdata); 1639 tdata = get_options_test_data("ClientUseIPv4 0\n" 1640 "ORPort 127.0.0.1:5555\n"); 1641 1642 ret = options_validate(NULL, tdata->opt, &msg); 1643 tt_int_op(ret, OP_EQ, -1); 1644 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG); 1645 tor_free(msg); 1646 1647 /* Test IPv4-only clients setting IPv6 preferences */ 1648 1649 free_options_test_data(tdata); 1650 tdata = get_options_test_data("ClientUseIPv4 1\n" 1651 "ClientUseIPv6 0\n" 1652 "UseBridges 0\n" 1653 "ClientPreferIPv6ORPort 1\n"); 1654 1655 ret = options_validate(NULL, tdata->opt, &msg); 1656 tt_int_op(ret, OP_EQ, 0); 1657 tor_free(msg); 1658 1659 free_options_test_data(tdata); 1660 tdata = get_options_test_data("ClientUseIPv4 1\n" 1661 "ClientUseIPv6 0\n" 1662 "UseBridges 0\n" 1663 "ClientPreferIPv6DirPort 1\n"); 1664 1665 ret = options_validate(NULL, tdata->opt, &msg); 1666 tt_int_op(ret, OP_EQ, 0); 1667 tor_free(msg); 1668 1669 /* Now test an IPv4/IPv6 client setting IPv6 preferences */ 1670 1671 free_options_test_data(tdata); 1672 tdata = get_options_test_data("ClientUseIPv4 1\n" 1673 "ClientUseIPv6 1\n" 1674 "ClientPreferIPv6ORPort 1\n" 1675 "ClientPreferIPv6DirPort 1\n"); 1676 1677 ret = options_validate(NULL, tdata->opt, &msg); 1678 tt_int_op(ret, OP_EQ, 0); 1679 tt_ptr_op(msg, OP_EQ, NULL); 1680 1681 /* Now test an IPv6 client setting IPv6 preferences */ 1682 1683 free_options_test_data(tdata); 1684 tdata = get_options_test_data("ClientUseIPv6 1\n" 1685 "ClientPreferIPv6ORPort 1\n" 1686 "ClientPreferIPv6DirPort 1\n"); 1687 1688 ret = options_validate(NULL, tdata->opt, &msg); 1689 tt_int_op(ret, OP_EQ, 0); 1690 tt_ptr_op(msg, OP_EQ, NULL); 1691 1692 /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */ 1693 1694 free_options_test_data(tdata); 1695 tdata = get_options_test_data("ClientUseIPv4 0\n" 1696 "ClientPreferIPv6ORPort 1\n" 1697 "ClientPreferIPv6DirPort 1\n"); 1698 1699 ret = options_validate(NULL, tdata->opt, &msg); 1700 tt_int_op(ret, OP_EQ, 0); 1701 tt_ptr_op(msg, OP_EQ, NULL); 1702 1703 /* And an implicit (bridge) client setting IPv6 preferences */ 1704 1705 free_options_test_data(tdata); 1706 tdata = get_options_test_data("UseBridges 1\n" 1707 "Bridge 127.0.0.1:12345\n" 1708 "ClientPreferIPv6ORPort 1\n" 1709 "ClientPreferIPv6DirPort 1\n"); 1710 1711 ret = options_validate(NULL, tdata->opt, &msg); 1712 tt_int_op(ret, OP_EQ, 0); 1713 tt_ptr_op(msg, OP_EQ, NULL); 1714 1715 done: 1716 teardown_capture_of_logs(); 1717 free_options_test_data(tdata); 1718 tor_free(msg); 1719 } 1720 1721 static void 1722 test_options_validate__use_bridges(void *ignored) 1723 { 1724 (void)ignored; 1725 int ret; 1726 char *msg; 1727 options_test_data_t *tdata = get_options_test_data( 1728 "UseBridges 1\n" 1729 "ClientUseIPv4 1\n" 1730 "ORPort 127.0.0.1:5555\n"); 1731 1732 ret = options_validate(NULL, tdata->opt, &msg); 1733 tt_int_op(ret, OP_EQ, -1); 1734 tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of" 1735 " the Internet, so they must not set UseBridges."); 1736 tor_free(msg); 1737 1738 free_options_test_data(tdata); 1739 tdata = get_options_test_data("UseBridges 1\n"); 1740 1741 ret = options_validate(NULL, tdata->opt, &msg); 1742 tt_int_op(ret, OP_EQ, -1); 1743 tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of" 1744 " the Internet, so they must not set UseBridges."); 1745 tor_free(msg); 1746 1747 MOCK(geoip_get_country, 1748 opt_tests_geoip_get_country); 1749 free_options_test_data(tdata); 1750 tdata = get_options_test_data("UseBridges 1\n" 1751 "EntryNodes {cn}\n"); 1752 1753 ret = options_validate(NULL, tdata->opt, &msg); 1754 tt_int_op(ret, OP_EQ, -1); 1755 tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes."); 1756 tor_free(msg); 1757 1758 free_options_test_data(tdata); 1759 tdata = get_options_test_data("UseBridges 1\n"); 1760 1761 ret = options_validate(NULL, tdata->opt, &msg); 1762 tt_int_op(ret, OP_EQ, -1); 1763 tt_str_op(msg, OP_EQ, 1764 "If you set UseBridges, you must specify at least one bridge."); 1765 tor_free(msg); 1766 1767 free_options_test_data(tdata); 1768 tdata = get_options_test_data("UseBridges 1\n" 1769 "Bridge 10.0.0.1\n" 1770 "UseEntryGuards 0\n" 1771 ); 1772 1773 ret = options_validate(NULL, tdata->opt, &msg); 1774 tt_int_op(ret, OP_EQ, -1); 1775 tt_str_op(msg, OP_EQ, 1776 "Setting UseBridges requires also setting UseEntryGuards."); 1777 tor_free(msg); 1778 1779 free_options_test_data(tdata); 1780 tdata = get_options_test_data("UseBridges 1\n" 1781 "Bridge 10.0.0.1\n" 1782 "Bridge !!!\n" 1783 ); 1784 1785 ret = options_validate(NULL, tdata->opt, &msg); 1786 tt_int_op(ret, OP_EQ, -1); 1787 tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details."); 1788 tor_free(msg); 1789 1790 done: 1791 UNMOCK(geoip_get_country); 1792 policies_free_all(); 1793 free_options_test_data(tdata); 1794 tor_free(msg); 1795 } 1796 1797 static void 1798 test_options_validate__entry_nodes(void *ignored) 1799 { 1800 (void)ignored; 1801 int ret; 1802 char *msg; 1803 MOCK(geoip_get_country, 1804 opt_tests_geoip_get_country); 1805 options_test_data_t *tdata = get_options_test_data( 1806 "EntryNodes {cn}\n" 1807 "UseEntryGuards 0\n"); 1808 1809 ret = options_validate(NULL, tdata->opt, &msg); 1810 tt_int_op(ret, OP_EQ, -1); 1811 tt_str_op(msg, OP_EQ, 1812 "If EntryNodes is set, UseEntryGuards must be enabled."); 1813 tor_free(msg); 1814 1815 free_options_test_data(tdata); 1816 tdata = get_options_test_data("EntryNodes {cn}\n" 1817 "UseEntryGuards 1\n"); 1818 1819 ret = options_validate(NULL, tdata->opt, &msg); 1820 tt_int_op(ret, OP_EQ, 0); 1821 tor_free(msg); 1822 1823 done: 1824 UNMOCK(geoip_get_country); 1825 free_options_test_data(tdata); 1826 tor_free(msg); 1827 } 1828 1829 static void 1830 test_options_validate__safe_logging(void *ignored) 1831 { 1832 (void)ignored; 1833 int ret; 1834 char *msg; 1835 options_test_data_t *tdata = get_options_test_data("SafeLogging 0\n"); 1836 1837 ret = options_validate(NULL, tdata->opt, &msg); 1838 tt_int_op(ret, OP_EQ, 0); 1839 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE); 1840 tor_free(msg); 1841 1842 free_options_test_data(tdata); 1843 tdata = get_options_test_data("SafeLogging 0\n"); 1844 1845 ret = options_validate(NULL, tdata->opt, &msg); 1846 tt_int_op(ret, OP_EQ, 0); 1847 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE); 1848 tor_free(msg); 1849 1850 free_options_test_data(tdata); 1851 tdata = get_options_test_data("SafeLogging Relay\n"); 1852 1853 ret = options_validate(NULL, tdata->opt, &msg); 1854 tt_int_op(ret, OP_EQ, 0); 1855 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY); 1856 tor_free(msg); 1857 1858 free_options_test_data(tdata); 1859 tdata = get_options_test_data("SafeLogging 1\n"); 1860 1861 ret = options_validate(NULL, tdata->opt, &msg); 1862 tt_int_op(ret, OP_EQ, 0); 1863 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL); 1864 tor_free(msg); 1865 1866 free_options_test_data(tdata); 1867 tdata = get_options_test_data("SafeLogging stuffy\n"); 1868 1869 ret = options_validate(NULL, tdata->opt, &msg); 1870 tt_int_op(ret, OP_EQ, -1); 1871 tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging"); 1872 tor_free(msg); 1873 1874 done: 1875 escaped(NULL); // This will free the leaking memory from the previous escaped 1876 free_options_test_data(tdata); 1877 tor_free(msg); 1878 } 1879 1880 static void 1881 test_options_validate__publish_server_descriptor(void *ignored) 1882 { 1883 (void)ignored; 1884 int ret; 1885 char *msg; 1886 setup_capture_of_logs(LOG_WARN); 1887 options_test_data_t *tdata = get_options_test_data( 1888 "PublishServerDescriptor bridge\n"); 1889 1890 ret = options_validate(NULL, tdata->opt, &msg); 1891 tt_int_op(ret, OP_EQ, 0); 1892 tt_assert(!msg); 1893 1894 free_options_test_data(tdata); 1895 tdata = get_options_test_data("PublishServerDescriptor humma\n"); 1896 1897 ret = options_validate(NULL, tdata->opt, &msg); 1898 tt_int_op(ret, OP_EQ, -1); 1899 tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor"); 1900 tor_free(msg); 1901 1902 free_options_test_data(tdata); 1903 tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n"); 1904 1905 ret = options_validate(NULL, tdata->opt, &msg); 1906 tt_int_op(ret, OP_EQ, -1); 1907 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router " 1908 "descriptors to the directory authorities. Please correct your " 1909 "PublishServerDescriptor line."); 1910 tor_free(msg); 1911 1912 free_options_test_data(tdata); 1913 tdata = get_options_test_data("BridgeRelay 1\n" 1914 "PublishServerDescriptor v3\n"); 1915 1916 ret = options_validate(NULL, tdata->opt, &msg); 1917 tt_int_op(ret, OP_EQ, -1); 1918 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router " 1919 "descriptors to the directory authorities. Please correct your " 1920 "PublishServerDescriptor line."); 1921 tor_free(msg); 1922 1923 free_options_test_data(tdata); 1924 tdata = get_options_test_data("BridgeRelay 1\n"); 1925 1926 ret = options_validate(NULL, tdata->opt, &msg); 1927 tt_int_op(ret, OP_EQ, -1); 1928 tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router " 1929 "descriptors to the directory authorities. Please correct your " 1930 "PublishServerDescriptor line."); 1931 tor_free(msg); 1932 1933 done: 1934 teardown_capture_of_logs(); 1935 policies_free_all(); 1936 free_options_test_data(tdata); 1937 tor_free(msg); 1938 } 1939 1940 static void 1941 test_options_validate__testing(void *ignored) 1942 { 1943 (void)ignored; 1944 int ret; 1945 char *msg; 1946 options_test_data_t *tdata = NULL; 1947 1948 #define ENSURE_DEFAULT(varname, varval) \ 1949 STMT_BEGIN \ 1950 free_options_test_data(tdata); \ 1951 tdata = get_options_test_data(#varname " " #varval "\n"); \ 1952 ret = options_validate(NULL, tdata->opt, &msg); \ 1953 tt_str_op(msg, OP_EQ, \ 1954 #varname " may only be changed in testing Tor networks!"); \ 1955 tt_int_op(ret, OP_EQ, -1); \ 1956 tor_free(msg); \ 1957 \ 1958 free_options_test_data(tdata); \ 1959 tdata = get_options_test_data(#varname " " #varval "\n" \ 1960 VALID_DIR_AUTH \ 1961 "TestingTorNetwork 1\n"); \ 1962 \ 1963 ret = options_validate(NULL, tdata->opt, &msg); \ 1964 if (msg) { \ 1965 tt_str_op(msg, OP_NE, \ 1966 #varname " may only be changed in testing Tor networks!"); \ 1967 tor_free(msg); \ 1968 } \ 1969 \ 1970 free_options_test_data(tdata); \ 1971 tdata = get_options_test_data(#varname " " #varval "\n" \ 1972 "___UsingTestNetworkDefaults 1\n"); \ 1973 \ 1974 ret = options_validate(NULL, tdata->opt, &msg);\ 1975 if (msg) { \ 1976 tt_str_op(msg, OP_NE, \ 1977 #varname " may only be changed in testing Tor networks!"); \ 1978 tor_free(msg); \ 1979 } \ 1980 STMT_END 1981 1982 ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600); 1983 ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000); 1984 ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000); 1985 ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000); 1986 ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000); 1987 ENSURE_DEFAULT(TestingServerDownloadInitialDelay, 3000); 1988 ENSURE_DEFAULT(TestingClientDownloadInitialDelay, 3000); 1989 ENSURE_DEFAULT(TestingServerConsensusDownloadInitialDelay, 3000); 1990 ENSURE_DEFAULT(TestingClientConsensusDownloadInitialDelay, 3000); 1991 ENSURE_DEFAULT(TestingBridgeDownloadInitialDelay, 3000); 1992 ENSURE_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay, 3000); 1993 ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000); 1994 ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000); 1995 ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000); 1996 ENSURE_DEFAULT(TestingLinkCertLifetime, 3000); 1997 ENSURE_DEFAULT(TestingSigningKeySlop, 3000); 1998 ENSURE_DEFAULT(TestingAuthKeySlop, 3000); 1999 ENSURE_DEFAULT(TestingLinkKeySlop, 3000); 2000 2001 done: 2002 escaped(NULL); // This will free the leaking memory from the previous escaped 2003 policies_free_all(); 2004 free_options_test_data(tdata); 2005 tor_free(msg); 2006 } 2007 2008 static void 2009 test_options_validate__path_bias(void *ignored) 2010 { 2011 (void)ignored; 2012 int ret; 2013 char *msg; 2014 2015 options_test_data_t *tdata = get_options_test_data( 2016 "PathBiasNoticeRate 1.1\n"); 2017 ret = options_validate(NULL, tdata->opt, &msg); 2018 tt_int_op(ret, OP_EQ, -1); 2019 tt_str_op(msg, OP_EQ, 2020 "PathBiasNoticeRate is too high. It must be between 0 and 1.0"); 2021 tor_free(msg); 2022 2023 free_options_test_data(tdata); 2024 tdata = get_options_test_data("PathBiasWarnRate 1.1\n"); 2025 ret = options_validate(NULL, tdata->opt, &msg); 2026 tt_int_op(ret, OP_EQ, -1); 2027 tt_str_op(msg, OP_EQ, 2028 "PathBiasWarnRate is too high. It must be between 0 and 1.0"); 2029 tor_free(msg); 2030 2031 free_options_test_data(tdata); 2032 tdata = get_options_test_data("PathBiasExtremeRate 1.1\n"); 2033 ret = options_validate(NULL, tdata->opt, &msg); 2034 tt_int_op(ret, OP_EQ, -1); 2035 tt_str_op(msg, OP_EQ, 2036 "PathBiasExtremeRate is too high. It must be between 0 and 1.0"); 2037 tor_free(msg); 2038 2039 free_options_test_data(tdata); 2040 tdata = get_options_test_data("PathBiasNoticeUseRate 1.1\n"); 2041 ret = options_validate(NULL, tdata->opt, &msg); 2042 tt_int_op(ret, OP_EQ, -1); 2043 tt_str_op(msg, OP_EQ, 2044 "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0"); 2045 tor_free(msg); 2046 2047 free_options_test_data(tdata); 2048 tdata = get_options_test_data("PathBiasExtremeUseRate 1.1\n"); 2049 ret = options_validate(NULL, tdata->opt, &msg); 2050 tt_int_op(ret, OP_EQ, -1); 2051 tt_str_op(msg, OP_EQ, 2052 "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0"); 2053 tor_free(msg); 2054 2055 done: 2056 free_options_test_data(tdata); 2057 tor_free(msg); 2058 } 2059 2060 static void 2061 test_options_validate__bandwidth(void *ignored) 2062 { 2063 (void)ignored; 2064 int ret; 2065 char *msg; 2066 options_test_data_t *tdata = NULL; 2067 2068 #define ENSURE_BANDWIDTH_PARAM(p, EXTRA_OPT_STR) \ 2069 STMT_BEGIN \ 2070 free_options_test_data(tdata); \ 2071 tdata = get_options_test_data(EXTRA_OPT_STR \ 2072 #p " 3Gb\n"); \ 2073 ret = options_validate(NULL, tdata->opt, &msg); \ 2074 tt_int_op(ret, OP_EQ, -1); \ 2075 tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \ 2076 tor_free(msg); \ 2077 STMT_END 2078 2079 ENSURE_BANDWIDTH_PARAM(BandwidthRate, ""); 2080 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ""); 2081 2082 ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_V3); 2083 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_V3); 2084 2085 ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_BRIDGE); 2086 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_BRIDGE); 2087 2088 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ""); 2089 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ""); 2090 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ""); 2091 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ""); 2092 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ""); 2093 2094 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_V3); 2095 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_V3); 2096 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_V3); 2097 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_V3); 2098 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_V3); 2099 2100 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_BRIDGE); 2101 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_BRIDGE); 2102 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_BRIDGE); 2103 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_BRIDGE); 2104 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_BRIDGE); 2105 2106 ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee, ENABLE_AUTHORITY_V3); 2107 ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee, ENABLE_AUTHORITY_V3); 2108 2109 free_options_test_data(tdata); 2110 tdata = get_options_test_data("RelayBandwidthRate 1000\n"); 2111 ret = options_validate(NULL, tdata->opt, &msg); 2112 tt_int_op(ret, OP_EQ, 0); 2113 tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000); 2114 tor_free(msg); 2115 2116 free_options_test_data(tdata); 2117 tdata = get_options_test_data("RelayBandwidthBurst 1001\n"); 2118 ret = options_validate(NULL, tdata->opt, &msg); 2119 tt_int_op(ret, OP_EQ, 0); 2120 tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001); 2121 tor_free(msg); 2122 2123 free_options_test_data(tdata); 2124 tdata = get_options_test_data("RelayBandwidthRate 1001\n" 2125 "RelayBandwidthBurst 1000\n"); 2126 ret = options_validate(NULL, tdata->opt, &msg); 2127 tt_int_op(ret, OP_EQ, -1); 2128 tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to " 2129 "RelayBandwidthRate."); 2130 tor_free(msg); 2131 2132 free_options_test_data(tdata); 2133 tdata = get_options_test_data("BandwidthRate 1001\n" 2134 "BandwidthBurst 1000\n"); 2135 ret = options_validate(NULL, tdata->opt, &msg); 2136 tt_int_op(ret, OP_EQ, -1); 2137 tt_str_op(msg, OP_EQ, 2138 "BandwidthBurst must be at least equal to BandwidthRate."); 2139 tor_free(msg); 2140 2141 free_options_test_data(tdata); 2142 tdata = get_options_test_data("RelayBandwidthRate 1001\n" 2143 "BandwidthRate 1000\n" 2144 "BandwidthBurst 1000\n" 2145 ); 2146 ret = options_validate(NULL, tdata->opt, &msg); 2147 tt_int_op(ret, OP_EQ, 0); 2148 tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001); 2149 tor_free(msg); 2150 2151 free_options_test_data(tdata); 2152 tdata = get_options_test_data("RelayBandwidthRate 1001\n" 2153 "BandwidthRate 1000\n" 2154 "RelayBandwidthBurst 1001\n" 2155 "BandwidthBurst 1000\n" 2156 ); 2157 ret = options_validate(NULL, tdata->opt, &msg); 2158 tt_int_op(ret, OP_EQ, 0); 2159 tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001); 2160 tor_free(msg); 2161 2162 free_options_test_data(tdata); 2163 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n" 2164 "BandwidthRate 1\n" 2165 ); 2166 ret = options_validate(NULL, tdata->opt, &msg); 2167 tt_int_op(ret, OP_EQ, -1); 2168 tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers," 2169 " it must be at least 76800."); 2170 tor_free(msg); 2171 2172 free_options_test_data(tdata); 2173 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n" 2174 "BandwidthRate 76800\n" 2175 "MaxAdvertisedBandwidth 30000\n" 2176 ); 2177 ret = options_validate(NULL, tdata->opt, &msg); 2178 tt_int_op(ret, OP_EQ, -1); 2179 tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second." 2180 " For servers, it must be at least 38400."); 2181 tor_free(msg); 2182 2183 free_options_test_data(tdata); 2184 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n" 2185 "BandwidthRate 76800\n" 2186 "RelayBandwidthRate 1\n" 2187 "MaxAdvertisedBandwidth 38400\n" 2188 ); 2189 ret = options_validate(NULL, tdata->opt, &msg); 2190 tt_int_op(ret, OP_EQ, -1); 2191 tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For " 2192 "servers, it must be at least 76800."); 2193 tor_free(msg); 2194 2195 free_options_test_data(tdata); 2196 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n" 2197 "BandwidthRate 76800\n" 2198 "BandwidthBurst 76800\n" 2199 "RelayBandwidthRate 76800\n" 2200 "MaxAdvertisedBandwidth 38400\n" 2201 ); 2202 ret = options_validate(NULL, tdata->opt, &msg); 2203 tt_int_op(ret, OP_EQ, 0); 2204 tor_free(msg); 2205 2206 done: 2207 policies_free_all(); 2208 free_options_test_data(tdata); 2209 tor_free(msg); 2210 } 2211 2212 static void 2213 test_options_validate__circuits(void *ignored) 2214 { 2215 (void)ignored; 2216 char *msg; 2217 options_test_data_t *tdata = NULL; 2218 setup_capture_of_logs(LOG_WARN); 2219 2220 free_options_test_data(tdata); 2221 tdata = get_options_test_data("MaxCircuitDirtiness 2592001\n"); 2222 options_validate(NULL, tdata->opt, &msg); 2223 expect_log_msg("MaxCircuitDirtiness option is too " 2224 "high; setting to 30 days.\n"); 2225 tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000); 2226 tor_free(msg); 2227 2228 free_options_test_data(tdata); 2229 mock_clean_saved_logs(); 2230 tdata = get_options_test_data("CircuitStreamTimeout 1\n"); 2231 options_validate(NULL, tdata->opt, &msg); 2232 expect_log_msg("CircuitStreamTimeout option is too" 2233 " short; raising to 10 seconds.\n"); 2234 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10); 2235 tor_free(msg); 2236 2237 free_options_test_data(tdata); 2238 mock_clean_saved_logs(); 2239 tdata = get_options_test_data("CircuitStreamTimeout 111\n"); 2240 options_validate(NULL, tdata->opt, &msg); 2241 expect_no_log_msg("CircuitStreamTimeout option is too" 2242 " short; raising to 10 seconds.\n"); 2243 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111); 2244 tor_free(msg); 2245 2246 free_options_test_data(tdata); 2247 mock_clean_saved_logs(); 2248 tdata = get_options_test_data("HeartbeatPeriod 1\n"); 2249 options_validate(NULL, tdata->opt, &msg); 2250 expect_log_msg("HeartbeatPeriod option is too short;" 2251 " raising to 1800 seconds.\n"); 2252 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800); 2253 tor_free(msg); 2254 2255 free_options_test_data(tdata); 2256 mock_clean_saved_logs(); 2257 tdata = get_options_test_data("HeartbeatPeriod 1982\n"); 2258 options_validate(NULL, tdata->opt, &msg); 2259 expect_no_log_msg("HeartbeatPeriod option is too short;" 2260 " raising to 1800 seconds.\n"); 2261 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982); 2262 tor_free(msg); 2263 2264 free_options_test_data(tdata); 2265 mock_clean_saved_logs(); 2266 tdata = get_options_test_data("LearnCircuitBuildTimeout 0\n" 2267 "CircuitBuildTimeout 1\n" 2268 ); 2269 options_validate(NULL, tdata->opt, &msg); 2270 expect_log_msg("CircuitBuildTimeout is shorter (1" 2271 " seconds) than the recommended minimum (10 seconds), and " 2272 "LearnCircuitBuildTimeout is disabled. If tor isn't working, " 2273 "raise this value or enable LearnCircuitBuildTimeout.\n"); 2274 tor_free(msg); 2275 2276 free_options_test_data(tdata); 2277 mock_clean_saved_logs(); 2278 tdata = get_options_test_data("CircuitBuildTimeout 11\n" 2279 ); 2280 options_validate(NULL, tdata->opt, &msg); 2281 expect_no_log_msg("CircuitBuildTimeout is shorter (1 " 2282 "seconds) than the recommended minimum (10 seconds), and " 2283 "LearnCircuitBuildTimeout is disabled. If tor isn't working, " 2284 "raise this value or enable LearnCircuitBuildTimeout.\n"); 2285 tor_free(msg); 2286 2287 done: 2288 policies_free_all(); 2289 teardown_capture_of_logs(); 2290 free_options_test_data(tdata); 2291 tor_free(msg); 2292 } 2293 2294 static void 2295 test_options_validate__rend(void *ignored) 2296 { 2297 (void)ignored; 2298 int ret; 2299 char *msg; 2300 options_test_data_t *tdata = NULL; 2301 setup_capture_of_logs(LOG_WARN); 2302 2303 free_options_test_data(tdata); 2304 tdata = get_options_test_data( 2305 "UseEntryGuards 0\n" 2306 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2307 "HiddenServicePort 80 127.0.0.1:8080\n" 2308 ); 2309 ret = options_validate(NULL, tdata->opt, &msg); 2310 tt_int_op(ret, OP_EQ, 0); 2311 expect_log_msg("UseEntryGuards is disabled, but you" 2312 " have configured one or more hidden services on this Tor " 2313 "instance. Your hidden services will be very easy to locate using" 2314 " a well-known attack -- see https://freehaven.net/anonbib/#hs-" 2315 "attack06 for details.\n"); 2316 tor_free(msg); 2317 2318 free_options_test_data(tdata); 2319 tdata = get_options_test_data( 2320 "UseEntryGuards 1\n" 2321 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2322 "HiddenServicePort 80 127.0.0.1:8080\n" 2323 ); 2324 mock_clean_saved_logs(); 2325 ret = options_validate(NULL, tdata->opt, &msg); 2326 tt_int_op(ret, OP_EQ, 0); 2327 expect_no_log_msg("UseEntryGuards is disabled, but you" 2328 " have configured one or more hidden services on this Tor " 2329 "instance. Your hidden services will be very easy to locate using" 2330 " a well-known attack -- see https://freehaven.net/anonbib/#hs-" 2331 "attack06 for details.\n"); 2332 2333 free_options_test_data(tdata); 2334 tdata = get_options_test_data("HiddenServicePort 80 127.0.0.1:8080\n"); 2335 ret = options_validate(NULL, tdata->opt, &msg); 2336 tt_int_op(ret, OP_EQ, -1); 2337 tt_str_op(msg, OP_EQ, 2338 "Failed to configure rendezvous options. See logs for details."); 2339 tor_free(msg); 2340 2341 done: 2342 policies_free_all(); 2343 teardown_capture_of_logs(); 2344 free_options_test_data(tdata); 2345 tor_free(msg); 2346 } 2347 2348 static void 2349 test_options_validate__single_onion(void *ignored) 2350 { 2351 (void)ignored; 2352 int ret; 2353 char *msg; 2354 options_test_data_t *tdata = NULL; 2355 setup_capture_of_logs(LOG_WARN); 2356 2357 /* Test that HiddenServiceSingleHopMode must come with 2358 * HiddenServiceNonAnonymousMode */ 2359 tdata = get_options_test_data("SOCKSPort 0\n" 2360 "HiddenServiceSingleHopMode 1\n" 2361 ); 2362 ret = options_validate(NULL, tdata->opt, &msg); 2363 tt_int_op(ret, OP_EQ, -1); 2364 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any " 2365 "server anonymity. It must be used with " 2366 "HiddenServiceNonAnonymousMode set to 1."); 2367 tor_free(msg); 2368 free_options_test_data(tdata); 2369 2370 tdata = get_options_test_data("SOCKSPort 0\n" 2371 "HiddenServiceSingleHopMode 1\n" 2372 "HiddenServiceNonAnonymousMode 0\n" 2373 ); 2374 ret = options_validate(NULL, tdata->opt, &msg); 2375 tt_int_op(ret, OP_EQ, -1); 2376 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any " 2377 "server anonymity. It must be used with " 2378 "HiddenServiceNonAnonymousMode set to 1."); 2379 tor_free(msg); 2380 free_options_test_data(tdata); 2381 2382 tdata = get_options_test_data("SOCKSPort 0\n" 2383 "HiddenServiceSingleHopMode 1\n" 2384 "HiddenServiceNonAnonymousMode 1\n" 2385 ); 2386 ret = options_validate(NULL, tdata->opt, &msg); 2387 tt_int_op(ret, OP_EQ, 0); 2388 tt_ptr_op(msg, OP_EQ, NULL); 2389 free_options_test_data(tdata); 2390 2391 /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */ 2392 tdata = get_options_test_data("SOCKSPort 5000\n" 2393 "HiddenServiceSingleHopMode 1\n" 2394 "HiddenServiceNonAnonymousMode 1\n" 2395 ); 2396 ret = options_validate(NULL, tdata->opt, &msg); 2397 tt_int_op(ret, OP_EQ, -1); 2398 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with " 2399 "using Tor as an anonymous client. Please set " 2400 "Socks/Trans/NATD/DNSPort to 0, or revert " 2401 "HiddenServiceNonAnonymousMode to 0."); 2402 tor_free(msg); 2403 free_options_test_data(tdata); 2404 2405 tdata = get_options_test_data("SOCKSPort 0\n" 2406 "HiddenServiceSingleHopMode 1\n" 2407 "HiddenServiceNonAnonymousMode 1\n" 2408 ); 2409 ret = options_validate(NULL, tdata->opt, &msg); 2410 tt_int_op(ret, OP_EQ, 0); 2411 tt_ptr_op(msg, OP_EQ, NULL); 2412 free_options_test_data(tdata); 2413 2414 tdata = get_options_test_data("SOCKSPort 5000\n" 2415 "HiddenServiceSingleHopMode 0\n" 2416 ); 2417 ret = options_validate(NULL, tdata->opt, &msg); 2418 tt_int_op(ret, OP_EQ, 0); 2419 tt_ptr_op(msg, OP_EQ, NULL); 2420 free_options_test_data(tdata); 2421 2422 /* Test that a hidden service can't be run in non anonymous mode. */ 2423 tdata = get_options_test_data( 2424 "HiddenServiceNonAnonymousMode 1\n" 2425 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2426 "HiddenServicePort 80 127.0.0.1:8080\n" 2427 ); 2428 ret = options_validate(NULL, tdata->opt, &msg); 2429 tt_int_op(ret, OP_EQ, -1); 2430 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any " 2431 "server anonymity. It must be used with " 2432 "HiddenServiceSingleHopMode set to 1."); 2433 tor_free(msg); 2434 free_options_test_data(tdata); 2435 2436 tdata = get_options_test_data( 2437 "HiddenServiceNonAnonymousMode 1\n" 2438 ); 2439 ret = options_validate(NULL, tdata->opt, &msg); 2440 tt_int_op(ret, OP_EQ, -1); 2441 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any " 2442 "server anonymity. It must be used with " 2443 "HiddenServiceSingleHopMode set to 1."); 2444 tor_free(msg); 2445 free_options_test_data(tdata); 2446 2447 tdata = get_options_test_data( 2448 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2449 "HiddenServicePort 80 127.0.0.1:8080\n" 2450 ); 2451 ret = options_validate(NULL, tdata->opt, &msg); 2452 tt_int_op(ret, OP_EQ, 0); 2453 tt_ptr_op(msg, OP_EQ, NULL); 2454 free_options_test_data(tdata); 2455 2456 tdata = get_options_test_data( 2457 "HiddenServiceNonAnonymousMode 1\n" 2458 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2459 "HiddenServicePort 80 127.0.0.1:8080\n" 2460 "HiddenServiceSingleHopMode 1\n" 2461 "SOCKSPort 0\n" 2462 ); 2463 ret = options_validate(NULL, tdata->opt, &msg); 2464 tt_int_op(ret, OP_EQ, 0); 2465 tt_ptr_op(msg, OP_EQ, NULL); 2466 2467 done: 2468 policies_free_all(); 2469 teardown_capture_of_logs(); 2470 free_options_test_data(tdata); 2471 tor_free(msg); 2472 } 2473 2474 static void 2475 test_options_validate__accounting(void *ignored) 2476 { 2477 (void)ignored; 2478 int ret; 2479 char *msg; 2480 options_test_data_t *tdata = NULL; 2481 setup_capture_of_logs(LOG_WARN); 2482 2483 free_options_test_data(tdata); 2484 tdata = get_options_test_data("AccountingRule something_bad\n"); 2485 ret = options_validate(NULL, tdata->opt, &msg); 2486 tt_int_op(ret, OP_EQ, -1); 2487 tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'"); 2488 tor_free(msg); 2489 2490 free_options_test_data(tdata); 2491 tdata = get_options_test_data("AccountingRule sum\n"); 2492 ret = options_validate(NULL, tdata->opt, &msg); 2493 tt_int_op(ret, OP_EQ, 0); 2494 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM); 2495 tor_free(msg); 2496 2497 free_options_test_data(tdata); 2498 tdata = get_options_test_data("AccountingRule max\n"); 2499 ret = options_validate(NULL, tdata->opt, &msg); 2500 tt_int_op(ret, OP_EQ, 0); 2501 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX); 2502 tor_free(msg); 2503 2504 free_options_test_data(tdata); 2505 tdata = get_options_test_data("AccountingRule in\n"); 2506 ret = options_validate(NULL, tdata->opt, &msg); 2507 tt_int_op(ret, OP_EQ, 0); 2508 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_IN); 2509 tor_free(msg); 2510 2511 free_options_test_data(tdata); 2512 tdata = get_options_test_data("AccountingRule out\n"); 2513 ret = options_validate(NULL, tdata->opt, &msg); 2514 tt_int_op(ret, OP_EQ, 0); 2515 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_OUT); 2516 tor_free(msg); 2517 2518 free_options_test_data(tdata); 2519 tdata = get_options_test_data("AccountingStart fail\n"); 2520 ret = options_validate(NULL, tdata->opt, &msg); 2521 tt_int_op(ret, OP_EQ, -1); 2522 tt_str_op(msg, OP_EQ, 2523 "Failed to parse accounting options. See logs for details."); 2524 tor_free(msg); 2525 2526 free_options_test_data(tdata); 2527 tdata = get_options_test_data("AccountingMax 10\n"); 2528 ret = options_validate(NULL, tdata->opt, &msg); 2529 tt_int_op(ret, OP_EQ, 0); 2530 tor_free(msg); 2531 2532 free_options_test_data(tdata); 2533 tdata = get_options_test_data( 2534 "ORPort 127.0.0.1:5555\n" 2535 "BandwidthRate 76800\n" 2536 "BandwidthBurst 76800\n" 2537 "MaxAdvertisedBandwidth 38400\n" 2538 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2539 "HiddenServicePort 80 127.0.0.1:8080\n" 2540 "AccountingMax 10\n" 2541 ); 2542 mock_clean_saved_logs(); 2543 ret = options_validate(NULL, tdata->opt, &msg); 2544 tt_int_op(ret, OP_EQ, 0); 2545 expect_log_msg("Using accounting with a hidden " 2546 "service and an ORPort is risky: your hidden service(s) and " 2547 "your public address will all turn off at the same time, " 2548 "which may alert observers that they are being run by the " 2549 "same party.\n"); 2550 tor_free(msg); 2551 2552 free_options_test_data(tdata); 2553 tdata = get_options_test_data( 2554 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2555 "HiddenServicePort 80 127.0.0.1:8080\n" 2556 "AccountingMax 10\n" 2557 ); 2558 mock_clean_saved_logs(); 2559 ret = options_validate(NULL, tdata->opt, &msg); 2560 tt_int_op(ret, OP_EQ, 0); 2561 expect_no_log_msg("Using accounting with a hidden " 2562 "service and an ORPort is risky: your hidden service(s) and " 2563 "your public address will all turn off at the same time, " 2564 "which may alert observers that they are being run by the " 2565 "same party.\n"); 2566 tor_free(msg); 2567 2568 free_options_test_data(tdata); 2569 tdata = get_options_test_data( 2570 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n" 2571 "HiddenServicePort 80 127.0.0.1:8080\n" 2572 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n" 2573 "HiddenServicePort 81 127.0.0.1:8081\n" 2574 "AccountingMax 10\n" 2575 ); 2576 mock_clean_saved_logs(); 2577 ret = options_validate(NULL, tdata->opt, &msg); 2578 tt_int_op(ret, OP_EQ, 0); 2579 expect_log_msg("Using accounting with multiple " 2580 "hidden services is risky: they will all turn off at the same" 2581 " time, which may alert observers that they are being run by " 2582 "the same party.\n"); 2583 tor_free(msg); 2584 2585 done: 2586 teardown_capture_of_logs(); 2587 policies_free_all(); 2588 free_options_test_data(tdata); 2589 tor_free(msg); 2590 } 2591 2592 static void 2593 test_options_validate__proxy(void *ignored) 2594 { 2595 (void)ignored; 2596 int ret; 2597 char *msg; 2598 options_test_data_t *tdata = NULL; 2599 sandbox_disable_getaddrinfo_cache(); 2600 setup_capture_of_logs(LOG_WARN); 2601 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); 2602 2603 free_options_test_data(tdata); 2604 tdata = get_options_test_data("HttpProxy 127.0.42.1\n"); 2605 ret = options_validate(NULL, tdata->opt, &msg); 2606 tt_int_op(ret, OP_EQ, 0); 2607 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80); 2608 tor_free(msg); 2609 2610 free_options_test_data(tdata); 2611 tdata = get_options_test_data("HttpProxy 127.0.42.1:444\n"); 2612 ret = options_validate(NULL, tdata->opt, &msg); 2613 tt_int_op(ret, OP_EQ, 0); 2614 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444); 2615 tor_free(msg); 2616 2617 free_options_test_data(tdata); 2618 2619 tdata = get_options_test_data("HttpProxy not_so_valid!\n"); 2620 ret = options_validate(NULL, tdata->opt, &msg); 2621 tt_int_op(ret, OP_EQ, -1); 2622 tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix."); 2623 tor_free(msg); 2624 2625 free_options_test_data(tdata); 2626 tdata = get_options_test_data("HttpProxyAuthenticator " 2627 "onetwothreonetwothreonetwothreonetwothreonetw" 2628 "othreonetwothreonetwothreonetwothreonetwothre" 2629 "onetwothreonetwothreonetwothreonetwothreonetw" 2630 "othreonetwothreonetwothreonetwothreonetwothre" 2631 "onetwothreonetwothreonetwothreonetwothreonetw" 2632 "othreonetwothreonetwothreonetwothreonetwothre" 2633 "onetwothreonetwothreonetwothreonetwothreonetw" 2634 "othreonetwothreonetwothreonetwothreonetwothre" 2635 "onetwothreonetwothreonetwothreonetwothreonetw" 2636 "othreonetwothreonetwothreonetwothreonetwothre" 2637 "onetwothreonetwothreonetwothreonetwothreonetw" 2638 "othreonetwothreeonetwothreeonetwothree" 2639 ); 2640 ret = options_validate(NULL, tdata->opt, &msg); 2641 tt_int_op(ret, OP_EQ, -1); 2642 tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars)."); 2643 tor_free(msg); 2644 2645 free_options_test_data(tdata); 2646 tdata = get_options_test_data("HttpProxyAuthenticator validauth\n"); 2647 ret = options_validate(NULL, tdata->opt, &msg); 2648 tt_int_op(ret, OP_EQ, 0); 2649 tor_free(msg); 2650 2651 free_options_test_data(tdata); 2652 tdata = get_options_test_data("HttpsProxy 127.0.42.1\n"); 2653 ret = options_validate(NULL, tdata->opt, &msg); 2654 tt_int_op(ret, OP_EQ, 0); 2655 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443); 2656 tor_free(msg); 2657 2658 free_options_test_data(tdata); 2659 tdata = get_options_test_data("HttpsProxy 127.0.42.1:444\n"); 2660 ret = options_validate(NULL, tdata->opt, &msg); 2661 tt_int_op(ret, OP_EQ, 0); 2662 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444); 2663 tor_free(msg); 2664 2665 free_options_test_data(tdata); 2666 tdata = get_options_test_data("HttpsProxy not_so_valid!\n"); 2667 ret = options_validate(NULL, tdata->opt, &msg); 2668 tt_int_op(ret, OP_EQ, -1); 2669 tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix."); 2670 tor_free(msg); 2671 2672 free_options_test_data(tdata); 2673 tdata = get_options_test_data("HttpsProxyAuthenticator " 2674 "onetwothreonetwothreonetwothreonetwothreonetw" 2675 "othreonetwothreonetwothreonetwothreonetwothre" 2676 "onetwothreonetwothreonetwothreonetwothreonetw" 2677 "othreonetwothreonetwothreonetwothreonetwothre" 2678 "onetwothreonetwothreonetwothreonetwothreonetw" 2679 "othreonetwothreonetwothreonetwothreonetwothre" 2680 "onetwothreonetwothreonetwothreonetwothreonetw" 2681 "othreonetwothreonetwothreonetwothreonetwothre" 2682 "onetwothreonetwothreonetwothreonetwothreonetw" 2683 "othreonetwothreonetwothreonetwothreonetwothre" 2684 "onetwothreonetwothreonetwothreonetwothreonetw" 2685 "othreonetwothreeonetwothreeonetwothree" 2686 2687 ); 2688 ret = options_validate(NULL, tdata->opt, &msg); 2689 tt_int_op(ret, OP_EQ, -1); 2690 tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars)."); 2691 tor_free(msg); 2692 2693 free_options_test_data(tdata); 2694 tdata = get_options_test_data("HttpsProxyAuthenticator validauth\n"); 2695 ret = options_validate(NULL, tdata->opt, &msg); 2696 tt_int_op(ret, OP_EQ, 0); 2697 tor_free(msg); 2698 2699 free_options_test_data(tdata); 2700 tdata = get_options_test_data("Socks4Proxy 127.0.42.1\n"); 2701 ret = options_validate(NULL, tdata->opt, &msg); 2702 tt_int_op(ret, OP_EQ, 0); 2703 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080); 2704 tor_free(msg); 2705 2706 free_options_test_data(tdata); 2707 tdata = get_options_test_data("Socks4Proxy 127.0.42.1:444\n"); 2708 ret = options_validate(NULL, tdata->opt, &msg); 2709 tt_int_op(ret, OP_EQ, 0); 2710 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444); 2711 tor_free(msg); 2712 2713 free_options_test_data(tdata); 2714 tdata = get_options_test_data("Socks4Proxy not_so_valid!\n"); 2715 ret = options_validate(NULL, tdata->opt, &msg); 2716 tt_int_op(ret, OP_EQ, -1); 2717 tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix."); 2718 tor_free(msg); 2719 2720 free_options_test_data(tdata); 2721 tdata = get_options_test_data("Socks5Proxy 127.0.42.1\n"); 2722 ret = options_validate(NULL, tdata->opt, &msg); 2723 tt_int_op(ret, OP_EQ, 0); 2724 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080); 2725 tor_free(msg); 2726 2727 free_options_test_data(tdata); 2728 tdata = get_options_test_data("Socks5Proxy 127.0.42.1:444\n"); 2729 ret = options_validate(NULL, tdata->opt, &msg); 2730 tt_int_op(ret, OP_EQ, 0); 2731 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444); 2732 tor_free(msg); 2733 2734 free_options_test_data(tdata); 2735 tdata = get_options_test_data("Socks5Proxy not_so_valid!\n"); 2736 ret = options_validate(NULL, tdata->opt, &msg); 2737 tt_int_op(ret, OP_EQ, -1); 2738 tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix."); 2739 tor_free(msg); 2740 2741 free_options_test_data(tdata); 2742 tdata = get_options_test_data("Socks4Proxy 215.1.1.1\n" 2743 "Socks5Proxy 215.1.1.2\n" 2744 ); 2745 ret = options_validate(NULL, tdata->opt, &msg); 2746 tt_int_op(ret, OP_EQ, -1); 2747 tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. " 2748 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)"); 2749 tor_free(msg); 2750 2751 free_options_test_data(tdata); 2752 tdata = get_options_test_data("HttpProxy 215.1.1.1\n"); 2753 mock_clean_saved_logs(); 2754 ret = options_validate(NULL, tdata->opt, &msg); 2755 tt_int_op(ret, OP_EQ, 0); 2756 expect_log_msg("HTTPProxy configured, but no SOCKS proxy, " 2757 "HTTPS proxy, or any other TCP proxy configured. Watch out: " 2758 "this configuration will proxy unencrypted directory " 2759 "connections only.\n"); 2760 tor_free(msg); 2761 2762 free_options_test_data(tdata); 2763 tdata = get_options_test_data("HttpProxy 215.1.1.1\n" 2764 "Socks4Proxy 215.1.1.1\n" 2765 ); 2766 mock_clean_saved_logs(); 2767 ret = options_validate(NULL, tdata->opt, &msg); 2768 tt_int_op(ret, OP_EQ, 0); 2769 expect_no_log_msg("HTTPProxy configured, but no SOCKS " 2770 "proxy or HTTPS proxy configured. Watch out: this configuration " 2771 "will proxy unencrypted directory connections only.\n"); 2772 tor_free(msg); 2773 2774 free_options_test_data(tdata); 2775 tdata = get_options_test_data("HttpProxy 215.1.1.1\n" 2776 "Socks5Proxy 215.1.1.1\n" 2777 ); 2778 mock_clean_saved_logs(); 2779 ret = options_validate(NULL, tdata->opt, &msg); 2780 tt_int_op(ret, OP_EQ, 0); 2781 expect_no_log_msg("HTTPProxy configured, but no SOCKS " 2782 "proxy or HTTPS proxy configured. Watch out: this configuration " 2783 "will proxy unencrypted directory connections only.\n"); 2784 tor_free(msg); 2785 2786 free_options_test_data(tdata); 2787 tdata = get_options_test_data("HttpProxy 215.1.1.1\n" 2788 "HttpsProxy 215.1.1.1\n" 2789 ); 2790 mock_clean_saved_logs(); 2791 ret = options_validate(NULL, tdata->opt, &msg); 2792 tt_int_op(ret, OP_EQ, 0); 2793 expect_no_log_msg( 2794 "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy " 2795 "configured. Watch out: this configuration will proxy " 2796 "unencrypted directory connections only.\n"); 2797 tor_free(msg); 2798 2799 free_options_test_data(tdata); 2800 tdata = get_options_test_data(""); 2801 tdata->opt->Socks5ProxyUsername = tor_strdup(""); 2802 ret = options_validate(NULL, tdata->opt, &msg); 2803 tt_int_op(ret, OP_EQ, -1); 2804 tt_str_op(msg, OP_EQ, 2805 "Socks5ProxyUsername must be between 1 and 255 characters."); 2806 tor_free(msg); 2807 2808 free_options_test_data(tdata); 2809 tdata = get_options_test_data(""); 2810 tdata->opt->Socks5ProxyUsername = 2811 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB" 2812 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD" 2813 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA" 2814 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC" 2815 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789"); 2816 ret = options_validate(NULL, tdata->opt, &msg); 2817 tt_int_op(ret, OP_EQ, -1); 2818 tt_str_op(msg, OP_EQ, 2819 "Socks5ProxyUsername must be between 1 and 255 characters."); 2820 tor_free(msg); 2821 2822 free_options_test_data(tdata); 2823 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n"); 2824 ret = options_validate(NULL, tdata->opt, &msg); 2825 tt_int_op(ret, OP_EQ, -1); 2826 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with " 2827 "Socks5ProxyUsername."); 2828 tor_free(msg); 2829 2830 free_options_test_data(tdata); 2831 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n"); 2832 tdata->opt->Socks5ProxyPassword = tor_strdup(""); 2833 ret = options_validate(NULL, tdata->opt, &msg); 2834 tt_int_op(ret, OP_EQ, -1); 2835 tt_str_op(msg, OP_EQ, 2836 "Socks5ProxyPassword must be between 1 and 255 characters."); 2837 tor_free(msg); 2838 2839 free_options_test_data(tdata); 2840 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n"); 2841 tdata->opt->Socks5ProxyPassword = 2842 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB" 2843 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD" 2844 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA" 2845 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC" 2846 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789"); 2847 ret = options_validate(NULL, tdata->opt, &msg); 2848 tt_int_op(ret, OP_EQ, -1); 2849 tt_str_op(msg, OP_EQ, 2850 "Socks5ProxyPassword must be between 1 and 255 characters."); 2851 tor_free(msg); 2852 2853 free_options_test_data(tdata); 2854 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n" 2855 "Socks5ProxyPassword world_hello\n"); 2856 ret = options_validate(NULL, tdata->opt, &msg); 2857 tt_int_op(ret, OP_EQ, 0); 2858 tor_free(msg); 2859 2860 free_options_test_data(tdata); 2861 tdata = get_options_test_data("Socks5ProxyPassword hello_world\n"); 2862 ret = options_validate(NULL, tdata->opt, &msg); 2863 tt_int_op(ret, OP_EQ, -1); 2864 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with " 2865 "Socks5ProxyUsername."); 2866 tor_free(msg); 2867 2868 done: 2869 teardown_capture_of_logs(); 2870 free_options_test_data(tdata); 2871 policies_free_all(); 2872 // sandbox_free_getaddrinfo_cache(); 2873 tor_free(msg); 2874 UNMOCK(tor_addr_lookup); 2875 } 2876 2877 static void 2878 test_options_validate__control(void *ignored) 2879 { 2880 (void)ignored; 2881 int ret; 2882 char *msg; 2883 options_test_data_t *tdata = NULL; 2884 setup_capture_of_logs(LOG_WARN); 2885 2886 free_options_test_data(tdata); 2887 tdata = get_options_test_data( 2888 "HashedControlPassword something_incorrect\n"); 2889 ret = options_validate(NULL, tdata->opt, &msg); 2890 tt_int_op(ret, OP_EQ, -1); 2891 tt_str_op(msg, OP_EQ, 2892 "Bad HashedControlPassword: wrong length or bad encoding"); 2893 tor_free(msg); 2894 2895 free_options_test_data(tdata); 2896 tdata = get_options_test_data("HashedControlPassword 16:872860B76453A77D60CA" 2897 "2BB8C1A7042072093276A3D701AD684053EC4C\n" 2898 ); 2899 ret = options_validate(NULL, tdata->opt, &msg); 2900 tt_int_op(ret, OP_EQ, 0); 2901 tor_free(msg); 2902 2903 free_options_test_data(tdata); 2904 tdata = get_options_test_data( 2905 "__HashedControlSessionPassword something_incorrect\n" 2906 ); 2907 ret = options_validate(NULL, tdata->opt, &msg); 2908 tt_int_op(ret, OP_EQ, -1); 2909 tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or " 2910 "bad encoding"); 2911 tor_free(msg); 2912 2913 free_options_test_data(tdata); 2914 tdata = get_options_test_data("__HashedControlSessionPassword 16:872860B7645" 2915 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC" 2916 "4C\n" 2917 ); 2918 ret = options_validate(NULL, tdata->opt, &msg); 2919 tt_int_op(ret, OP_EQ, 0); 2920 tor_free(msg); 2921 2922 free_options_test_data(tdata); 2923 tdata = get_options_test_data( 2924 "__OwningControllerProcess something_incorrect\n" 2925 ); 2926 ret = options_validate(NULL, tdata->opt, &msg); 2927 tt_int_op(ret, OP_EQ, -1); 2928 tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID"); 2929 tor_free(msg); 2930 2931 free_options_test_data(tdata); 2932 tdata = get_options_test_data("__OwningControllerProcess 123\n" 2933 ); 2934 ret = options_validate(NULL, tdata->opt, &msg); 2935 tt_int_op(ret, OP_EQ, 0); 2936 tor_free(msg); 2937 2938 free_options_test_data(tdata); 2939 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n" 2940 ); 2941 mock_clean_saved_logs(); 2942 ret = options_validate(NULL, tdata->opt, &msg); 2943 tt_int_op(ret, OP_EQ, 0); 2944 expect_log_msg( 2945 "ControlPort is open, but no authentication method has been " 2946 "configured. This means that any program on your computer can " 2947 "reconfigure your Tor. That's bad! You should upgrade your Tor" 2948 " controller as soon as possible.\n"); 2949 tor_free(msg); 2950 2951 free_options_test_data(tdata); 2952 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n" 2953 "HashedControlPassword 16:872860B76453A77D60CA" 2954 "2BB8C1A7042072093276A3D701AD684053EC4C\n" 2955 ); 2956 mock_clean_saved_logs(); 2957 ret = options_validate(NULL, tdata->opt, &msg); 2958 tt_int_op(ret, OP_EQ, 0); 2959 expect_no_log_msg( 2960 "ControlPort is open, but no authentication method has been " 2961 "configured. This means that any program on your computer can " 2962 "reconfigure your Tor. That's bad! You should upgrade your Tor " 2963 "controller as soon as possible.\n"); 2964 tor_free(msg); 2965 2966 free_options_test_data(tdata); 2967 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n" 2968 "__HashedControlSessionPassword 16:872860B7645" 2969 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC" 2970 "4C\n" 2971 ); 2972 mock_clean_saved_logs(); 2973 ret = options_validate(NULL, tdata->opt, &msg); 2974 tt_int_op(ret, OP_EQ, 0); 2975 expect_no_log_msg( 2976 "ControlPort is open, but no authentication method has been " 2977 "configured. This means that any program on your computer can " 2978 "reconfigure your Tor. That's bad! You should upgrade your Tor " 2979 "controller as soon as possible.\n"); 2980 tor_free(msg); 2981 2982 free_options_test_data(tdata); 2983 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n" 2984 "CookieAuthentication 1\n" 2985 ); 2986 mock_clean_saved_logs(); 2987 ret = options_validate(NULL, tdata->opt, &msg); 2988 tt_int_op(ret, OP_EQ, 0); 2989 expect_no_log_msg( 2990 "ControlPort is open, but no authentication method has been " 2991 "configured. This means that any program on your computer can " 2992 "reconfigure your Tor. That's bad! You should upgrade your Tor " 2993 "controller as soon as possible.\n"); 2994 tor_free(msg); 2995 2996 #ifdef HAVE_SYS_UN_H 2997 free_options_test_data(tdata); 2998 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"); 2999 mock_clean_saved_logs(); 3000 ret = options_validate(NULL, tdata->opt, &msg); 3001 tt_int_op(ret, OP_EQ, 0); 3002 expect_log_msg( 3003 "ControlSocket is world writable, but no authentication method has" 3004 " been configured. This means that any program on your computer " 3005 "can reconfigure your Tor. That's bad! You should upgrade your " 3006 "Tor controller as soon as possible.\n"); 3007 tor_free(msg); 3008 3009 free_options_test_data(tdata); 3010 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n" 3011 "HashedControlPassword 16:872860B76453A77D60CA" 3012 "2BB8C1A7042072093276A3D701AD684053EC4C\n" 3013 ); 3014 mock_clean_saved_logs(); 3015 ret = options_validate(NULL, tdata->opt, &msg); 3016 tt_int_op(ret, OP_EQ, 0); 3017 expect_no_log_msg( 3018 "ControlSocket is world writable, but no authentication method has" 3019 " been configured. This means that any program on your computer " 3020 "can reconfigure your Tor. That's bad! You should upgrade your " 3021 "Tor controller as soon as possible.\n"); 3022 tor_free(msg); 3023 3024 free_options_test_data(tdata); 3025 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n" 3026 "__HashedControlSessionPassword 16:872860B7645" 3027 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC" 3028 "4C\n" 3029 ); 3030 mock_clean_saved_logs(); 3031 ret = options_validate(NULL, tdata->opt, &msg); 3032 tt_int_op(ret, OP_EQ, 0); 3033 expect_no_log_msg( 3034 "ControlSocket is world writable, but no authentication method has" 3035 " been configured. This means that any program on your computer " 3036 "can reconfigure your Tor. That's bad! You should upgrade your " 3037 "Tor controller as soon as possible.\n"); 3038 tor_free(msg); 3039 3040 free_options_test_data(tdata); 3041 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n" 3042 "CookieAuthentication 1\n" 3043 ); 3044 mock_clean_saved_logs(); 3045 ret = options_validate(NULL, tdata->opt, &msg); 3046 tt_int_op(ret, OP_EQ, 0); 3047 expect_no_log_msg( 3048 "ControlSocket is world writable, but no authentication method has" 3049 " been configured. This means that any program on your computer " 3050 "can reconfigure your Tor. That's bad! You should upgrade your " 3051 "Tor controller as soon as possible.\n"); 3052 tor_free(msg); 3053 #endif /* defined(HAVE_SYS_UN_H) */ 3054 3055 free_options_test_data(tdata); 3056 tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n" 3057 ); 3058 mock_clean_saved_logs(); 3059 ret = options_validate(NULL, tdata->opt, &msg); 3060 tt_int_op(ret, OP_EQ, 0); 3061 expect_log_msg( 3062 "CookieAuthFileGroupReadable is set, but will have no effect: you " 3063 "must specify an explicit CookieAuthFile to have it " 3064 "group-readable.\n"); 3065 tor_free(msg); 3066 3067 free_options_test_data(tdata); 3068 tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n" 3069 "CookieAuthFile /tmp/somewhere\n" 3070 ); 3071 mock_clean_saved_logs(); 3072 ret = options_validate(NULL, tdata->opt, &msg); 3073 tt_int_op(ret, OP_EQ, 0); 3074 expect_no_log_msg( 3075 "CookieAuthFileGroupReadable is set, but will have no effect: you " 3076 "must specify an explicit CookieAuthFile to have it " 3077 "group-readable.\n"); 3078 tor_free(msg); 3079 3080 done: 3081 teardown_capture_of_logs(); 3082 policies_free_all(); 3083 free_options_test_data(tdata); 3084 tor_free(msg); 3085 } 3086 3087 static void 3088 test_options_validate__families(void *ignored) 3089 { 3090 (void)ignored; 3091 int ret; 3092 char *msg; 3093 options_test_data_t *tdata = NULL; 3094 setup_capture_of_logs(LOG_WARN); 3095 3096 free_options_test_data(tdata); 3097 tdata = get_options_test_data("MyFamily home\n" 3098 "BridgeRelay 1\n" 3099 "ORPort 127.0.0.1:5555\n" 3100 "BandwidthRate 51300\n" 3101 "BandwidthBurst 51300\n" 3102 "MaxAdvertisedBandwidth 25700\n" 3103 "DirCache 1\n" 3104 ); 3105 mock_clean_saved_logs(); 3106 ret = options_validate(NULL, tdata->opt, &msg); 3107 tt_int_op(ret, OP_EQ, 0); 3108 expect_log_msg( 3109 "Listing a family for a bridge relay is not supported: it can " 3110 "reveal bridge fingerprints to censors. You should also make sure " 3111 "you aren't listing this bridge's fingerprint in any other " 3112 "MyFamily.\n"); 3113 tor_free(msg); 3114 3115 free_options_test_data(tdata); 3116 tdata = get_options_test_data("MyFamily home\n"); 3117 mock_clean_saved_logs(); 3118 ret = options_validate(NULL, tdata->opt, &msg); 3119 tt_int_op(ret, OP_EQ, 0); 3120 expect_no_log_msg( 3121 "Listing a family for a bridge relay is not supported: it can " 3122 "reveal bridge fingerprints to censors. You should also make sure " 3123 "you aren't listing this bridge's fingerprint in any other " 3124 "MyFamily.\n"); 3125 tor_free(msg); 3126 3127 free_options_test_data(tdata); 3128 tdata = get_options_test_data("MyFamily !\n"); 3129 mock_clean_saved_logs(); 3130 ret = options_validate(NULL, tdata->opt, &msg); 3131 tt_int_op(ret, OP_EQ, -1); 3132 tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line"); 3133 tor_free(msg); 3134 3135 free_options_test_data(tdata); 3136 tdata = get_options_test_data("NodeFamily foo\n" 3137 "NodeFamily !\n"); 3138 mock_clean_saved_logs(); 3139 ret = options_validate(NULL, tdata->opt, &msg); 3140 tt_int_op(ret, OP_EQ, -1); 3141 tt_assert(!msg); 3142 tor_free(msg); 3143 3144 done: 3145 teardown_capture_of_logs(); 3146 policies_free_all(); 3147 free_options_test_data(tdata); 3148 tor_free(msg); 3149 } 3150 3151 static void 3152 test_options_validate__addr_policies(void *ignored) 3153 { 3154 (void)ignored; 3155 int ret; 3156 char *msg; 3157 options_test_data_t *tdata = NULL; 3158 3159 free_options_test_data(tdata); 3160 tdata = get_options_test_data("ExitPolicy !!!\n" 3161 "ExitRelay 1\n" 3162 ); 3163 ret = options_validate(NULL, tdata->opt, &msg); 3164 tt_int_op(ret, OP_EQ, -1); 3165 tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry."); 3166 tor_free(msg); 3167 3168 done: 3169 policies_free_all(); 3170 free_options_test_data(tdata); 3171 tor_free(msg); 3172 } 3173 3174 static void 3175 test_options_validate__dir_auth(void *ignored) 3176 { 3177 (void)ignored; 3178 int ret; 3179 char *msg; 3180 options_test_data_t *tdata = NULL; 3181 setup_capture_of_logs(LOG_WARN); 3182 3183 free_options_test_data(tdata); 3184 tdata = get_options_test_data(VALID_DIR_AUTH 3185 VALID_ALT_DIR_AUTH 3186 ); 3187 mock_clean_saved_logs(); 3188 ret = options_validate(NULL, tdata->opt, &msg); 3189 tt_int_op(ret, OP_EQ, -1); 3190 tt_str_op(msg, OP_EQ, 3191 "Directory authority/fallback line did not parse. See logs for " 3192 "details."); 3193 expect_log_msg( 3194 "You cannot set both DirAuthority and Alternate*Authority.\n"); 3195 tor_free(msg); 3196 3197 free_options_test_data(tdata); 3198 tdata = get_options_test_data("TestingTorNetwork 1\n"); 3199 ret = options_validate(NULL, tdata->opt, &msg); 3200 tt_int_op(ret, OP_EQ, -1); 3201 tt_str_op(msg, OP_EQ, 3202 "TestingTorNetwork may only be configured in combination with a " 3203 "non-default set of DirAuthority or both of AlternateDirAuthority " 3204 "and AlternateBridgeAuthority configured."); 3205 tor_free(msg); 3206 3207 free_options_test_data(tdata); 3208 tdata = get_options_test_data(VALID_DIR_AUTH 3209 "TestingTorNetwork 1\n" 3210 ); 3211 ret = options_validate(NULL, tdata->opt, &msg); 3212 tt_int_op(ret, OP_EQ, 0); 3213 tor_free(msg); 3214 3215 free_options_test_data(tdata); 3216 tdata = get_options_test_data("TestingTorNetwork 1\n" 3217 VALID_ALT_DIR_AUTH 3218 ); 3219 ret = options_validate(NULL, tdata->opt, &msg); 3220 tt_int_op(ret, OP_EQ, -1); 3221 tt_str_op(msg, OP_EQ, 3222 "TestingTorNetwork may only be configured in combination with a " 3223 "non-default set of DirAuthority or both of AlternateDirAuthority " 3224 "and AlternateBridgeAuthority configured."); 3225 tor_free(msg); 3226 3227 free_options_test_data(tdata); 3228 tdata = get_options_test_data("TestingTorNetwork 1\n" 3229 VALID_ALT_BRIDGE_AUTH 3230 ); 3231 ret = options_validate(NULL, tdata->opt, &msg); 3232 tt_int_op(ret, OP_EQ, -1); 3233 tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in " 3234 "combination with a non-default set of DirAuthority or both of " 3235 "AlternateDirAuthority and AlternateBridgeAuthority configured."); 3236 tor_free(msg); 3237 3238 free_options_test_data(tdata); 3239 tdata = get_options_test_data(VALID_ALT_DIR_AUTH 3240 VALID_ALT_BRIDGE_AUTH 3241 "TestingTorNetwork 1\n" 3242 ); 3243 ret = options_validate(NULL, tdata->opt, &msg); 3244 tt_int_op(ret, OP_EQ, 0); 3245 tor_free(msg); 3246 3247 done: 3248 policies_free_all(); 3249 teardown_capture_of_logs(); 3250 free_options_test_data(tdata); 3251 tor_free(msg); 3252 } 3253 3254 static void 3255 test_options_validate__transport(void *ignored) 3256 { 3257 (void)ignored; 3258 int ret; 3259 char *msg; 3260 options_test_data_t *tdata = NULL; 3261 setup_capture_of_logs(LOG_NOTICE); 3262 3263 free_options_test_data(tdata); 3264 tdata = get_options_test_data("ClientTransportPlugin !!\n" 3265 ); 3266 mock_clean_saved_logs(); 3267 ret = options_validate(NULL, tdata->opt, &msg); 3268 tt_int_op(ret, OP_EQ, -1); 3269 tt_str_op(msg, OP_EQ, 3270 "Invalid client transport line. See logs for details."); 3271 expect_log_msg( 3272 "Too few arguments on ClientTransportPlugin line.\n"); 3273 tor_free(msg); 3274 3275 free_options_test_data(tdata); 3276 tdata = get_options_test_data("ClientTransportPlugin foo exec bar\n" 3277 ); 3278 mock_clean_saved_logs(); 3279 ret = options_validate(NULL, tdata->opt, &msg); 3280 tt_int_op(ret, OP_EQ, 0); 3281 tor_free(msg); 3282 3283 free_options_test_data(tdata); 3284 tdata = get_options_test_data("ServerTransportPlugin !!\n"); 3285 mock_clean_saved_logs(); 3286 ret = options_validate(NULL, tdata->opt, &msg); 3287 tt_int_op(ret, OP_EQ, -1); 3288 tt_str_op(msg, OP_EQ, 3289 "Invalid server transport line. See logs for details."); 3290 expect_log_msg( 3291 "Too few arguments on ServerTransportPlugin line.\n"); 3292 tor_free(msg); 3293 3294 free_options_test_data(tdata); 3295 tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n"); 3296 mock_clean_saved_logs(); 3297 ret = options_validate(NULL, tdata->opt, &msg); 3298 tt_int_op(ret, OP_EQ, 0); 3299 expect_log_msg( 3300 "Tor is not configured as a relay but you specified a " 3301 "ServerTransportPlugin line (\"foo exec bar\"). The " 3302 "ServerTransportPlugin line will be ignored.\n"); 3303 tor_free(msg); 3304 3305 free_options_test_data(tdata); 3306 tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n" 3307 "ORPort 127.0.0.1:5555\n" 3308 "BandwidthRate 76900\n" 3309 "BandwidthBurst 76900\n" 3310 "MaxAdvertisedBandwidth 38500\n" 3311 ); 3312 mock_clean_saved_logs(); 3313 ret = options_validate(NULL, tdata->opt, &msg); 3314 tt_int_op(ret, OP_EQ, 0); 3315 expect_no_log_msg( 3316 "Tor is not configured as a relay but you specified a " 3317 "ServerTransportPlugin line (\"foo exec bar\"). The " 3318 "ServerTransportPlugin line will be ignored.\n"); 3319 tor_free(msg); 3320 3321 free_options_test_data(tdata); 3322 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n" 3323 "ServerTransportListenAddr !\n"); 3324 ret = options_validate(NULL, tdata->opt, &msg); 3325 tt_int_op(ret, OP_EQ, -1); 3326 tt_str_op(msg, OP_EQ, 3327 "ServerTransportListenAddr did not parse. See logs for details."); 3328 tor_free(msg); 3329 3330 free_options_test_data(tdata); 3331 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n" 3332 ); 3333 mock_clean_saved_logs(); 3334 ret = options_validate(NULL, tdata->opt, &msg); 3335 tt_int_op(ret, OP_EQ, 0); 3336 expect_log_msg( 3337 "You need at least a single managed-proxy to specify a transport " 3338 "listen address. The ServerTransportListenAddr line will be " 3339 "ignored.\n"); 3340 tor_free(msg); 3341 3342 free_options_test_data(tdata); 3343 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n" 3344 "ServerTransportPlugin foo exec bar\n" 3345 "ORPort 127.0.0.1:5555\n" 3346 "BandwidthRate 76900\n" 3347 "BandwidthBurst 76900\n" 3348 "MaxAdvertisedBandwidth 38500\n" 3349 ); 3350 mock_clean_saved_logs(); 3351 ret = options_validate(NULL, tdata->opt, &msg); 3352 tt_int_op(ret, OP_EQ, 0); 3353 expect_no_log_msg( 3354 "You need at least a single managed-proxy to specify a transport " 3355 "listen address. The ServerTransportListenAddr line will be " 3356 "ignored.\n"); 3357 3358 done: 3359 escaped(NULL); // This will free the leaking memory from the previous escaped 3360 policies_free_all(); 3361 teardown_capture_of_logs(); 3362 free_options_test_data(tdata); 3363 tor_free(msg); 3364 } 3365 3366 static void 3367 test_options_validate__constrained_sockets(void *ignored) 3368 { 3369 (void)ignored; 3370 int ret; 3371 char *msg; 3372 options_test_data_t *tdata = NULL; 3373 setup_capture_of_logs(LOG_WARN); 3374 3375 free_options_test_data(tdata); 3376 tdata = get_options_test_data("ConstrainedSockets 1\n" 3377 "ConstrainedSockSize 0\n" 3378 ); 3379 mock_clean_saved_logs(); 3380 ret = options_validate(NULL, tdata->opt, &msg); 3381 tt_int_op(ret, OP_EQ, -1); 3382 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value " 3383 "between 2048 and 262144 in 1024 byte increments."); 3384 tor_free(msg); 3385 3386 free_options_test_data(tdata); 3387 tdata = get_options_test_data("ConstrainedSockets 1\n" 3388 "ConstrainedSockSize 263168\n" 3389 ); 3390 mock_clean_saved_logs(); 3391 ret = options_validate(NULL, tdata->opt, &msg); 3392 tt_int_op(ret, OP_EQ, -1); 3393 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value " 3394 "between 2048 and 262144 in 1024 byte increments."); 3395 tor_free(msg); 3396 3397 free_options_test_data(tdata); 3398 tdata = get_options_test_data("ConstrainedSockets 1\n" 3399 "ConstrainedSockSize 2047\n" 3400 ); 3401 mock_clean_saved_logs(); 3402 ret = options_validate(NULL, tdata->opt, &msg); 3403 tt_int_op(ret, OP_EQ, -1); 3404 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value " 3405 "between 2048 and 262144 in 1024 byte increments."); 3406 tor_free(msg); 3407 3408 done: 3409 policies_free_all(); 3410 teardown_capture_of_logs(); 3411 free_options_test_data(tdata); 3412 tor_free(msg); 3413 } 3414 3415 static void 3416 test_options_validate__v3_auth(void *ignored) 3417 { 3418 (void)ignored; 3419 int ret; 3420 char *msg; 3421 options_test_data_t *tdata = NULL; 3422 setup_capture_of_logs(LOG_WARN); 3423 3424 free_options_test_data(tdata); 3425 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3426 "V3AuthVoteDelay 1000\n" 3427 "V3AuthDistDelay 1000\n" 3428 "V3AuthVotingInterval 1000\n" 3429 ); 3430 ret = options_validate(NULL, tdata->opt, &msg); 3431 tt_int_op(ret, OP_EQ, -1); 3432 tt_str_op(msg, OP_EQ, 3433 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half " 3434 "V3AuthVotingInterval"); 3435 tor_free(msg); 3436 3437 free_options_test_data(tdata); 3438 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3439 "V3AuthVoteDelay 1\n"); 3440 ret = options_validate(NULL, tdata->opt, &msg); 3441 tt_int_op(ret, OP_EQ, -1); 3442 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low."); 3443 tor_free(msg); 3444 3445 free_options_test_data(tdata); 3446 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3447 "V3AuthVoteDelay 1\n" 3448 "TestingTorNetwork 1\n"); 3449 ret = options_validate(NULL, tdata->opt, &msg); 3450 tt_int_op(ret, OP_EQ, -1); 3451 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low."); 3452 tor_free(msg); 3453 3454 // TODO: we can't reach the case of v3authvotedelay lower 3455 // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING, 3456 // since they are the same 3457 3458 free_options_test_data(tdata); 3459 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3460 "V3AuthDistDelay 1\n"); 3461 ret = options_validate(NULL, tdata->opt, &msg); 3462 tt_int_op(ret, OP_EQ, -1); 3463 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low."); 3464 tor_free(msg); 3465 3466 free_options_test_data(tdata); 3467 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3468 "V3AuthDistDelay 1\n" 3469 "TestingTorNetwork 1\n" 3470 ); 3471 ret = options_validate(NULL, tdata->opt, &msg); 3472 tt_int_op(ret, OP_EQ, -1); 3473 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low."); 3474 tor_free(msg); 3475 3476 // We can't reach the case of v3authdistdelay lower than 3477 // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING, 3478 // since they are the same 3479 3480 free_options_test_data(tdata); 3481 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3482 "V3AuthNIntervalsValid 1\n" 3483 ); 3484 ret = options_validate(NULL, tdata->opt, &msg); 3485 tt_int_op(ret, OP_EQ, -1); 3486 tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2."); 3487 tor_free(msg); 3488 3489 free_options_test_data(tdata); 3490 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3491 "V3AuthVoteDelay 49\n" 3492 "V3AuthDistDelay 49\n" 3493 "V3AuthVotingInterval 200\n" 3494 ); 3495 ret = options_validate(NULL, tdata->opt, &msg); 3496 tt_int_op(ret, OP_EQ, -1); 3497 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low."); 3498 tor_free(msg); 3499 3500 free_options_test_data(tdata); 3501 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3502 VALID_DIR_AUTH 3503 "TestingTorNetwork 1\n" 3504 "V3AuthVoteDelay 49\n" 3505 "V3AuthDistDelay 49\n" 3506 "V3AuthVotingInterval 200\n" 3507 ); 3508 ret = options_validate(NULL, tdata->opt, &msg); 3509 tt_int_op(ret, OP_EQ, 0); 3510 tt_ptr_op(msg, OP_EQ, NULL); 3511 tor_free(msg); 3512 3513 free_options_test_data(tdata); 3514 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3515 VALID_DIR_AUTH 3516 "TestingTorNetwork 1\n" 3517 "V3AuthVoteDelay 2\n" 3518 "V3AuthDistDelay 2\n" 3519 "V3AuthVotingInterval 9\n" 3520 ); 3521 ret = options_validate(NULL, tdata->opt, &msg); 3522 tt_int_op(ret, OP_EQ, -1); 3523 tt_str_op(msg, OP_EQ, 3524 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half " 3525 "V3AuthVotingInterval"); 3526 tor_free(msg); 3527 3528 free_options_test_data(tdata); 3529 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3530 VALID_DIR_AUTH 3531 "TestingTorNetwork 1\n" 3532 "V3AuthVoteDelay 2\n" 3533 "V3AuthDistDelay 2\n" 3534 "V3AuthVotingInterval 10\n" 3535 ); 3536 ret = options_validate(NULL, tdata->opt, &msg); 3537 tt_int_op(ret, OP_EQ, 0); 3538 tt_ptr_op(msg, OP_EQ, NULL); 3539 tor_free(msg); 3540 3541 free_options_test_data(tdata); 3542 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3543 "V3AuthVoteDelay 49\n" 3544 "V3AuthDistDelay 49\n" 3545 "V3AuthVotingInterval 200000\n" 3546 ); 3547 ret = options_validate(NULL, tdata->opt, &msg); 3548 tt_int_op(ret, OP_EQ, -1); 3549 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high."); 3550 tor_free(msg); 3551 3552 free_options_test_data(tdata); 3553 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3554 "V3AuthVoteDelay 49\n" 3555 "V3AuthDistDelay 49\n" 3556 "V3AuthVotingInterval 1441\n" 3557 ); 3558 mock_clean_saved_logs(); 3559 ret = options_validate(NULL, tdata->opt, &msg); 3560 tt_int_op(ret, OP_EQ, 0); 3561 expect_log_msg("V3AuthVotingInterval does not divide" 3562 " evenly into 24 hours.\n"); 3563 tor_free(msg); 3564 3565 free_options_test_data(tdata); 3566 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3567 "V3AuthVoteDelay 49\n" 3568 "V3AuthDistDelay 49\n" 3569 "V3AuthVotingInterval 1440\n" 3570 ); 3571 mock_clean_saved_logs(); 3572 ret = options_validate(NULL, tdata->opt, &msg); 3573 tt_int_op(ret, OP_EQ, 0); 3574 expect_no_log_msg("V3AuthVotingInterval does not divide" 3575 " evenly into 24 hours.\n"); 3576 tor_free(msg); 3577 3578 free_options_test_data(tdata); 3579 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3580 "V3AuthVoteDelay 49\n" 3581 "V3AuthDistDelay 49\n" 3582 "V3AuthVotingInterval 299\n" 3583 VALID_DIR_AUTH 3584 "TestingTorNetwork 1\n" 3585 ); 3586 mock_clean_saved_logs(); 3587 ret = options_validate(NULL, tdata->opt, &msg); 3588 tt_int_op(ret, OP_EQ, 0); 3589 expect_log_msg("V3AuthVotingInterval is very low. " 3590 "This may lead to failure to synchronise for a consensus.\n"); 3591 tor_free(msg); 3592 3593 free_options_test_data(tdata); 3594 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3595 "V3AuthVoteDelay 1\n" 3596 "V3AuthDistDelay 1\n" 3597 "V3AuthVotingInterval 9\n" 3598 VALID_DIR_AUTH 3599 "TestingTorNetwork 1\n" 3600 ); 3601 /* We have to call the dirauth-specific function to reach this case */ 3602 ret = options_validate_dirauth_schedule(NULL, tdata->opt, &msg); 3603 tt_int_op(ret, OP_EQ, -1); 3604 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low."); 3605 tor_free(msg); 3606 3607 free_options_test_data(tdata); 3608 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3609 "TestingV3AuthInitialVoteDelay 1\n" 3610 VALID_DIR_AUTH 3611 "TestingTorNetwork 1\n" 3612 ); 3613 ret = options_validate(NULL, tdata->opt, &msg); 3614 tt_int_op(ret, OP_EQ, -1); 3615 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low."); 3616 tor_free(msg); 3617 3618 free_options_test_data(tdata); 3619 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3620 "TestingV3AuthInitialDistDelay 1\n" 3621 VALID_DIR_AUTH 3622 "TestingTorNetwork 1\n" 3623 ); 3624 ret = options_validate(NULL, tdata->opt, &msg); 3625 tt_int_op(ret, OP_EQ, -1); 3626 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low."); 3627 tor_free(msg); 3628 3629 free_options_test_data(tdata); 3630 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3631 VALID_DIR_AUTH 3632 "TestingTorNetwork 1\n" 3633 ); 3634 tdata->opt->TestingV3AuthVotingStartOffset = 100000; 3635 ret = options_validate(NULL, tdata->opt, &msg); 3636 tt_int_op(ret, OP_EQ, -1); 3637 tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the " 3638 "voting interval."); 3639 tor_free(msg); 3640 3641 free_options_test_data(tdata); 3642 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3643 VALID_DIR_AUTH 3644 "TestingTorNetwork 1\n" 3645 ); 3646 tdata->opt->TestingV3AuthVotingStartOffset = -1; 3647 ret = options_validate(NULL, tdata->opt, &msg); 3648 tt_int_op(ret, OP_EQ, -1); 3649 tt_str_op(msg, OP_EQ, 3650 "TestingV3AuthVotingStartOffset must be non-negative."); 3651 tor_free(msg); 3652 3653 free_options_test_data(tdata); 3654 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3655 VALID_DIR_AUTH 3656 "TestingTorNetwork 1\n" 3657 "TestingV3AuthInitialVotingInterval 4\n" 3658 ); 3659 ret = options_validate(NULL, tdata->opt, &msg); 3660 tt_int_op(ret, OP_EQ, -1); 3661 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low."); 3662 tor_free(msg); 3663 3664 free_options_test_data(tdata); 3665 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3666 VALID_DIR_AUTH 3667 "TestingTorNetwork 1\n" 3668 "TestingV3AuthInitialVoteDelay 2\n" 3669 "TestingV3AuthInitialDistDelay 2\n" 3670 "TestingV3AuthInitialVotingInterval 5\n" 3671 ); 3672 ret = options_validate(NULL, tdata->opt, &msg); 3673 tt_int_op(ret, OP_EQ, 0); 3674 tt_ptr_op(msg, OP_EQ, NULL); 3675 tor_free(msg); 3676 3677 free_options_test_data(tdata); 3678 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3679 VALID_DIR_AUTH 3680 "TestingTorNetwork 1\n" 3681 "TestingV3AuthInitialVotingInterval 7\n" 3682 ); 3683 ret = options_validate(NULL, tdata->opt, &msg); 3684 tt_int_op(ret, OP_EQ, -1); 3685 tt_str_op(msg, OP_EQ, 3686 "TestingV3AuthInitialVotingInterval does not divide evenly into " 3687 "30 minutes."); 3688 tor_free(msg); 3689 3690 free_options_test_data(tdata); 3691 tdata = get_options_test_data(ENABLE_AUTHORITY_V3 3692 VALID_DIR_AUTH 3693 "TestingTorNetwork 1\n" 3694 "TestingV3AuthInitialVoteDelay 3\n" 3695 "TestingV3AuthInitialDistDelay 3\n" 3696 "TestingV3AuthInitialVotingInterval 5\n" 3697 ); 3698 ret = options_validate(NULL, tdata->opt, &msg); 3699 tt_int_op(ret, OP_EQ, -1); 3700 tt_str_op(msg, OP_EQ, 3701 "TestingV3AuthInitialVoteDelay plus " 3702 "TestingV3AuthInitialDistDelay must be less than " 3703 "TestingV3AuthInitialVotingInterval"); 3704 tor_free(msg); 3705 3706 done: 3707 policies_free_all(); 3708 teardown_capture_of_logs(); 3709 free_options_test_data(tdata); 3710 tor_free(msg); 3711 } 3712 3713 static void 3714 test_options_validate__virtual_addr(void *ignored) 3715 { 3716 (void)ignored; 3717 int ret; 3718 char *msg; 3719 options_test_data_t *tdata = NULL; 3720 3721 free_options_test_data(tdata); 3722 tdata = get_options_test_data("VirtualAddrNetworkIPv4 !!"); 3723 ret = options_validate(NULL, tdata->opt, &msg); 3724 tt_int_op(ret, OP_EQ, -1); 3725 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!"); 3726 tor_free(msg); 3727 3728 free_options_test_data(tdata); 3729 tdata = get_options_test_data("VirtualAddrNetworkIPv6 !!" 3730 ); 3731 ret = options_validate(NULL, tdata->opt, &msg); 3732 tt_int_op(ret, OP_EQ, -1); 3733 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!"); 3734 tor_free(msg); 3735 3736 done: 3737 escaped(NULL); // This will free the leaking memory from the previous escaped 3738 policies_free_all(); 3739 free_options_test_data(tdata); 3740 tor_free(msg); 3741 } 3742 3743 static void 3744 test_options_validate__testing_options(void *ignored) 3745 { 3746 (void)ignored; 3747 int ret; 3748 char *msg; 3749 options_test_data_t *tdata = NULL; 3750 setup_capture_of_logs(LOG_WARN); 3751 3752 #define TEST_TESTING_OPTION(name, accessor, \ 3753 low_val, high_val, err_low, EXTRA_OPT_STR) \ 3754 STMT_BEGIN \ 3755 free_options_test_data(tdata); \ 3756 tdata = get_options_test_data(EXTRA_OPT_STR \ 3757 VALID_DIR_AUTH \ 3758 "TestingTorNetwork 1\n" \ 3759 ); \ 3760 accessor(tdata->opt)->name = low_val; \ 3761 ret = options_validate(NULL, tdata->opt, &msg); \ 3762 tt_int_op(ret, OP_EQ, -1); \ 3763 tt_str_op(msg, OP_EQ, #name " " err_low); \ 3764 tor_free(msg); \ 3765 \ 3766 free_options_test_data(tdata); \ 3767 tdata = get_options_test_data(EXTRA_OPT_STR \ 3768 VALID_DIR_AUTH \ 3769 "TestingTorNetwork 1\n" \ 3770 ); \ 3771 accessor(tdata->opt)->name = high_val; \ 3772 mock_clean_saved_logs(); \ 3773 ret = options_validate(NULL, tdata->opt, &msg); \ 3774 tt_int_op(ret, OP_EQ, 0); \ 3775 tt_ptr_op(msg, OP_EQ, NULL); \ 3776 expect_log_msg( #name " is insanely high.\n"); \ 3777 tor_free(msg); \ 3778 STMT_END 3779 3780 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, 3781 "is way too low.", ""); 3782 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, 3783 "is way too low.", ""); 3784 3785 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, 3786 "is way too low.", ENABLE_AUTHORITY_V3); 3787 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, 3788 "is way too low.", ENABLE_AUTHORITY_V3); 3789 3790 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, 3791 "is way too low.", ENABLE_AUTHORITY_BRIDGE); 3792 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, 3793 "is way too low.", ENABLE_AUTHORITY_BRIDGE); 3794 3795 free_options_test_data(tdata); 3796 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n"); 3797 ret = options_validate(NULL, tdata->opt, &msg); 3798 tt_int_op(ret, OP_EQ, -1); 3799 tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in " 3800 "testing Tor networks!"); 3801 tor_free(msg); 3802 3803 free_options_test_data(tdata); 3804 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n" 3805 VALID_DIR_AUTH 3806 "TestingTorNetwork 1\n" 3807 "___UsingTestNetworkDefaults 0\n" 3808 ); 3809 3810 ret = options_validate(NULL, tdata->opt, &msg); 3811 tt_int_op(ret, OP_EQ, 0); 3812 tt_assert(!msg); 3813 tor_free(msg); 3814 3815 free_options_test_data(tdata); 3816 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n" 3817 VALID_DIR_AUTH 3818 "TestingTorNetwork 0\n" 3819 "___UsingTestNetworkDefaults 1\n" 3820 ); 3821 3822 ret = options_validate(NULL, tdata->opt, &msg); 3823 tt_int_op(ret, OP_EQ, 0); 3824 tt_assert(!msg); 3825 tor_free(msg); 3826 3827 free_options_test_data(tdata); 3828 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n"); 3829 ret = options_validate(NULL, tdata->opt, &msg); 3830 tt_int_op(ret, OP_EQ, -1); 3831 tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in " 3832 "testing Tor networks!"); 3833 tor_free(msg); 3834 3835 free_options_test_data(tdata); 3836 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n" 3837 VALID_DIR_AUTH 3838 "TestingTorNetwork 1\n" 3839 "___UsingTestNetworkDefaults 0\n" 3840 ); 3841 3842 ret = options_validate(NULL, tdata->opt, &msg); 3843 tt_int_op(ret, OP_EQ, 0); 3844 tt_assert(!msg); 3845 tor_free(msg); 3846 3847 free_options_test_data(tdata); 3848 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n" 3849 VALID_DIR_AUTH 3850 "TestingTorNetwork 0\n" 3851 "___UsingTestNetworkDefaults 1\n" 3852 ); 3853 3854 ret = options_validate(NULL, tdata->opt, &msg); 3855 tt_int_op(ret, OP_EQ, 0); 3856 tt_assert(!msg); 3857 tor_free(msg); 3858 3859 free_options_test_data(tdata); 3860 tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n" 3861 VALID_DIR_AUTH 3862 "TestingTorNetwork 1\n" 3863 "___UsingTestNetworkDefaults 0\n" 3864 ); 3865 3866 ret = options_validate(NULL, tdata->opt, &msg); 3867 tt_int_op(ret, OP_EQ, 0); 3868 tt_assert(!msg); 3869 tor_free(msg); 3870 3871 free_options_test_data(tdata); 3872 tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n" 3873 VALID_DIR_AUTH 3874 "TestingTorNetwork 0\n" 3875 "___UsingTestNetworkDefaults 1\n" 3876 ); 3877 3878 ret = options_validate(NULL, tdata->opt, &msg); 3879 tt_int_op(ret, OP_EQ, 0); 3880 tt_assert(!msg); 3881 tor_free(msg); 3882 3883 done: 3884 policies_free_all(); 3885 teardown_capture_of_logs(); 3886 free_options_test_data(tdata); 3887 tor_free(msg); 3888 } 3889 3890 static void 3891 test_options_validate__accel(void *ignored) 3892 { 3893 (void)ignored; 3894 int ret; 3895 char *msg; 3896 options_test_data_t *tdata = NULL; 3897 3898 free_options_test_data(tdata); 3899 tdata = get_options_test_data("AccelName foo\n"); 3900 ret = options_validate(NULL, tdata->opt, &msg); 3901 tt_int_op(ret, OP_EQ, 0); 3902 tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 0); 3903 tor_free(msg); 3904 3905 free_options_test_data(tdata); 3906 tdata = get_options_test_data("AccelName foo\n"); 3907 get_crypto_options(tdata->opt)->HardwareAccel = 2; 3908 ret = options_validate(NULL, tdata->opt, &msg); 3909 tt_int_op(ret, OP_EQ, 0); 3910 tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 2); 3911 tor_free(msg); 3912 3913 free_options_test_data(tdata); 3914 tdata = get_options_test_data("AccelDir 1\n"); 3915 ret = options_validate(NULL, tdata->opt, &msg); 3916 tt_int_op(ret, OP_EQ, -1); 3917 tt_str_op(msg, OP_EQ, 3918 "Can't use hardware crypto accelerator dir without engine name."); 3919 tor_free(msg); 3920 3921 free_options_test_data(tdata); 3922 tdata = get_options_test_data("AccelDir 1\n" 3923 "AccelName something\n"); 3924 ret = options_validate(NULL, tdata->opt, &msg); 3925 tt_int_op(ret, OP_EQ, 0); 3926 tor_free(msg); 3927 3928 done: 3929 policies_free_all(); 3930 free_options_test_data(tdata); 3931 tor_free(msg); 3932 } 3933 3934 static int mocked_granularity; 3935 3936 static void 3937 mock_set_log_time_granularity(int g) 3938 { 3939 mocked_granularity = g; 3940 } 3941 3942 static void 3943 test_options_init_logs_granularity(void *arg) 3944 { 3945 options_test_data_t *tdata = get_options_test_data(""); 3946 int rv; 3947 (void) arg; 3948 3949 MOCK(set_log_time_granularity, mock_set_log_time_granularity); 3950 3951 /* Reasonable value. */ 3952 tdata->opt->LogTimeGranularity = 100; 3953 mocked_granularity = -1; 3954 rv = options_init_logs(NULL, tdata->opt, 0); 3955 tt_int_op(rv, OP_EQ, 0); 3956 tt_int_op(mocked_granularity, OP_EQ, 100); 3957 3958 /* Doesn't divide 1000. */ 3959 tdata->opt->LogTimeGranularity = 249; 3960 mocked_granularity = -1; 3961 rv = options_init_logs(NULL, tdata->opt, 0); 3962 tt_int_op(rv, OP_EQ, 0); 3963 tt_int_op(mocked_granularity, OP_EQ, 250); 3964 3965 /* Doesn't divide 1000. */ 3966 tdata->opt->LogTimeGranularity = 3; 3967 mocked_granularity = -1; 3968 rv = options_init_logs(NULL, tdata->opt, 0); 3969 tt_int_op(rv, OP_EQ, 0); 3970 tt_int_op(mocked_granularity, OP_EQ, 4); 3971 3972 /* Not a multiple of 1000. */ 3973 tdata->opt->LogTimeGranularity = 1500; 3974 mocked_granularity = -1; 3975 rv = options_init_logs(NULL, tdata->opt, 0); 3976 tt_int_op(rv, OP_EQ, 0); 3977 tt_int_op(mocked_granularity, OP_EQ, 2000); 3978 3979 /* Reasonable value. */ 3980 tdata->opt->LogTimeGranularity = 3000; 3981 mocked_granularity = -1; 3982 rv = options_init_logs(NULL, tdata->opt, 0); 3983 tt_int_op(rv, OP_EQ, 0); 3984 tt_int_op(mocked_granularity, OP_EQ, 3000); 3985 3986 /* Negative. (Shouldn't be allowed by rest of config parsing.) */ 3987 tdata->opt->LogTimeGranularity = -1; 3988 mocked_granularity = -1; 3989 rv = options_init_logs(NULL, tdata->opt, 0); 3990 tt_int_op(rv, OP_EQ, -1); 3991 3992 /* Very big */ 3993 tdata->opt->LogTimeGranularity = 3600 * 1000; 3994 mocked_granularity = -1; 3995 rv = options_init_logs(NULL, tdata->opt, 0); 3996 tt_int_op(rv, OP_EQ, 0); 3997 tt_int_op(mocked_granularity, OP_EQ, 3600 * 1000); 3998 3999 done: 4000 free_options_test_data(tdata); 4001 UNMOCK(set_log_time_granularity); 4002 } 4003 4004 typedef struct { 4005 char *name; 4006 log_severity_list_t sev; 4007 int fd; 4008 bool stream; 4009 } added_log_t; 4010 4011 static smartlist_t *added_logs = NULL; 4012 4013 static void 4014 mock_add_stream_log_impl(const log_severity_list_t *sev, const char *name, 4015 int fd) 4016 { 4017 added_log_t *a = tor_malloc_zero(sizeof(added_log_t)); 4018 a->name = tor_strdup(name); 4019 memcpy(&a->sev, sev, sizeof(log_severity_list_t)); 4020 a->fd = fd; 4021 a->stream = true; 4022 smartlist_add(added_logs, a); 4023 } 4024 4025 static int 4026 mock_add_file_log(const log_severity_list_t *sev, const char *name, int fd) 4027 { 4028 added_log_t *a = tor_malloc_zero(sizeof(added_log_t)); 4029 a->name = tor_strdup(name); 4030 memcpy(&a->sev, sev, sizeof(log_severity_list_t)); 4031 a->fd = fd; 4032 smartlist_add(added_logs, a); 4033 return 0; 4034 } 4035 4036 static void 4037 clear_added_logs(void) 4038 { 4039 SMARTLIST_FOREACH(added_logs, added_log_t *, a, 4040 { tor_free(a->name); tor_free(a); }); 4041 smartlist_clear(added_logs); 4042 } 4043 4044 static void 4045 test_options_init_logs_quiet(void *arg) 4046 { 4047 (void)arg; 4048 char *cfg = NULL; 4049 options_test_data_t *tdata = get_options_test_data(""); 4050 char *fn1 = tor_strdup(get_fname_rnd("log")); 4051 const added_log_t *a; 4052 int rv; 4053 tdata->opt->RunAsDaemon = 0; 4054 4055 added_logs = smartlist_new(); 4056 MOCK(add_stream_log_impl, mock_add_stream_log_impl); 4057 MOCK(add_file_log, mock_add_file_log); 4058 4059 tt_ptr_op(tdata->opt->Logs, OP_EQ, NULL); 4060 4061 /* First, try with no configured logs, and make sure that our configured 4062 logs match the quiet level. */ 4063 quiet_level = QUIET_SILENT; 4064 rv = options_init_logs(NULL, tdata->opt, 0); 4065 tt_int_op(rv, OP_EQ, 0); 4066 tt_int_op(smartlist_len(added_logs), OP_EQ, 0); 4067 4068 quiet_level = QUIET_HUSH; 4069 rv = options_init_logs(NULL, tdata->opt, 0); 4070 tt_int_op(rv, OP_EQ, 0); 4071 tt_int_op(smartlist_len(added_logs), OP_EQ, 1); 4072 a = smartlist_get(added_logs, 0); 4073 tt_assert(a); 4074 tt_assert(a->stream); 4075 tt_int_op(a->fd, OP_EQ, fileno(stdout)); 4076 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0); 4077 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ, 0); 4078 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS); 4079 clear_added_logs(); 4080 4081 quiet_level = QUIET_NONE; 4082 rv = options_init_logs(NULL, tdata->opt, 0); 4083 tt_int_op(rv, OP_EQ, 0); 4084 tt_int_op(smartlist_len(added_logs), OP_EQ, 1); 4085 a = smartlist_get(added_logs, 0); 4086 tt_assert(a); 4087 tt_assert(a->stream); 4088 tt_int_op(a->fd, OP_EQ, fileno(stdout)); 4089 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0); 4090 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ, 4091 LD_ALL_DOMAINS); 4092 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS); 4093 clear_added_logs(); 4094 4095 /* Make sure that adding a configured log makes the default logs go away. */ 4096 tor_asprintf(&cfg, "Log info file %s\n", fn1); 4097 free_options_test_data(tdata); 4098 tdata = get_options_test_data(cfg); 4099 rv = options_init_logs(NULL, tdata->opt, 0); 4100 tt_int_op(rv, OP_EQ, 0); 4101 tt_int_op(smartlist_len(added_logs), OP_EQ, 1); 4102 a = smartlist_get(added_logs, 0); 4103 tt_assert(a); 4104 tt_assert(! a->stream); 4105 tt_int_op(a->fd, OP_NE, fileno(stdout)); 4106 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, LD_ALL_DOMAINS); 4107 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ, 4108 LD_ALL_DOMAINS); 4109 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS); 4110 4111 done: 4112 free_options_test_data(tdata); 4113 tor_free(fn1); 4114 tor_free(cfg); 4115 clear_added_logs(); 4116 smartlist_free(added_logs); 4117 UNMOCK(add_stream_log_impl); 4118 UNMOCK(add_file_log); 4119 } 4120 4121 static int mock_options_act_status = 0; 4122 static int 4123 mock_options_act(const or_options_t *old_options) 4124 { 4125 (void)old_options; 4126 return mock_options_act_status; 4127 } 4128 static int 4129 mock_options_act_reversible(const or_options_t *old_options, char **msg_out) 4130 { 4131 (void)old_options; 4132 (void)msg_out; 4133 return 0; 4134 } 4135 4136 static void 4137 test_options_trial_assign(void *arg) 4138 { 4139 (void)arg; 4140 setopt_err_t v; 4141 config_line_t *lines = NULL; 4142 char *msg = NULL; 4143 int r; 4144 4145 // replace options_act*() so that we don't actually launch tor here. 4146 MOCK(options_act, mock_options_act); 4147 MOCK(options_act_reversible, mock_options_act_reversible); 4148 4149 // Try assigning nothing; that should work. 4150 v = options_trial_assign(lines, 0, &msg); 4151 if (msg) 4152 puts(msg); 4153 tt_ptr_op(msg, OP_EQ, NULL); 4154 tt_int_op(v, OP_EQ, SETOPT_OK); 4155 4156 // Assigning a nickname is okay 4157 r = config_get_lines("Nickname Hemiramphinae", &lines, 0); 4158 tt_int_op(r, OP_EQ, 0); 4159 v = options_trial_assign(lines, 0, &msg); 4160 tt_ptr_op(msg, OP_EQ, NULL); 4161 tt_int_op(v, OP_EQ, SETOPT_OK); 4162 tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae"); 4163 config_free_lines(lines); 4164 4165 // We can't change the User; that's a transition error. 4166 r = config_get_lines("User Heraclitus", &lines, 0); 4167 tt_int_op(r, OP_EQ, 0); 4168 v = options_trial_assign(lines, 0, &msg); 4169 tt_int_op(v, OP_EQ, SETOPT_ERR_TRANSITION); 4170 tt_str_op(msg, OP_EQ, "While Tor is running, changing User is not allowed"); 4171 tor_free(msg); 4172 config_free_lines(lines); 4173 4174 // We can't set the ORPort to nonsense: that's a validation error. 4175 r = config_get_lines("ORPort fractabling planished", &lines, 0); 4176 tt_int_op(r, OP_EQ, 0); 4177 v = options_trial_assign(lines, 0, &msg); 4178 tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE); // (same error code for now) 4179 tt_str_op(msg, OP_EQ, "Invalid ORPort configuration"); 4180 tor_free(msg); 4181 config_free_lines(lines); 4182 4183 // We can't set UseBridges to a non-boolean: that's a parse error. 4184 r = config_get_lines("UseBridges ambidextrous", &lines, 0); 4185 tt_int_op(r, OP_EQ, 0); 4186 v = options_trial_assign(lines, 0, &msg); 4187 tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE); 4188 tt_str_op(msg, OP_EQ, 4189 "Could not parse UseBridges: Unrecognized value ambidextrous. " 4190 "Allowed values are 0 and 1."); 4191 tor_free(msg); 4192 config_free_lines(lines); 4193 4194 // this didn't change. 4195 tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae"); 4196 4197 done: 4198 config_free_lines(lines); 4199 tor_free(msg); 4200 UNMOCK(options_act); 4201 UNMOCK(options_act_reversible); 4202 } 4203 4204 #ifndef COCCI 4205 #define LOCAL_VALIDATE_TEST(name) \ 4206 { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL } 4207 #endif 4208 4209 struct testcase_t options_tests[] = { 4210 { "validate", test_options_validate, TT_FORK, NULL, NULL }, 4211 { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL }, 4212 LOCAL_VALIDATE_TEST(uname_for_server), 4213 LOCAL_VALIDATE_TEST(outbound_addresses), 4214 LOCAL_VALIDATE_TEST(data_directory), 4215 LOCAL_VALIDATE_TEST(nickname), 4216 LOCAL_VALIDATE_TEST(contactinfo), 4217 LOCAL_VALIDATE_TEST(logs), 4218 LOCAL_VALIDATE_TEST(authdir), 4219 LOCAL_VALIDATE_TEST(relay_with_hidden_services), 4220 LOCAL_VALIDATE_TEST(listen_ports), 4221 LOCAL_VALIDATE_TEST(transproxy), 4222 LOCAL_VALIDATE_TEST(exclude_nodes), 4223 LOCAL_VALIDATE_TEST(node_families), 4224 LOCAL_VALIDATE_TEST(token_bucket), 4225 LOCAL_VALIDATE_TEST(fetch_dir), 4226 LOCAL_VALIDATE_TEST(conn_limit), 4227 LOCAL_VALIDATE_TEST(paths_needed), 4228 LOCAL_VALIDATE_TEST(max_client_circuits), 4229 LOCAL_VALIDATE_TEST(ports), 4230 LOCAL_VALIDATE_TEST(reachable_addresses), 4231 LOCAL_VALIDATE_TEST(use_bridges), 4232 LOCAL_VALIDATE_TEST(entry_nodes), 4233 LOCAL_VALIDATE_TEST(safe_logging), 4234 LOCAL_VALIDATE_TEST(publish_server_descriptor), 4235 LOCAL_VALIDATE_TEST(testing), 4236 LOCAL_VALIDATE_TEST(path_bias), 4237 LOCAL_VALIDATE_TEST(bandwidth), 4238 LOCAL_VALIDATE_TEST(circuits), 4239 LOCAL_VALIDATE_TEST(rend), 4240 LOCAL_VALIDATE_TEST(single_onion), 4241 LOCAL_VALIDATE_TEST(accounting), 4242 LOCAL_VALIDATE_TEST(proxy), 4243 LOCAL_VALIDATE_TEST(control), 4244 LOCAL_VALIDATE_TEST(families), 4245 LOCAL_VALIDATE_TEST(addr_policies), 4246 LOCAL_VALIDATE_TEST(dir_auth), 4247 LOCAL_VALIDATE_TEST(transport), 4248 LOCAL_VALIDATE_TEST(constrained_sockets), 4249 LOCAL_VALIDATE_TEST(v3_auth), 4250 LOCAL_VALIDATE_TEST(virtual_addr), 4251 LOCAL_VALIDATE_TEST(testing_options), 4252 LOCAL_VALIDATE_TEST(accel), 4253 { "init_logs/granularity", test_options_init_logs_granularity, TT_FORK, 4254 NULL, NULL }, 4255 { "init_logs/quiet", test_options_init_logs_quiet, TT_FORK, 4256 NULL, NULL }, 4257 { "trial_assign", test_options_trial_assign, TT_FORK, NULL, NULL }, 4258 END_OF_TESTCASES /* */ 4259 };