Line data Source code
1 : /* Copyright (c) 2001-2004, Roger Dingledine.
2 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 : /* See LICENSE for licensing information */
5 :
6 : #define CONFIG_PRIVATE
7 : #define RELAY_CONFIG_PRIVATE
8 : #define LOG_PRIVATE
9 : #define ROUTERSET_PRIVATE
10 : #include "core/or/or.h"
11 : #include "lib/confmgt/confmgt.h"
12 : #include "app/config/config.h"
13 : #include "feature/dirauth/dirauth_config.h"
14 : #include "feature/dirauth/dirauth_options_st.h"
15 : #include "feature/dirauth/dirauth_sys.h"
16 : #include "feature/relay/relay_config.h"
17 : #include "test/test.h"
18 : #include "lib/geoip/geoip.h"
19 :
20 : #include "feature/nodelist/routerset.h"
21 : #include "core/mainloop/mainloop.h"
22 : #include "app/main/subsysmgr.h"
23 : #include "test/log_test_helpers.h"
24 : #include "test/resolve_test_helpers.h"
25 : #include "lib/crypt_ops/crypto_options_st.h"
26 : #include "lib/crypt_ops/crypto_sys.h"
27 :
28 : #include "lib/sandbox/sandbox.h"
29 : #include "lib/memarea/memarea.h"
30 : #include "lib/osinfo/uname.h"
31 : #include "lib/encoding/confline.h"
32 : #include "core/or/policies.h"
33 : #include "test/test_helpers.h"
34 : #include "test/opts_test_helpers.h"
35 : #include "lib/net/resolve.h"
36 :
37 : #ifdef HAVE_SYS_PARAM_H
38 : #include <sys/param.h>
39 : #endif
40 :
41 : typedef struct {
42 : int severity;
43 : log_domain_mask_t domain;
44 : char *msg;
45 : } logmsg_t;
46 :
47 : static smartlist_t *messages = NULL;
48 :
49 : static void
50 6 : log_cback(int severity, log_domain_mask_t domain, const char *msg)
51 : {
52 6 : logmsg_t *x = tor_malloc(sizeof(*x));
53 6 : x->severity = severity;
54 6 : x->domain = domain;
55 6 : x->msg = tor_strdup(msg);
56 6 : if (!messages)
57 5 : messages = smartlist_new();
58 6 : smartlist_add(messages, x);
59 6 : }
60 :
61 : static void
62 2 : setup_log_callback(void)
63 : {
64 2 : log_severity_list_t lst;
65 2 : memset(&lst, 0, sizeof(lst));
66 2 : lst.masks[SEVERITY_MASK_IDX(LOG_ERR)] = LD_ALL_DOMAINS;
67 2 : lst.masks[SEVERITY_MASK_IDX(LOG_WARN)] = LD_ALL_DOMAINS;
68 2 : lst.masks[SEVERITY_MASK_IDX(LOG_NOTICE)] = LD_ALL_DOMAINS;
69 2 : add_callback_log(&lst, log_cback);
70 2 : mark_logs_temp();
71 2 : }
72 :
73 : static char *
74 0 : dump_logs(void)
75 : {
76 0 : smartlist_t *msgs;
77 0 : char *out;
78 0 : if (! messages)
79 0 : return tor_strdup("");
80 0 : msgs = smartlist_new();
81 0 : SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, x) {
82 0 : smartlist_add_asprintf(msgs, "[%s] %s",
83 : log_level_to_string(x->severity), x->msg);
84 0 : } SMARTLIST_FOREACH_END(x);
85 0 : out = smartlist_join_strings(msgs, "", 0, NULL);
86 0 : SMARTLIST_FOREACH(msgs, char *, cp, tor_free(cp));
87 0 : smartlist_free(msgs);
88 0 : return out;
89 : }
90 :
91 : static void
92 14 : clear_log_messages(void)
93 : {
94 14 : if (!messages)
95 : return;
96 11 : SMARTLIST_FOREACH(messages, logmsg_t *, m,
97 : { tor_free(m->msg); tor_free(m); });
98 5 : smartlist_free(messages);
99 5 : messages = NULL;
100 : }
101 :
102 : #define setup_options(opt) \
103 : do { \
104 : opt = options_new(); \
105 : opt->command = CMD_RUN_TOR; \
106 : options_init(opt); \
107 : } while (0)
108 :
109 : #ifdef COCCI
110 :
111 : #define ENABLE_AUTHORITY_MIN ""
112 : #define ENABLE_AUTHORITY_V3_MIN ""
113 : #define ENABLE_AUTHORITY_BRIDGE_MIN ""
114 : #define AUTHORITY_OPT_REQ_ ""
115 : #define ENABLE_AUTHORITY ""
116 : #define ENABLE_AUTHORITY_V3 ""
117 : #define ENABLE_AUTHORITY_BRIDGE ""
118 :
119 : #else /* !defined(COCCI) */
120 :
121 : #define ENABLE_AUTHORITY_MIN \
122 : "AuthoritativeDirectory 1\n"
123 :
124 : #define ENABLE_AUTHORITY_V3_MIN \
125 : ENABLE_AUTHORITY_MIN \
126 : "V3AuthoritativeDir 1\n"
127 :
128 : #define ENABLE_AUTHORITY_BRIDGE_MIN \
129 : ENABLE_AUTHORITY_MIN \
130 : "BridgeAuthoritativeDir 1\n"
131 :
132 : #define AUTHORITY_OPT_REQ_ \
133 : "Address 192.0.2.111\n" \
134 : "ContactInfo a@example.org\n" \
135 : "DirPort 1025\n" \
136 : "ORPort 1026\n"
137 :
138 : /* Not actually valid: requires v3 / bridge */
139 : #define ENABLE_AUTHORITY \
140 : ENABLE_AUTHORITY_MIN \
141 : AUTHORITY_OPT_REQ_
142 :
143 : #define ENABLE_AUTHORITY_V3 \
144 : ENABLE_AUTHORITY_V3_MIN \
145 : AUTHORITY_OPT_REQ_
146 :
147 : #define ENABLE_AUTHORITY_BRIDGE \
148 : ENABLE_AUTHORITY_BRIDGE_MIN \
149 : AUTHORITY_OPT_REQ_
150 :
151 : #endif /* defined(COCCI) */
152 :
153 : #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \
154 : "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
155 : " 083C 538F 4403 8BBF A077 587D D755\n"
156 : #define VALID_ALT_BRIDGE_AUTH \
157 : "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \
158 : "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
159 : " 083C 538F 4403 8BBF A077 587D D755\n"
160 : #define VALID_ALT_DIR_AUTH \
161 : "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \
162 : "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
163 : " 083C 538F 4403 8BBF A077 587D D755\n"
164 :
165 : static int
166 4 : test_options_checklog(const char *configuration, int expect_log_severity,
167 : const char *expect_log)
168 : {
169 4 : int found = 0, ret = -1;
170 4 : char *actual_log = NULL;
171 :
172 4 : if (messages) {
173 5 : SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, m) {
174 5 : if (m->severity == expect_log_severity &&
175 5 : strstr(m->msg, expect_log)) {
176 : found = 1;
177 : break;
178 : }
179 1 : } SMARTLIST_FOREACH_END(m);
180 : }
181 4 : if (!found) {
182 0 : actual_log = dump_logs();
183 0 : TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.",
184 : log_level_to_string(expect_log_severity), expect_log,
185 : configuration, actual_log));
186 : }
187 : ret = 0;
188 :
189 4 : done:
190 4 : tor_free(actual_log);
191 4 : return ret;
192 : }
193 :
194 : static int
195 12 : test_options_checkmsgs(const char *configuration,
196 : const char *expect_errmsg,
197 : int expect_log_severity,
198 : const char *expect_log,
199 : char *msg)
200 : {
201 12 : if (expect_errmsg && !msg) {
202 0 : TT_DIE(("Expected error message <%s> from <%s>, but got none.",
203 : expect_errmsg, configuration));
204 12 : } else if (expect_errmsg && !strstr(msg, expect_errmsg)) {
205 0 : TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
206 : expect_errmsg, configuration, msg));
207 12 : } else if (!expect_errmsg && msg) {
208 0 : TT_DIE(("Expected no error message from <%s> but got <%s>.",
209 : configuration, msg));
210 : }
211 12 : if (expect_log) {
212 4 : return test_options_checklog(configuration, expect_log_severity,
213 : expect_log);
214 : }
215 : return 0;
216 :
217 : done:
218 : return -1;
219 : }
220 :
221 : /* Which phases of config parsing/validation to check for messages/logs */
222 : enum { PH_GETLINES, PH_ASSIGN, PH_VALIDATE };
223 :
224 : static void
225 12 : test_options_validate_impl(const char *configuration,
226 : const char *expect_errmsg,
227 : int expect_log_severity,
228 : const char *expect_log,
229 : int phase)
230 : {
231 12 : or_options_t *opt=NULL;
232 12 : config_line_t *cl=NULL;
233 12 : char *msg=NULL;
234 12 : int r;
235 :
236 12 : setup_options(opt);
237 :
238 12 : r = config_get_lines(configuration, &cl, 1);
239 12 : if (phase == PH_GETLINES) {
240 2 : if (test_options_checkmsgs(configuration, expect_errmsg,
241 : expect_log_severity,
242 : expect_log, msg))
243 0 : goto done;
244 : }
245 12 : if (r)
246 2 : goto done;
247 :
248 10 : r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
249 10 : if (phase == PH_ASSIGN) {
250 2 : if (test_options_checkmsgs(configuration, expect_errmsg,
251 : expect_log_severity,
252 : expect_log, msg))
253 0 : goto done;
254 : }
255 10 : tt_int_op((r == 0), OP_EQ, (msg == NULL));
256 10 : if (r)
257 2 : goto done;
258 :
259 8 : r = options_validate(NULL, opt, &msg);
260 8 : if (phase == PH_VALIDATE) {
261 8 : if (test_options_checkmsgs(configuration, expect_errmsg,
262 : expect_log_severity,
263 : expect_log, msg))
264 0 : goto done;
265 : }
266 8 : tt_int_op((r == 0), OP_EQ, (msg == NULL));
267 :
268 8 : done:
269 12 : escaped(NULL);
270 12 : policies_free_all();
271 12 : config_free_lines(cl);
272 12 : or_options_free(opt);
273 12 : tor_free(msg);
274 12 : clear_log_messages();
275 12 : }
276 :
277 : #define WANT_ERR(config, msg, ph) \
278 : test_options_validate_impl((config), (msg), 0, NULL, (ph))
279 : #define WANT_LOG(config, severity, msg, ph) \
280 : test_options_validate_impl((config), NULL, (severity), (msg), (ph))
281 : #define WANT_ERR_LOG(config, msg, severity, logmsg, ph) \
282 : test_options_validate_impl((config), (msg), (severity), (logmsg), (ph))
283 : #define OK(config, ph) \
284 : test_options_validate_impl((config), NULL, 0, NULL, (ph))
285 :
286 : static void
287 1 : test_options_validate(void *arg)
288 : {
289 1 : (void)arg;
290 1 : setup_log_callback();
291 1 : sandbox_disable_getaddrinfo_cache();
292 1 : mock_hostname_resolver();
293 :
294 1 : WANT_ERR("ExtORPort 500000", "Invalid ExtORPort", PH_VALIDATE);
295 :
296 1 : WANT_ERR_LOG("ServerTransportOptions trebuchet",
297 : "ServerTransportOptions did not parse",
298 : LOG_WARN, "Too few arguments", PH_VALIDATE);
299 1 : OK("ServerTransportOptions trebuchet sling=snappy", PH_VALIDATE);
300 1 : OK("ServerTransportOptions trebuchet sling=", PH_VALIDATE);
301 1 : WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy",
302 : "ServerTransportOptions did not parse",
303 : LOG_WARN, "\"slingsnappy\" is not a k=v", PH_VALIDATE);
304 :
305 1 : WANT_ERR("BridgeRelay 1\nDirCache 0",
306 : "We're a bridge but DirCache is disabled.", PH_VALIDATE);
307 :
308 1 : WANT_ERR("HeartbeatPeriod 21 snarks",
309 : "Unknown unit in 21 snarks", PH_ASSIGN);
310 1 : WANT_ERR("LogTimeGranularity 21 snarks",
311 : "Unknown unit in 21 snarks", PH_ASSIGN);
312 1 : OK("HeartbeatPeriod 1 hour", PH_VALIDATE);
313 1 : OK("LogTimeGranularity 100 milliseconds", PH_VALIDATE);
314 :
315 1 : WANT_LOG("ControlSocket \"string with trailing garbage\" bogus", LOG_WARN,
316 : "Error while parsing configuration: "
317 : "Excess data after quoted string", PH_GETLINES);
318 1 : WANT_LOG("ControlSocket \"bogus escape \\@\"", LOG_WARN,
319 : "Error while parsing configuration: "
320 : "Invalid escape sequence in quoted string", PH_GETLINES);
321 :
322 1 : close_temp_logs();
323 1 : clear_log_messages();
324 1 : unmock_hostname_resolver();
325 1 : return;
326 : }
327 :
328 : #define MEGABYTEIFY(mb) (UINT64_C(mb) << 20)
329 : static void
330 1 : test_have_enough_mem_for_dircache(void *arg)
331 : {
332 1 : (void)arg;
333 1 : or_options_t *opt=NULL;
334 1 : config_line_t *cl=NULL;
335 1 : char *msg=NULL;
336 1 : int r;
337 1 : const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg;
338 :
339 1 : setup_options(opt);
340 1 : setup_log_callback();
341 :
342 1 : r = config_get_lines(configuration, &cl, 1);
343 1 : tt_int_op(r, OP_EQ, 0);
344 :
345 1 : r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
346 1 : tt_int_op(r, OP_EQ, 0);
347 :
348 : /* 300 MB RAM available, DirCache enabled */
349 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
350 1 : tt_int_op(r, OP_EQ, 0);
351 1 : tt_ptr_op(msg, OP_EQ, NULL);
352 :
353 : /* 200 MB RAM available, DirCache enabled */
354 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
355 1 : tt_int_op(r, OP_EQ, -1);
356 1 : expect_errmsg = "Being a directory cache (default) with less than ";
357 1 : if (!strstr(msg, expect_errmsg)) {
358 0 : TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
359 : expect_errmsg, configuration, msg));
360 : }
361 1 : tor_free(msg);
362 :
363 1 : config_free_lines(cl); cl = NULL;
364 1 : configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1";
365 1 : r = config_get_lines(configuration, &cl, 1);
366 1 : tt_int_op(r, OP_EQ, 0);
367 :
368 1 : r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
369 1 : tt_int_op(r, OP_EQ, 0);
370 :
371 : /* 300 MB RAM available, DirCache enabled, Bridge */
372 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
373 1 : tt_int_op(r, OP_EQ, 0);
374 1 : tt_ptr_op(msg, OP_EQ, NULL);
375 :
376 : /* 200 MB RAM available, DirCache enabled, Bridge */
377 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
378 1 : tt_int_op(r, OP_EQ, -1);
379 1 : expect_errmsg = "Running a Bridge with less than ";
380 1 : if (!strstr(msg, expect_errmsg)) {
381 0 : TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
382 : expect_errmsg, configuration, msg));
383 : }
384 1 : tor_free(msg);
385 :
386 1 : config_free_lines(cl); cl = NULL;
387 1 : configuration = "ORPort 8080\nDirCache 0";
388 1 : r = config_get_lines(configuration, &cl, 1);
389 1 : tt_int_op(r, OP_EQ, 0);
390 :
391 1 : r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
392 1 : tt_int_op(r, OP_EQ, 0);
393 :
394 : /* 200 MB RAM available, DirCache disabled */
395 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
396 1 : tt_int_op(r, OP_EQ, 0);
397 1 : tt_ptr_op(msg, OP_EQ, NULL);
398 :
399 : /* 300 MB RAM available, DirCache disabled */
400 1 : r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
401 1 : tt_int_op(r, OP_EQ, -1);
402 1 : expect_errmsg = "DirCache is disabled and we are configured as a ";
403 1 : if (!strstr(msg, expect_errmsg)) {
404 0 : TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
405 : expect_errmsg, configuration, msg));
406 : }
407 1 : tor_free(msg);
408 :
409 1 : clear_log_messages();
410 :
411 1 : done:
412 1 : if (msg)
413 0 : tor_free(msg);
414 1 : or_options_free(opt);
415 1 : config_free_lines(cl);
416 1 : return;
417 : }
418 :
419 : static const char *fixed_get_uname_result = NULL;
420 :
421 : static const char *
422 4 : fixed_get_uname(void)
423 : {
424 4 : return fixed_get_uname_result;
425 : }
426 :
427 : typedef struct {
428 : or_options_t *opt;
429 : } options_test_data_t;
430 :
431 : static void free_options_test_data(options_test_data_t *td);
432 :
433 : static options_test_data_t *
434 341 : get_options_test_data(const char *conf)
435 : {
436 341 : int rv = -1;
437 341 : char *msg = NULL;
438 341 : config_line_t *cl=NULL;
439 341 : options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
440 341 : result->opt = options_new();
441 :
442 341 : options_init(result->opt);
443 :
444 341 : rv = config_get_lines(conf, &cl, 1);
445 341 : tt_int_op(rv, OP_EQ, 0);
446 341 : rv = config_assign(get_options_mgr(), result->opt, cl, 0, &msg);
447 341 : if (msg) {
448 : /* Display the parse error message by comparing it with an empty string */
449 0 : tt_str_op(msg, OP_EQ, "");
450 : }
451 341 : tt_int_op(rv, OP_EQ, 0);
452 341 : config_free_lines(cl);
453 341 : result->opt->LogTimeGranularity = 1;
454 341 : result->opt->TokenBucketRefillInterval = 1;
455 341 : rv = config_get_lines("", &cl, 1);
456 341 : tt_int_op(rv, OP_EQ, 0);
457 :
458 341 : done:
459 341 : config_free_lines(cl);
460 341 : if (rv != 0) {
461 0 : free_options_test_data(result);
462 0 : result = NULL;
463 : /* Callers expect a non-NULL result, so just die if we can't provide one.
464 : */
465 0 : tor_assert(0);
466 : }
467 341 : return result;
468 : }
469 :
470 : static void
471 358 : free_options_test_data(options_test_data_t *td)
472 : {
473 358 : if (!td) return;
474 341 : or_options_free(td->opt);
475 341 : tor_free(td);
476 : }
477 :
478 : static void
479 1 : test_options_validate__uname_for_server(void *ignored)
480 : {
481 1 : (void)ignored;
482 1 : char *msg;
483 :
484 : #ifndef _WIN32
485 1 : int unset_home_env = 0;
486 1 : if (setenv("HOME", "/home/john", 0) == 0)
487 1 : unset_home_env = 1;
488 : #endif
489 :
490 1 : options_test_data_t *tdata = get_options_test_data(
491 : "ORPort 127.0.0.1:5555\n"
492 : "ContactInfo nobody@example.com");
493 1 : setup_capture_of_logs(LOG_WARN);
494 :
495 1 : MOCK(get_uname, fixed_get_uname);
496 1 : fixed_get_uname_result = "Windows 95";
497 1 : options_validate(NULL, tdata->opt, &msg);
498 1 : expect_log_msg("Tor is running as a server, but you"
499 : " are running Windows 95; this probably won't work. See https://www"
500 1 : ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
501 1 : tor_free(msg);
502 :
503 1 : fixed_get_uname_result = "Windows 98";
504 1 : mock_clean_saved_logs();
505 1 : options_validate(NULL, tdata->opt, &msg);
506 1 : expect_log_msg("Tor is running as a server, but you"
507 : " are running Windows 98; this probably won't work. See https://www"
508 1 : ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
509 1 : tor_free(msg);
510 :
511 1 : fixed_get_uname_result = "Windows Me";
512 1 : mock_clean_saved_logs();
513 1 : options_validate(NULL, tdata->opt, &msg);
514 1 : expect_log_msg("Tor is running as a server, but you"
515 : " are running Windows Me; this probably won't work. See https://www"
516 1 : ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
517 1 : tor_free(msg);
518 :
519 1 : fixed_get_uname_result = "Windows 2000";
520 1 : mock_clean_saved_logs();
521 1 : options_validate(NULL, tdata->opt, &msg);
522 1 : expect_no_log_msg("Tor is running as a server, but you ");
523 1 : tor_free(msg);
524 :
525 1 : done:
526 1 : UNMOCK(get_uname);
527 1 : free_options_test_data(tdata);
528 1 : tor_free(msg);
529 1 : teardown_capture_of_logs();
530 : #ifndef _WIN32
531 1 : if (unset_home_env)
532 1 : unsetenv("HOME");
533 : #endif
534 1 : }
535 :
536 : static void
537 1 : test_options_validate__outbound_addresses(void *ignored)
538 : {
539 1 : (void)ignored;
540 1 : int ret;
541 1 : char *msg;
542 1 : options_test_data_t *tdata = get_options_test_data(
543 : "OutboundBindAddress xxyy!!!sdfaf");
544 :
545 1 : ret = options_validate(NULL, tdata->opt, &msg);
546 1 : tt_int_op(ret, OP_EQ, -1);
547 1 : tt_str_op(msg, OP_EQ, "Multiple outbound bind addresses configured: "
548 : "xxyy!!!sdfaf");
549 :
550 1 : done:
551 1 : free_options_test_data(tdata);
552 1 : tor_free(msg);
553 1 : }
554 :
555 : static void
556 1 : test_options_validate__data_directory(void *ignored)
557 : {
558 1 : (void)ignored;
559 1 : int ret;
560 1 : char *msg;
561 1 : options_test_data_t *tdata = get_options_test_data(
562 : "DataDirectory longreallyl"
563 : "ongLONGLONGlongreallylong"
564 : "LONGLONGlongreallylongLON"
565 : "GLONGlongreallylongLONGLO"
566 : "NGlongreallylongLONGLONGl"
567 : "ongreallylongLONGLONGlong"
568 : "reallylongLONGLONGlongrea"
569 : "llylongLONGLONGlongreally"
570 : "longLONGLONGlongreallylon"
571 : "gLONGLONGlongreallylongLO"
572 : "NGLONGlongreallylongLONGL"
573 : "ONGlongreallylongLONGLONG"
574 : "longreallylongLONGLONGlon"
575 : "greallylongLONGLONGlongre"
576 : "allylongLONGLONGlongreall"
577 : "ylongLONGLONGlongreallylo"
578 : "ngLONGLONGlongreallylongL"
579 : "ONGLONGlongreallylongLONG"
580 : "LONG"); // 440 characters
581 :
582 1 : ret = options_validate(NULL, tdata->opt, &msg);
583 1 : tt_int_op(ret, OP_EQ, -1);
584 1 : tt_str_op(msg, OP_EQ, "Invalid DataDirectory");
585 :
586 1 : done:
587 1 : free_options_test_data(tdata);
588 1 : tor_free(msg);
589 1 : }
590 :
591 : static void
592 1 : test_options_validate__nickname(void *ignored)
593 : {
594 1 : (void)ignored;
595 1 : int ret;
596 1 : char *msg;
597 1 : options_test_data_t *tdata = get_options_test_data(
598 : "Nickname ThisNickNameIsABitTooLong");
599 :
600 1 : ret = options_validate(NULL, tdata->opt, &msg);
601 1 : tt_int_op(ret, OP_EQ, -1);
602 1 : tt_str_op(msg, OP_EQ,
603 : "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between "
604 : "1 and 19 characters inclusive, and must contain only the "
605 : "characters [a-zA-Z0-9].");
606 1 : tor_free(msg);
607 :
608 1 : free_options_test_data(tdata);
609 1 : tdata = get_options_test_data("Nickname AMoreValidNick");
610 1 : ret = options_validate(NULL, tdata->opt, &msg);
611 1 : tt_int_op(ret, OP_EQ, 0);
612 1 : tor_free(msg);
613 :
614 1 : free_options_test_data(tdata);
615 1 : tdata = get_options_test_data("DataDirectory /tmp/somewhere");
616 1 : ret = options_validate(NULL, tdata->opt, &msg);
617 1 : tt_int_op(ret, OP_EQ, 0);
618 :
619 1 : done:
620 1 : free_options_test_data(tdata);
621 1 : tor_free(msg);
622 1 : }
623 :
624 : static void
625 1 : test_options_validate__contactinfo(void *ignored)
626 : {
627 1 : (void)ignored;
628 1 : int ret;
629 1 : char *msg;
630 1 : options_test_data_t *tdata = get_options_test_data(
631 : "ORPort 127.0.0.1:5555");
632 1 : setup_capture_of_logs(LOG_DEBUG);
633 1 : tdata->opt->ContactInfo = NULL;
634 :
635 1 : ret = options_validate(NULL, tdata->opt, &msg);
636 1 : tt_int_op(ret, OP_EQ, 0);
637 1 : expect_log_msg(
638 : "Your ContactInfo config option is not set. Please strongly "
639 : "consider setting it, so we can contact you if your relay is "
640 : "misconfigured, end-of-life, or something else goes wrong. It "
641 : "is also possible that your relay might get rejected from the "
642 1 : "network due to a missing valid contact address.\n");
643 1 : tor_free(msg);
644 :
645 1 : free_options_test_data(tdata);
646 1 : tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
647 : "ContactInfo hella@example.org");
648 1 : mock_clean_saved_logs();
649 1 : ret = options_validate(NULL, tdata->opt, &msg);
650 1 : tt_int_op(ret, OP_EQ, 0);
651 1 : expect_no_log_msg(
652 : "Your ContactInfo config option is not set. Please strongly "
653 : "consider setting it, so we can contact you if your relay is "
654 : "misconfigured, end-of-life, or something else goes wrong. It "
655 : "is also possible that your relay might get rejected from the "
656 : "network due to a missing valid contact address.\n");
657 1 : tor_free(msg);
658 :
659 1 : done:
660 1 : teardown_capture_of_logs();
661 1 : free_options_test_data(tdata);
662 1 : tor_free(msg);
663 1 : }
664 :
665 : static void
666 1 : test_options_validate__logs(void *ignored)
667 : {
668 1 : (void)ignored;
669 1 : int ret;
670 1 : (void)ret;
671 1 : char *msg;
672 1 : int orig_quiet_level = quiet_level;
673 1 : options_test_data_t *tdata = get_options_test_data("");
674 1 : tdata->opt->Logs = NULL;
675 1 : tdata->opt->RunAsDaemon = 0;
676 :
677 1 : ret = options_validate(NULL, tdata->opt, &msg);
678 1 : tt_assert(!tdata->opt->Logs);
679 1 : tor_free(msg);
680 1 : tt_int_op(ret, OP_EQ, 0);
681 :
682 1 : free_options_test_data(tdata);
683 1 : tdata = get_options_test_data("");
684 1 : tdata->opt->Logs = NULL;
685 1 : tdata->opt->RunAsDaemon = 0;
686 1 : quiet_level = 1;
687 1 : ret = options_validate(NULL, tdata->opt, &msg);
688 1 : tt_assert(!tdata->opt->Logs);
689 1 : tor_free(msg);
690 1 : tt_int_op(ret, OP_EQ, 0);
691 :
692 1 : free_options_test_data(tdata);
693 1 : tdata = get_options_test_data("");
694 1 : tdata->opt->Logs = NULL;
695 1 : tdata->opt->RunAsDaemon = 0;
696 1 : quiet_level = 2;
697 1 : ret = options_validate(NULL, tdata->opt, &msg);
698 1 : tt_assert(!tdata->opt->Logs);
699 1 : tor_free(msg);
700 1 : tt_int_op(ret, OP_EQ, 0);
701 :
702 1 : free_options_test_data(tdata);
703 1 : tdata = get_options_test_data("");
704 1 : tdata->opt->Logs = NULL;
705 1 : tdata->opt->RunAsDaemon = 0;
706 1 : ret = options_validate(NULL, tdata->opt, &msg);
707 1 : tt_assert(!tdata->opt->Logs);
708 1 : tor_free(msg);
709 1 : tt_int_op(ret, OP_EQ, 0);
710 :
711 1 : free_options_test_data(tdata);
712 1 : tdata = get_options_test_data("");
713 1 : tdata->opt->Logs = NULL;
714 1 : tdata->opt->RunAsDaemon = 1;
715 1 : ret = options_validate(NULL, tdata->opt, &msg);
716 1 : tt_assert(!tdata->opt->Logs);
717 1 : tor_free(msg);
718 : #ifdef _WIN32
719 : /* Can't RunAsDaemon on Windows. */
720 : tt_int_op(ret, OP_EQ, -1);
721 : #else
722 1 : tt_int_op(ret, OP_EQ, 0);
723 : #endif /* defined(_WIN32) */
724 :
725 1 : free_options_test_data(tdata);
726 1 : tdata = get_options_test_data("");
727 1 : tdata->opt->RunAsDaemon = 0;
728 1 : config_line_t *cl=NULL;
729 1 : config_get_lines("Log foo", &cl, 1);
730 1 : tdata->opt->Logs = cl;
731 1 : ret = options_validate(NULL, tdata->opt, &msg);
732 1 : tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl);
733 1 : tt_int_op(ret, OP_EQ, -1);
734 :
735 1 : done:
736 1 : quiet_level = orig_quiet_level;
737 1 : free_options_test_data(tdata);
738 1 : tor_free(msg);
739 1 : }
740 :
741 : /* static config_line_t * */
742 : /* mock_config_line(const char *key, const char *val) */
743 : /* { */
744 : /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
745 : /* memset(config_line, 0, sizeof(config_line_t)); */
746 : /* config_line->key = tor_strdup(key); */
747 : /* config_line->value = tor_strdup(val); */
748 : /* return config_line; */
749 : /* } */
750 :
751 : static void
752 1 : test_options_validate__authdir(void *ignored)
753 : {
754 1 : (void)ignored;
755 1 : int ret;
756 1 : char *msg;
757 1 : setup_capture_of_logs(LOG_INFO);
758 1 : options_test_data_t *tdata = get_options_test_data(
759 : ENABLE_AUTHORITY_V3_MIN
760 : "Address this.should.not!exist!.example.org");
761 1 : const dirauth_options_t *da_opt;
762 :
763 1 : sandbox_disable_getaddrinfo_cache();
764 :
765 1 : MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
766 1 : ret = options_validate(NULL, tdata->opt, &msg);
767 1 : UNMOCK(tor_addr_lookup);
768 1 : tt_int_op(ret, OP_EQ, -1);
769 1 : tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
770 : " details.");
771 1 : expect_log_msg("Could not resolve local Address "
772 1 : "'this.should.not!exist!.example.org'. Failing.\n");
773 1 : tor_free(msg);
774 :
775 1 : free_options_test_data(tdata);
776 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
777 : "Address 100.200.10.1");
778 1 : mock_clean_saved_logs();
779 1 : ret = options_validate(NULL, tdata->opt, &msg);
780 1 : tt_int_op(ret, OP_EQ, -1);
781 1 : tt_str_op(msg, OP_EQ, "Authoritative directory servers must set "
782 : "ContactInfo");
783 1 : tor_free(msg);
784 :
785 1 : free_options_test_data(tdata);
786 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
787 : "Address 100.200.10.1\n");
788 1 : mock_clean_saved_logs();
789 1 : ret = options_validate(NULL, tdata->opt, &msg);
790 1 : tt_int_op(ret, OP_EQ, -1);
791 1 : tt_str_op(msg, OP_EQ,
792 : "Authoritative directory servers must set ContactInfo");
793 1 : tor_free(msg);
794 :
795 1 : free_options_test_data(tdata);
796 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_MIN
797 : "Address 100.200.10.1\n"
798 : "TestingTorNetwork 1\n");
799 1 : mock_clean_saved_logs();
800 1 : ret = options_validate(NULL, tdata->opt, &msg);
801 1 : tt_int_op(ret, OP_EQ, -1);
802 1 : tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
803 : "AuthoritativeDir is set.");
804 1 : tor_free(msg);
805 :
806 1 : free_options_test_data(tdata);
807 1 : tdata = get_options_test_data(ENABLE_AUTHORITY);
808 1 : mock_clean_saved_logs();
809 1 : ret = options_validate(NULL, tdata->opt, &msg);
810 1 : tt_int_op(ret, OP_EQ, -1);
811 1 : tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
812 : "AuthoritativeDir is set.");
813 1 : tor_free(msg);
814 :
815 1 : free_options_test_data(tdata);
816 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
817 : "RecommendedVersions 1.2, 3.14\n");
818 1 : mock_clean_saved_logs();
819 1 : options_validate(NULL, tdata->opt, &msg);
820 1 : da_opt = get_dirauth_options(tdata->opt);
821 1 : tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14");
822 1 : tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14");
823 1 : tor_free(msg);
824 :
825 1 : free_options_test_data(tdata);
826 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
827 : "RecommendedVersions 1.2, 3.14\n"
828 : "RecommendedClientVersions 25\n"
829 : "RecommendedServerVersions 4.18\n");
830 1 : mock_clean_saved_logs();
831 1 : options_validate(NULL, tdata->opt, &msg);
832 1 : da_opt = get_dirauth_options(tdata->opt);
833 1 : tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "25");
834 1 : tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "4.18");
835 1 : tor_free(msg);
836 :
837 1 : free_options_test_data(tdata);
838 1 : tdata = get_options_test_data(ENABLE_AUTHORITY
839 : "VersioningAuthoritativeDirectory 1\n"
840 : "RecommendedVersions 1.2, 3.14\n"
841 : "RecommendedClientVersions 25\n"
842 : "RecommendedServerVersions 4.18\n");
843 1 : mock_clean_saved_logs();
844 1 : options_validate(NULL, tdata->opt, &msg);
845 1 : da_opt = get_dirauth_options(tdata->opt);
846 1 : tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
847 : "AuthoritativeDir is set.");
848 1 : tor_free(msg);
849 :
850 1 : free_options_test_data(tdata);
851 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
852 : "VersioningAuthoritativeDirectory 1\n"
853 : "RecommendedServerVersions 4.18\n");
854 1 : mock_clean_saved_logs();
855 1 : options_validate(NULL, tdata->opt, &msg);
856 1 : da_opt = get_dirauth_options(tdata->opt);
857 1 : tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
858 : "Recommended*Versions.");
859 1 : tor_free(msg);
860 :
861 1 : free_options_test_data(tdata);
862 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
863 : "VersioningAuthoritativeDirectory 1\n"
864 : "RecommendedClientVersions 4.18\n");
865 1 : mock_clean_saved_logs();
866 1 : options_validate(NULL, tdata->opt, &msg);
867 1 : da_opt = get_dirauth_options(tdata->opt);
868 1 : tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
869 : "Recommended*Versions.");
870 1 : tor_free(msg);
871 1 : da_opt = NULL;
872 :
873 1 : free_options_test_data(tdata);
874 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
875 : "UseEntryGuards 1\n");
876 1 : mock_clean_saved_logs();
877 1 : options_validate(NULL, tdata->opt, &msg);
878 1 : expect_log_msg("Authoritative directory servers "
879 1 : "can't set UseEntryGuards. Disabling.\n");
880 1 : tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0);
881 1 : tor_free(msg);
882 :
883 1 : free_options_test_data(tdata);
884 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
885 : "DownloadExtraInfo 0\n");
886 1 : mock_clean_saved_logs();
887 1 : options_validate(NULL, tdata->opt, &msg);
888 1 : expect_log_msg("Authoritative directories always try"
889 1 : " to download extra-info documents. Setting DownloadExtraInfo.\n");
890 1 : tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
891 1 : tor_free(msg);
892 :
893 1 : free_options_test_data(tdata);
894 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
895 : "V3BandwidthsFile non-existent-file\n");
896 1 : mock_clean_saved_logs();
897 1 : options_validate(NULL, tdata->opt, &msg);
898 1 : expect_log_msg("Can't open bandwidth file at configured location: "
899 1 : "non-existent-file\n");
900 1 : tor_free(msg);
901 :
902 1 : free_options_test_data(tdata);
903 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
904 : "GuardfractionFile non-existent-file\n");
905 1 : mock_clean_saved_logs();
906 1 : options_validate(NULL, tdata->opt, &msg);
907 1 : expect_log_msg("Cannot open guardfraction file 'non-existent-file'. "
908 1 : "Failing.\n");
909 1 : tor_free(msg);
910 :
911 1 : free_options_test_data(tdata);
912 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
913 : "Address 100.200.10.1\n"
914 : "ORPort 2000\n"
915 : "ContactInfo hello@hello.com\n");
916 1 : mock_clean_saved_logs();
917 1 : ret = options_validate(NULL, tdata->opt, &msg);
918 1 : tt_int_op(ret, OP_EQ, -1);
919 1 : tt_str_op(msg, OP_EQ,
920 : "Running as authoritative directory, but no DirPort set.");
921 1 : tor_free(msg);
922 :
923 1 : free_options_test_data(tdata);
924 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
925 : "Address 100.200.10.1\n"
926 : "ORPort 2000\n"
927 : "ContactInfo hello@hello.com\n");
928 1 : mock_clean_saved_logs();
929 1 : ret = options_validate(NULL, tdata->opt, &msg);
930 1 : tt_int_op(ret, OP_EQ, -1);
931 1 : tt_str_op(msg, OP_EQ,
932 : "Running as authoritative directory, but no DirPort set.");
933 1 : tor_free(msg);
934 :
935 1 : free_options_test_data(tdata);
936 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
937 : "Address 100.200.10.1\n"
938 : "DirPort 999\n"
939 : "ContactInfo hello@hello.com\n");
940 1 : mock_clean_saved_logs();
941 1 : ret = options_validate(NULL, tdata->opt, &msg);
942 1 : tt_int_op(ret, OP_EQ, -1);
943 1 : tt_str_op(msg, OP_EQ,
944 : "Running as authoritative directory, but no ORPort set.");
945 1 : tor_free(msg);
946 :
947 1 : free_options_test_data(tdata);
948 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
949 : "Address 100.200.10.1\n"
950 : "DirPort 999\n"
951 : "ContactInfo hello@hello.com\n");
952 1 : mock_clean_saved_logs();
953 1 : ret = options_validate(NULL, tdata->opt, &msg);
954 1 : tt_int_op(ret, OP_EQ, -1);
955 1 : tt_str_op(msg, OP_EQ,
956 : "Running as authoritative directory, but no ORPort set.");
957 1 : tor_free(msg);
958 :
959 1 : free_options_test_data(tdata);
960 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
961 : "ClientOnly 1\n");
962 : /* We have to call the dirauth-specific function, and fake port parsing,
963 : * to hit this case */
964 1 : tdata->opt->DirPort_set = 1;
965 1 : tdata->opt->ORPort_set = 1;
966 1 : mock_clean_saved_logs();
967 1 : ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg);
968 1 : tt_int_op(ret, OP_EQ, -1);
969 1 : tt_str_op(msg, OP_EQ, "Running as authoritative directory, "
970 : "but ClientOnly also set.");
971 1 : tor_free(msg);
972 :
973 1 : free_options_test_data(tdata);
974 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE
975 : "ClientOnly 1\n");
976 : /* We have to call the dirauth-specific function, and fake port parsing,
977 : * to hit this case */
978 1 : tdata->opt->DirPort_set = 1;
979 1 : tdata->opt->ORPort_set = 1;
980 1 : mock_clean_saved_logs();
981 1 : ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg);
982 1 : tt_int_op(ret, OP_EQ, -1);
983 1 : tt_str_op(msg, OP_EQ, "Running as authoritative directory, "
984 : "but ClientOnly also set.");
985 1 : tor_free(msg);
986 :
987 1 : done:
988 1 : teardown_capture_of_logs();
989 : // sandbox_free_getaddrinfo_cache();
990 1 : free_options_test_data(tdata);
991 1 : tor_free(msg);
992 1 : }
993 :
994 : static void
995 1 : test_options_validate__relay_with_hidden_services(void *ignored)
996 : {
997 1 : (void)ignored;
998 1 : char *msg;
999 1 : int ret;
1000 1 : setup_capture_of_logs(LOG_DEBUG);
1001 1 : options_test_data_t *tdata = get_options_test_data(
1002 : "ORPort 127.0.0.1:5555\n"
1003 : "HiddenServiceDir "
1004 : "/Library/Tor/var/lib/tor/hidden_service/\n"
1005 : "HiddenServicePort 80 127.0.0.1:8080\n"
1006 : );
1007 :
1008 1 : ret = options_validate(NULL, tdata->opt, &msg);
1009 1 : tt_int_op(ret, OP_EQ, 0);
1010 1 : expect_log_msg(
1011 : "Tor is currently configured as a relay and a hidden service. "
1012 : "That's not very secure: you should probably run your hidden servi"
1013 : "ce in a separate Tor process, at least -- see "
1014 1 : "https://bugs.torproject.org/tpo/core/tor/8742.\n");
1015 :
1016 1 : done:
1017 1 : teardown_capture_of_logs();
1018 1 : free_options_test_data(tdata);
1019 1 : tor_free(msg);
1020 1 : }
1021 :
1022 : static void
1023 1 : test_options_validate__listen_ports(void *ignored)
1024 : {
1025 1 : (void)ignored;
1026 1 : int ret;
1027 1 : char *msg;
1028 1 : setup_capture_of_logs(LOG_WARN);
1029 1 : options_test_data_t *tdata = get_options_test_data("SOCKSPort 0");
1030 1 : ret = options_validate(NULL, tdata->opt, &msg);
1031 1 : tt_int_op(ret, OP_EQ, 0);
1032 1 : expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort "
1033 : "are all undefined, and there aren't any hidden services "
1034 : "configured. "
1035 1 : " Tor will still run, but probably won't do anything.\n");
1036 1 : done:
1037 1 : teardown_capture_of_logs();
1038 1 : free_options_test_data(tdata);
1039 1 : tor_free(msg);
1040 1 : }
1041 :
1042 : static void
1043 1 : test_options_validate__transproxy(void *ignored)
1044 : {
1045 1 : (void)ignored;
1046 1 : int ret;
1047 1 : char *msg;
1048 1 : options_test_data_t *tdata;
1049 :
1050 : #ifdef USE_TRANSPARENT
1051 : // Test default trans proxy
1052 1 : tdata = get_options_test_data("TransProxyType default\n");
1053 :
1054 1 : ret = options_validate(NULL, tdata->opt, &msg);
1055 1 : tt_int_op(ret, OP_EQ, 0);
1056 1 : tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT);
1057 1 : tor_free(msg);
1058 :
1059 : // Test pf-divert trans proxy
1060 1 : free_options_test_data(tdata);
1061 1 : tdata = get_options_test_data("TransProxyType pf-divert\n");
1062 1 : ret = options_validate(NULL, tdata->opt, &msg);
1063 1 : tt_int_op(ret, OP_EQ, -1);
1064 :
1065 : #if !defined(OpenBSD) && !defined(DARWIN)
1066 1 : tt_str_op(msg, OP_EQ,
1067 : "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
1068 : #else
1069 : tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT);
1070 : tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without "
1071 : "any valid TransPort.");
1072 : #endif /* !defined(OpenBSD) && !defined(DARWIN) */
1073 1 : tor_free(msg);
1074 :
1075 : // Test tproxy trans proxy
1076 1 : free_options_test_data(tdata);
1077 1 : tdata = get_options_test_data("TransProxyType tproxy\n");
1078 1 : ret = options_validate(NULL, tdata->opt, &msg);
1079 1 : tt_int_op(ret, OP_EQ, -1);
1080 :
1081 : #if !defined(__linux__)
1082 : tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature.");
1083 : #else
1084 1 : tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY);
1085 1 : tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1086 : "TransPort.");
1087 : #endif /* !defined(__linux__) */
1088 1 : tor_free(msg);
1089 :
1090 : // Test ipfw trans proxy
1091 1 : free_options_test_data(tdata);
1092 1 : tdata = get_options_test_data("TransProxyType ipfw\n");
1093 1 : ret = options_validate(NULL, tdata->opt, &msg);
1094 1 : tt_int_op(ret, OP_EQ, -1);
1095 :
1096 : #ifndef KERNEL_MAY_SUPPORT_IPFW
1097 1 : tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specific and OS X/Darwin-specific "
1098 : "feature.");
1099 : #else
1100 : tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW);
1101 : tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1102 : "TransPort.");
1103 : #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */
1104 1 : tor_free(msg);
1105 :
1106 : // Test unknown trans proxy
1107 1 : free_options_test_data(tdata);
1108 1 : tdata = get_options_test_data("TransProxyType non-existent\n");
1109 1 : ret = options_validate(NULL, tdata->opt, &msg);
1110 1 : tt_int_op(ret, OP_EQ, -1);
1111 1 : tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType");
1112 1 : tor_free(msg);
1113 :
1114 : // Test trans proxy success
1115 1 : free_options_test_data(tdata);
1116 1 : tdata = NULL;
1117 :
1118 : #if defined(__linux__)
1119 1 : tdata = get_options_test_data("TransProxyType tproxy\n"
1120 : "TransPort 127.0.0.1:123\n");
1121 1 : ret = options_validate(NULL, tdata->opt, &msg);
1122 1 : tt_int_op(ret, OP_EQ, 0);
1123 : #elif defined(KERNEL_MAY_SUPPORT_IPFW)
1124 : tdata = get_options_test_data("TransProxyType ipfw\n"
1125 : "TransPort 127.0.0.1:123\n");
1126 : ret = options_validate(NULL, tdata->opt, &msg);
1127 : tt_int_op(ret, OP_EQ, 0);
1128 : tor_free(msg);
1129 : #elif defined(OpenBSD)
1130 : tdata = get_options_test_data("TransProxyType pf-divert\n"
1131 : "TransPort 127.0.0.1:123\n");
1132 : ret = options_validate(NULL, tdata->opt, &msg);
1133 : tt_int_op(ret, OP_EQ, 0);
1134 : tor_free(msg);
1135 : #elif defined(__NetBSD__)
1136 : tdata = get_options_test_data("TransProxyType default\n"
1137 : "TransPort 127.0.0.1:123\n");
1138 : ret = options_validate(NULL, tdata->opt, &msg);
1139 : tt_int_op(ret, OP_EQ, 0);
1140 : tor_free(msg);
1141 : #endif /* defined(__linux__) || ... */
1142 :
1143 : // Assert that a test has run for some TransProxyType
1144 1 : tt_assert(tdata);
1145 :
1146 : #else /* !defined(USE_TRANSPARENT) */
1147 : tdata = get_options_test_data("TransPort 127.0.0.1:555\n");
1148 :
1149 : ret = options_validate(NULL, tdata->opt, &msg);
1150 : tt_int_op(ret, OP_EQ, -1);
1151 : tt_str_op(msg, OP_EQ, "TransPort is disabled in this build.");
1152 : tor_free(msg);
1153 : #endif /* defined(USE_TRANSPARENT) */
1154 :
1155 1 : done:
1156 1 : free_options_test_data(tdata);
1157 1 : tor_free(msg);
1158 1 : }
1159 :
1160 : static country_t opt_tests_geoip_get_country(const char *country);
1161 : ATTR_UNUSED static int opt_tests_geoip_get_country_called = 0;
1162 :
1163 : static country_t
1164 0 : opt_tests_geoip_get_country(const char *countrycode)
1165 : {
1166 0 : (void)countrycode;
1167 0 : opt_tests_geoip_get_country_called++;
1168 :
1169 0 : return 1;
1170 : }
1171 :
1172 : static void
1173 1 : test_options_validate__exclude_nodes(void *ignored)
1174 : {
1175 1 : (void)ignored;
1176 :
1177 1 : MOCK(geoip_get_country,
1178 : opt_tests_geoip_get_country);
1179 :
1180 1 : int ret;
1181 1 : char *msg;
1182 1 : setup_capture_of_logs(LOG_WARN);
1183 1 : options_test_data_t *tdata = get_options_test_data(
1184 : "ExcludeExitNodes {us}\n");
1185 :
1186 1 : ret = options_validate(NULL, tdata->opt, &msg);
1187 1 : tt_int_op(ret, OP_EQ, 0);
1188 1 : tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1189 1 : tt_str_op((char *)
1190 : (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1191 : OP_EQ, "{us}");
1192 1 : tor_free(msg);
1193 :
1194 1 : free_options_test_data(tdata);
1195 1 : tdata = get_options_test_data("ExcludeNodes {cn}\n");
1196 1 : ret = options_validate(NULL, tdata->opt, &msg);
1197 1 : tt_int_op(ret, OP_EQ, 0);
1198 1 : tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1199 1 : tt_str_op((char *)
1200 : (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1201 : OP_EQ, "{cn}");
1202 1 : tor_free(msg);
1203 :
1204 1 : free_options_test_data(tdata);
1205 1 : tdata = get_options_test_data("ExcludeNodes {cn}\n"
1206 : "ExcludeExitNodes {us} {cn}\n");
1207 1 : ret = options_validate(NULL, tdata->opt, &msg);
1208 1 : tt_int_op(ret, OP_EQ, 0);
1209 1 : tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2);
1210 1 : tt_str_op((char *)
1211 : (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1212 : OP_EQ, "{us} {cn}");
1213 1 : tt_str_op((char *)
1214 : (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)),
1215 : OP_EQ, "{cn}");
1216 1 : tor_free(msg);
1217 :
1218 1 : free_options_test_data(tdata);
1219 1 : tdata = get_options_test_data("ExcludeNodes {cn}\n"
1220 : "StrictNodes 1\n");
1221 1 : mock_clean_saved_logs();
1222 1 : ret = options_validate(NULL, tdata->opt, &msg);
1223 1 : tt_int_op(ret, OP_EQ, 0);
1224 1 : expect_log_msg(
1225 : "You have asked to exclude certain relays from all positions "
1226 : "in your circuits. Expect hidden services and other Tor "
1227 1 : "features to be broken in unpredictable ways.\n");
1228 1 : tor_free(msg);
1229 :
1230 1 : free_options_test_data(tdata);
1231 1 : tdata = get_options_test_data("ExcludeNodes {cn}\n");
1232 1 : mock_clean_saved_logs();
1233 1 : ret = options_validate(NULL, tdata->opt, &msg);
1234 1 : tt_int_op(ret, OP_EQ, 0);
1235 1 : expect_no_log_msg(
1236 : "You have asked to exclude certain relays from all positions "
1237 : "in your circuits. Expect hidden services and other Tor "
1238 : "features to be broken in unpredictable ways.\n");
1239 1 : tor_free(msg);
1240 :
1241 1 : done:
1242 1 : UNMOCK(geoip_get_country);
1243 1 : teardown_capture_of_logs();
1244 1 : free_options_test_data(tdata);
1245 1 : tor_free(msg);
1246 1 : }
1247 :
1248 : static void
1249 1 : test_options_validate__node_families(void *ignored)
1250 : {
1251 1 : (void)ignored;
1252 1 : int ret;
1253 1 : char *msg;
1254 1 : options_test_data_t *tdata = get_options_test_data(
1255 : "NodeFamily flux, flax\n"
1256 : "NodeFamily somewhere\n");
1257 :
1258 1 : ret = options_validate(NULL, tdata->opt, &msg);
1259 1 : tt_int_op(ret, OP_EQ, 0);
1260 1 : tt_assert(tdata->opt->NodeFamilySets);
1261 1 : tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2);
1262 1 : tt_str_op((char *)(smartlist_get(
1263 : ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)),
1264 : OP_EQ, "flux");
1265 1 : tt_str_op((char *)(smartlist_get(
1266 : ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)),
1267 : OP_EQ, "flax");
1268 1 : tt_str_op((char *)(smartlist_get(
1269 : ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)),
1270 : OP_EQ, "somewhere");
1271 1 : tor_free(msg);
1272 :
1273 1 : free_options_test_data(tdata);
1274 1 : tdata = get_options_test_data("");
1275 :
1276 1 : ret = options_validate(NULL, tdata->opt, &msg);
1277 1 : tt_int_op(ret, OP_EQ, 0);
1278 1 : tt_assert(!tdata->opt->NodeFamilySets);
1279 1 : tor_free(msg);
1280 :
1281 1 : free_options_test_data(tdata);
1282 1 : tdata = get_options_test_data("NodeFamily !flux\n");
1283 :
1284 1 : ret = options_validate(NULL, tdata->opt, &msg);
1285 1 : tt_int_op(ret, OP_EQ, -1);
1286 1 : tt_assert(tdata->opt->NodeFamilySets);
1287 1 : tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0);
1288 1 : tor_free(msg);
1289 :
1290 1 : done:
1291 1 : free_options_test_data(tdata);
1292 1 : tor_free(msg);
1293 1 : }
1294 :
1295 : static void
1296 1 : test_options_validate__token_bucket(void *ignored)
1297 : {
1298 1 : (void)ignored;
1299 1 : int ret;
1300 1 : char *msg;
1301 1 : options_test_data_t *tdata = get_options_test_data("");
1302 :
1303 1 : tdata->opt->TokenBucketRefillInterval = 0;
1304 1 : ret = options_validate(NULL, tdata->opt, &msg);
1305 1 : tt_int_op(ret, OP_EQ, -1);
1306 1 : tt_str_op(msg, OP_EQ,
1307 : "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1308 1 : tor_free(msg);
1309 :
1310 1 : tdata->opt->TokenBucketRefillInterval = 1001;
1311 1 : ret = options_validate(NULL, tdata->opt, &msg);
1312 1 : tt_int_op(ret, OP_EQ, -1);
1313 1 : tt_str_op(msg, OP_EQ,
1314 : "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1315 1 : tor_free(msg);
1316 :
1317 1 : done:
1318 1 : free_options_test_data(tdata);
1319 1 : tor_free(msg);
1320 1 : }
1321 :
1322 : static void
1323 1 : test_options_validate__fetch_dir(void *ignored)
1324 : {
1325 1 : (void)ignored;
1326 1 : int ret;
1327 1 : char *msg;
1328 1 : options_test_data_t *tdata = get_options_test_data(
1329 : "FetchDirInfoExtraEarly 1\n"
1330 : "FetchDirInfoEarly 0\n");
1331 :
1332 1 : ret = options_validate(NULL, tdata->opt, &msg);
1333 1 : tt_int_op(ret, OP_EQ, -1);
1334 1 : tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you"
1335 : " also set FetchDirInfoEarly");
1336 1 : tor_free(msg);
1337 :
1338 1 : free_options_test_data(tdata);
1339 1 : tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n"
1340 : "FetchDirInfoEarly 1\n");
1341 :
1342 1 : ret = options_validate(NULL, tdata->opt, &msg);
1343 1 : tt_int_op(ret, OP_EQ, 0);
1344 1 : tor_free(msg);
1345 :
1346 1 : done:
1347 1 : free_options_test_data(tdata);
1348 1 : tor_free(msg);
1349 1 : }
1350 :
1351 : static void
1352 1 : test_options_validate__conn_limit(void *ignored)
1353 : {
1354 1 : (void)ignored;
1355 1 : int ret;
1356 1 : char *msg;
1357 1 : options_test_data_t *tdata = get_options_test_data(
1358 : "ConnLimit 0\n");
1359 :
1360 1 : ret = options_validate(NULL, tdata->opt, &msg);
1361 1 : tt_int_op(ret, OP_EQ, -1);
1362 1 : tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1363 1 : tor_free(msg);
1364 :
1365 1 : free_options_test_data(tdata);
1366 1 : tdata = get_options_test_data("ConnLimit 1\n");
1367 :
1368 1 : ret = options_validate(NULL, tdata->opt, &msg);
1369 1 : tt_int_op(ret, OP_EQ, 0);
1370 1 : tor_free(msg);
1371 :
1372 1 : done:
1373 1 : free_options_test_data(tdata);
1374 1 : tor_free(msg);
1375 1 : }
1376 :
1377 : static void
1378 1 : test_options_validate__paths_needed(void *ignored)
1379 : {
1380 1 : (void)ignored;
1381 1 : int ret;
1382 1 : char *msg;
1383 :
1384 : #ifndef _WIN32
1385 1 : int unset_home_env = 0;
1386 1 : if (setenv("HOME", "/home/john", 0) == 0)
1387 1 : unset_home_env = 1;
1388 : #endif
1389 :
1390 1 : setup_capture_of_logs(LOG_WARN);
1391 1 : options_test_data_t *tdata = get_options_test_data(
1392 : "PathsNeededToBuildCircuits 0.1\n");
1393 :
1394 1 : ret = options_validate(NULL, tdata->opt, &msg);
1395 1 : tt_int_op(ret, OP_EQ, 0);
1396 1 : tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 &&
1397 : tdata->opt->PathsNeededToBuildCircuits < 0.26);
1398 1 : expect_log_msg("PathsNeededToBuildCircuits is too low. "
1399 1 : "Increasing to 0.25\n");
1400 1 : tor_free(msg);
1401 :
1402 1 : free_options_test_data(tdata);
1403 1 : mock_clean_saved_logs();
1404 1 : tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n");
1405 :
1406 1 : ret = options_validate(NULL, tdata->opt, &msg);
1407 1 : tt_int_op(ret, OP_EQ, 0);
1408 1 : tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 &&
1409 : tdata->opt->PathsNeededToBuildCircuits < 0.96);
1410 1 : expect_log_msg("PathsNeededToBuildCircuits is "
1411 1 : "too high. Decreasing to 0.95\n");
1412 1 : tor_free(msg);
1413 :
1414 1 : free_options_test_data(tdata);
1415 1 : mock_clean_saved_logs();
1416 1 : tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n");
1417 :
1418 1 : ret = options_validate(NULL, tdata->opt, &msg);
1419 1 : tt_int_op(ret, OP_EQ, 0);
1420 1 : tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 &&
1421 : tdata->opt->PathsNeededToBuildCircuits < 0.92);
1422 1 : expect_no_log_msg_containing("PathsNeededToBuildCircuits");
1423 1 : tor_free(msg);
1424 :
1425 1 : done:
1426 1 : teardown_capture_of_logs();
1427 1 : free_options_test_data(tdata);
1428 1 : tor_free(msg);
1429 : #ifndef _WIN32
1430 1 : if (unset_home_env)
1431 1 : unsetenv("HOME");
1432 : #endif
1433 1 : }
1434 :
1435 : static void
1436 1 : test_options_validate__max_client_circuits(void *ignored)
1437 : {
1438 1 : (void)ignored;
1439 1 : int ret;
1440 1 : char *msg;
1441 1 : options_test_data_t *tdata = get_options_test_data(
1442 : "MaxClientCircuitsPending 0\n");
1443 :
1444 1 : ret = options_validate(NULL, tdata->opt, &msg);
1445 1 : tt_int_op(ret, OP_EQ, -1);
1446 1 : tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1447 : " but was set to 0");
1448 1 : tor_free(msg);
1449 :
1450 1 : free_options_test_data(tdata);
1451 1 : tdata = get_options_test_data("MaxClientCircuitsPending 1025\n");
1452 :
1453 1 : ret = options_validate(NULL, tdata->opt, &msg);
1454 1 : tt_int_op(ret, OP_EQ, -1);
1455 1 : tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1456 : " but was set to 1025");
1457 1 : tor_free(msg);
1458 :
1459 1 : free_options_test_data(tdata);
1460 1 : tdata = get_options_test_data("MaxClientCircuitsPending 1\n");
1461 :
1462 1 : ret = options_validate(NULL, tdata->opt, &msg);
1463 1 : tt_int_op(ret, OP_EQ, 0);
1464 1 : tor_free(msg);
1465 :
1466 1 : done:
1467 1 : free_options_test_data(tdata);
1468 1 : tor_free(msg);
1469 1 : }
1470 :
1471 : static void
1472 1 : test_options_validate__ports(void *ignored)
1473 : {
1474 1 : (void)ignored;
1475 1 : int ret;
1476 1 : char *msg;
1477 1 : options_test_data_t *tdata = get_options_test_data("FirewallPorts 65537\n");
1478 :
1479 1 : ret = options_validate(NULL, tdata->opt, &msg);
1480 1 : tt_int_op(ret, OP_EQ, -1);
1481 1 : tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts");
1482 1 : tor_free(msg);
1483 :
1484 1 : free_options_test_data(tdata);
1485 1 : tdata = get_options_test_data("FirewallPorts 1\n"
1486 : "LongLivedPorts 124444\n");
1487 :
1488 1 : ret = options_validate(NULL, tdata->opt, &msg);
1489 1 : tt_int_op(ret, OP_EQ, -1);
1490 1 : tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts");
1491 1 : tor_free(msg);
1492 :
1493 1 : free_options_test_data(tdata);
1494 1 : tdata = get_options_test_data("FirewallPorts 1\n"
1495 : "LongLivedPorts 2\n"
1496 : "RejectPlaintextPorts 112233\n");
1497 :
1498 1 : ret = options_validate(NULL, tdata->opt, &msg);
1499 1 : tt_int_op(ret, OP_EQ, -1);
1500 1 : tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts");
1501 1 : tor_free(msg);
1502 :
1503 1 : free_options_test_data(tdata);
1504 1 : tdata = get_options_test_data("FirewallPorts 1\n"
1505 : "LongLivedPorts 2\n"
1506 : "RejectPlaintextPorts 3\n"
1507 : "WarnPlaintextPorts 65536\n");
1508 :
1509 1 : ret = options_validate(NULL, tdata->opt, &msg);
1510 1 : tt_int_op(ret, OP_EQ, -1);
1511 1 : tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts");
1512 1 : tor_free(msg);
1513 :
1514 1 : free_options_test_data(tdata);
1515 1 : tdata = get_options_test_data("FirewallPorts 1\n"
1516 : "LongLivedPorts 2\n"
1517 : "RejectPlaintextPorts 3\n"
1518 : "WarnPlaintextPorts 4\n");
1519 :
1520 1 : ret = options_validate(NULL, tdata->opt, &msg);
1521 1 : tt_int_op(ret, OP_EQ, 0);
1522 1 : tor_free(msg);
1523 :
1524 1 : done:
1525 1 : free_options_test_data(tdata);
1526 1 : tor_free(msg);
1527 1 : }
1528 :
1529 : static void
1530 1 : test_options_validate__reachable_addresses(void *ignored)
1531 : {
1532 1 : (void)ignored;
1533 1 : int ret;
1534 1 : char *msg;
1535 1 : setup_capture_of_logs(LOG_NOTICE);
1536 1 : options_test_data_t *tdata = get_options_test_data("FascistFirewall 1\n");
1537 :
1538 1 : ret = options_validate(NULL, tdata->opt, &msg);
1539 1 : tt_int_op(ret, OP_EQ, 0);
1540 1 : expect_log_msg("Converting FascistFirewall config "
1541 1 : "option to new format: \"ReachableDirAddresses *:80\"\n");
1542 1 : tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80");
1543 1 : expect_log_msg("Converting FascistFirewall config "
1544 1 : "option to new format: \"ReachableORAddresses *:443\"\n");
1545 1 : tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443");
1546 1 : tor_free(msg);
1547 :
1548 1 : free_options_test_data(tdata);
1549 1 : mock_clean_saved_logs();
1550 1 : tdata = get_options_test_data("FascistFirewall 1\n"
1551 : "ReachableDirAddresses *:81\n"
1552 : "ReachableORAddresses *:444\n");
1553 1 : tt_assert(tdata->opt->FirewallPorts);
1554 1 : SMARTLIST_FOREACH(tdata->opt->FirewallPorts, char *, cp, tor_free(cp));
1555 1 : smartlist_clear(tdata->opt->FirewallPorts);
1556 1 : ret = options_validate(NULL, tdata->opt, &msg);
1557 1 : tt_int_op(ret, OP_EQ, 0);
1558 : #if 0
1559 : /* This does not actually produce any logs, and did not produce any relevant
1560 : * logs before. */
1561 : expect_log_entry();
1562 : #endif
1563 1 : tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81");
1564 1 : tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444");
1565 1 : tor_free(msg);
1566 :
1567 1 : free_options_test_data(tdata);
1568 1 : mock_clean_saved_logs();
1569 1 : tdata = get_options_test_data("FascistFirewall 1\n"
1570 : "FirewallPort 123\n");
1571 :
1572 1 : ret = options_validate(NULL, tdata->opt, &msg);
1573 1 : tt_int_op(ret, OP_EQ, 0);
1574 1 : expect_log_msg("Converting FascistFirewall and "
1575 : "FirewallPorts config options to new format: "
1576 1 : "\"ReachableAddresses *:123\"\n");
1577 1 : tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123");
1578 1 : tor_free(msg);
1579 :
1580 1 : free_options_test_data(tdata);
1581 1 : mock_clean_saved_logs();
1582 1 : tdata = get_options_test_data("FascistFirewall 1\n"
1583 : "ReachableAddresses *:82\n"
1584 : "ReachableAddresses *:83\n"
1585 : "ReachableAddresses reject *:*\n");
1586 :
1587 1 : ret = options_validate(NULL, tdata->opt, &msg);
1588 1 : tt_int_op(ret, OP_EQ, 0);
1589 : #if 0
1590 : /* This does not actually produce any logs, and did not produce any relevant
1591 : * logs before. */
1592 : expect_log_entry();
1593 : #endif
1594 1 : tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
1595 1 : tor_free(msg);
1596 :
1597 1 : free_options_test_data(tdata);
1598 1 : mock_clean_saved_logs();
1599 1 : tdata = get_options_test_data("FascistFirewall 1\n"
1600 : "ReachableAddresses *:82\n");
1601 :
1602 1 : ret = options_validate(NULL, tdata->opt, &msg);
1603 1 : tt_int_op(ret, OP_EQ, 0);
1604 1 : tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL);
1605 1 : tor_free(msg);
1606 :
1607 : #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
1608 : " the rest of the Internet, so they must not set Reachable*Addresses or" \
1609 : " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
1610 :
1611 1 : free_options_test_data(tdata);
1612 1 : tdata = get_options_test_data("ReachableAddresses *:82\n"
1613 : "ORPort 127.0.0.1:5555\n");
1614 :
1615 1 : ret = options_validate(NULL, tdata->opt, &msg);
1616 1 : tt_int_op(ret, OP_EQ, -1);
1617 1 : tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1618 1 : tor_free(msg);
1619 :
1620 1 : free_options_test_data(tdata);
1621 1 : tdata = get_options_test_data("ReachableORAddresses *:82\n"
1622 : "ORPort 127.0.0.1:5555\n");
1623 :
1624 1 : ret = options_validate(NULL, tdata->opt, &msg);
1625 1 : tt_int_op(ret, OP_EQ, -1);
1626 1 : tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1627 1 : tor_free(msg);
1628 :
1629 1 : free_options_test_data(tdata);
1630 1 : tdata = get_options_test_data("ReachableDirAddresses *:82\n"
1631 : "ORPort 127.0.0.1:5555\n");
1632 :
1633 1 : ret = options_validate(NULL, tdata->opt, &msg);
1634 1 : tt_int_op(ret, OP_EQ, -1);
1635 1 : tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1636 1 : tor_free(msg);
1637 :
1638 1 : free_options_test_data(tdata);
1639 1 : tdata = get_options_test_data("ClientUseIPv4 0\n"
1640 : "ORPort 127.0.0.1:5555\n");
1641 :
1642 1 : ret = options_validate(NULL, tdata->opt, &msg);
1643 1 : tt_int_op(ret, OP_EQ, -1);
1644 1 : tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1645 1 : tor_free(msg);
1646 :
1647 : /* Test IPv4-only clients setting IPv6 preferences */
1648 :
1649 1 : free_options_test_data(tdata);
1650 1 : tdata = get_options_test_data("ClientUseIPv4 1\n"
1651 : "ClientUseIPv6 0\n"
1652 : "UseBridges 0\n"
1653 : "ClientPreferIPv6ORPort 1\n");
1654 :
1655 1 : ret = options_validate(NULL, tdata->opt, &msg);
1656 1 : tt_int_op(ret, OP_EQ, 0);
1657 1 : tor_free(msg);
1658 :
1659 1 : free_options_test_data(tdata);
1660 1 : tdata = get_options_test_data("ClientUseIPv4 1\n"
1661 : "ClientUseIPv6 0\n"
1662 : "UseBridges 0\n"
1663 : "ClientPreferIPv6DirPort 1\n");
1664 :
1665 1 : ret = options_validate(NULL, tdata->opt, &msg);
1666 1 : tt_int_op(ret, OP_EQ, 0);
1667 1 : tor_free(msg);
1668 :
1669 : /* Now test an IPv4/IPv6 client setting IPv6 preferences */
1670 :
1671 1 : free_options_test_data(tdata);
1672 1 : tdata = get_options_test_data("ClientUseIPv4 1\n"
1673 : "ClientUseIPv6 1\n"
1674 : "ClientPreferIPv6ORPort 1\n"
1675 : "ClientPreferIPv6DirPort 1\n");
1676 :
1677 1 : ret = options_validate(NULL, tdata->opt, &msg);
1678 1 : tt_int_op(ret, OP_EQ, 0);
1679 1 : tt_ptr_op(msg, OP_EQ, NULL);
1680 :
1681 : /* Now test an IPv6 client setting IPv6 preferences */
1682 :
1683 1 : free_options_test_data(tdata);
1684 1 : tdata = get_options_test_data("ClientUseIPv6 1\n"
1685 : "ClientPreferIPv6ORPort 1\n"
1686 : "ClientPreferIPv6DirPort 1\n");
1687 :
1688 1 : ret = options_validate(NULL, tdata->opt, &msg);
1689 1 : tt_int_op(ret, OP_EQ, 0);
1690 1 : tt_ptr_op(msg, OP_EQ, NULL);
1691 :
1692 : /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
1693 :
1694 1 : free_options_test_data(tdata);
1695 1 : tdata = get_options_test_data("ClientUseIPv4 0\n"
1696 : "ClientPreferIPv6ORPort 1\n"
1697 : "ClientPreferIPv6DirPort 1\n");
1698 :
1699 1 : ret = options_validate(NULL, tdata->opt, &msg);
1700 1 : tt_int_op(ret, OP_EQ, 0);
1701 1 : tt_ptr_op(msg, OP_EQ, NULL);
1702 :
1703 : /* And an implicit (bridge) client setting IPv6 preferences */
1704 :
1705 1 : free_options_test_data(tdata);
1706 1 : tdata = get_options_test_data("UseBridges 1\n"
1707 : "Bridge 127.0.0.1:12345\n"
1708 : "ClientPreferIPv6ORPort 1\n"
1709 : "ClientPreferIPv6DirPort 1\n");
1710 :
1711 1 : ret = options_validate(NULL, tdata->opt, &msg);
1712 1 : tt_int_op(ret, OP_EQ, 0);
1713 1 : tt_ptr_op(msg, OP_EQ, NULL);
1714 :
1715 1 : done:
1716 1 : teardown_capture_of_logs();
1717 1 : free_options_test_data(tdata);
1718 1 : tor_free(msg);
1719 1 : }
1720 :
1721 : static void
1722 1 : test_options_validate__use_bridges(void *ignored)
1723 : {
1724 1 : (void)ignored;
1725 1 : int ret;
1726 1 : char *msg;
1727 1 : options_test_data_t *tdata = get_options_test_data(
1728 : "UseBridges 1\n"
1729 : "ClientUseIPv4 1\n"
1730 : "ORPort 127.0.0.1:5555\n");
1731 :
1732 1 : ret = options_validate(NULL, tdata->opt, &msg);
1733 1 : tt_int_op(ret, OP_EQ, -1);
1734 1 : tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
1735 : " the Internet, so they must not set UseBridges.");
1736 1 : tor_free(msg);
1737 :
1738 1 : free_options_test_data(tdata);
1739 1 : tdata = get_options_test_data("UseBridges 1\n");
1740 :
1741 1 : ret = options_validate(NULL, tdata->opt, &msg);
1742 1 : tt_int_op(ret, OP_EQ, -1);
1743 1 : tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of"
1744 : " the Internet, so they must not set UseBridges.");
1745 1 : tor_free(msg);
1746 :
1747 1 : MOCK(geoip_get_country,
1748 : opt_tests_geoip_get_country);
1749 1 : free_options_test_data(tdata);
1750 1 : tdata = get_options_test_data("UseBridges 1\n"
1751 : "EntryNodes {cn}\n");
1752 :
1753 1 : ret = options_validate(NULL, tdata->opt, &msg);
1754 1 : tt_int_op(ret, OP_EQ, -1);
1755 1 : tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes.");
1756 1 : tor_free(msg);
1757 :
1758 1 : free_options_test_data(tdata);
1759 1 : tdata = get_options_test_data("UseBridges 1\n");
1760 :
1761 1 : ret = options_validate(NULL, tdata->opt, &msg);
1762 1 : tt_int_op(ret, OP_EQ, -1);
1763 1 : tt_str_op(msg, OP_EQ,
1764 : "If you set UseBridges, you must specify at least one bridge.");
1765 1 : tor_free(msg);
1766 :
1767 1 : free_options_test_data(tdata);
1768 1 : tdata = get_options_test_data("UseBridges 1\n"
1769 : "Bridge 10.0.0.1\n"
1770 : "UseEntryGuards 0\n"
1771 : );
1772 :
1773 1 : ret = options_validate(NULL, tdata->opt, &msg);
1774 1 : tt_int_op(ret, OP_EQ, -1);
1775 1 : tt_str_op(msg, OP_EQ,
1776 : "Setting UseBridges requires also setting UseEntryGuards.");
1777 1 : tor_free(msg);
1778 :
1779 1 : free_options_test_data(tdata);
1780 1 : tdata = get_options_test_data("UseBridges 1\n"
1781 : "Bridge 10.0.0.1\n"
1782 : "Bridge !!!\n"
1783 : );
1784 :
1785 1 : ret = options_validate(NULL, tdata->opt, &msg);
1786 1 : tt_int_op(ret, OP_EQ, -1);
1787 1 : tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details.");
1788 1 : tor_free(msg);
1789 :
1790 1 : done:
1791 1 : UNMOCK(geoip_get_country);
1792 1 : policies_free_all();
1793 1 : free_options_test_data(tdata);
1794 1 : tor_free(msg);
1795 1 : }
1796 :
1797 : static void
1798 1 : test_options_validate__entry_nodes(void *ignored)
1799 : {
1800 1 : (void)ignored;
1801 1 : int ret;
1802 1 : char *msg;
1803 1 : MOCK(geoip_get_country,
1804 : opt_tests_geoip_get_country);
1805 1 : options_test_data_t *tdata = get_options_test_data(
1806 : "EntryNodes {cn}\n"
1807 : "UseEntryGuards 0\n");
1808 :
1809 1 : ret = options_validate(NULL, tdata->opt, &msg);
1810 1 : tt_int_op(ret, OP_EQ, -1);
1811 1 : tt_str_op(msg, OP_EQ,
1812 : "If EntryNodes is set, UseEntryGuards must be enabled.");
1813 1 : tor_free(msg);
1814 :
1815 1 : free_options_test_data(tdata);
1816 1 : tdata = get_options_test_data("EntryNodes {cn}\n"
1817 : "UseEntryGuards 1\n");
1818 :
1819 1 : ret = options_validate(NULL, tdata->opt, &msg);
1820 1 : tt_int_op(ret, OP_EQ, 0);
1821 1 : tor_free(msg);
1822 :
1823 1 : done:
1824 1 : UNMOCK(geoip_get_country);
1825 1 : free_options_test_data(tdata);
1826 1 : tor_free(msg);
1827 1 : }
1828 :
1829 : static void
1830 1 : test_options_validate__safe_logging(void *ignored)
1831 : {
1832 1 : (void)ignored;
1833 1 : int ret;
1834 1 : char *msg;
1835 1 : options_test_data_t *tdata = get_options_test_data("SafeLogging 0\n");
1836 :
1837 1 : ret = options_validate(NULL, tdata->opt, &msg);
1838 1 : tt_int_op(ret, OP_EQ, 0);
1839 1 : tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1840 1 : tor_free(msg);
1841 :
1842 1 : free_options_test_data(tdata);
1843 1 : tdata = get_options_test_data("SafeLogging 0\n");
1844 :
1845 1 : ret = options_validate(NULL, tdata->opt, &msg);
1846 1 : tt_int_op(ret, OP_EQ, 0);
1847 1 : tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1848 1 : tor_free(msg);
1849 :
1850 1 : free_options_test_data(tdata);
1851 1 : tdata = get_options_test_data("SafeLogging Relay\n");
1852 :
1853 1 : ret = options_validate(NULL, tdata->opt, &msg);
1854 1 : tt_int_op(ret, OP_EQ, 0);
1855 1 : tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY);
1856 1 : tor_free(msg);
1857 :
1858 1 : free_options_test_data(tdata);
1859 1 : tdata = get_options_test_data("SafeLogging 1\n");
1860 :
1861 1 : ret = options_validate(NULL, tdata->opt, &msg);
1862 1 : tt_int_op(ret, OP_EQ, 0);
1863 1 : tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL);
1864 1 : tor_free(msg);
1865 :
1866 1 : free_options_test_data(tdata);
1867 1 : tdata = get_options_test_data("SafeLogging stuffy\n");
1868 :
1869 1 : ret = options_validate(NULL, tdata->opt, &msg);
1870 1 : tt_int_op(ret, OP_EQ, -1);
1871 1 : tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging");
1872 1 : tor_free(msg);
1873 :
1874 1 : done:
1875 1 : escaped(NULL); // This will free the leaking memory from the previous escaped
1876 1 : free_options_test_data(tdata);
1877 1 : tor_free(msg);
1878 1 : }
1879 :
1880 : static void
1881 1 : test_options_validate__publish_server_descriptor(void *ignored)
1882 : {
1883 1 : (void)ignored;
1884 1 : int ret;
1885 1 : char *msg;
1886 1 : setup_capture_of_logs(LOG_WARN);
1887 1 : options_test_data_t *tdata = get_options_test_data(
1888 : "PublishServerDescriptor bridge\n");
1889 :
1890 1 : ret = options_validate(NULL, tdata->opt, &msg);
1891 1 : tt_int_op(ret, OP_EQ, 0);
1892 1 : tt_assert(!msg);
1893 :
1894 1 : free_options_test_data(tdata);
1895 1 : tdata = get_options_test_data("PublishServerDescriptor humma\n");
1896 :
1897 1 : ret = options_validate(NULL, tdata->opt, &msg);
1898 1 : tt_int_op(ret, OP_EQ, -1);
1899 1 : tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor");
1900 1 : tor_free(msg);
1901 :
1902 1 : free_options_test_data(tdata);
1903 1 : tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n");
1904 :
1905 1 : ret = options_validate(NULL, tdata->opt, &msg);
1906 1 : tt_int_op(ret, OP_EQ, -1);
1907 1 : tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1908 : "descriptors to the directory authorities. Please correct your "
1909 : "PublishServerDescriptor line.");
1910 1 : tor_free(msg);
1911 :
1912 1 : free_options_test_data(tdata);
1913 1 : tdata = get_options_test_data("BridgeRelay 1\n"
1914 : "PublishServerDescriptor v3\n");
1915 :
1916 1 : ret = options_validate(NULL, tdata->opt, &msg);
1917 1 : tt_int_op(ret, OP_EQ, -1);
1918 1 : tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1919 : "descriptors to the directory authorities. Please correct your "
1920 : "PublishServerDescriptor line.");
1921 1 : tor_free(msg);
1922 :
1923 1 : free_options_test_data(tdata);
1924 1 : tdata = get_options_test_data("BridgeRelay 1\n");
1925 :
1926 1 : ret = options_validate(NULL, tdata->opt, &msg);
1927 1 : tt_int_op(ret, OP_EQ, -1);
1928 1 : tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router "
1929 : "descriptors to the directory authorities. Please correct your "
1930 : "PublishServerDescriptor line.");
1931 1 : tor_free(msg);
1932 :
1933 1 : done:
1934 1 : teardown_capture_of_logs();
1935 1 : policies_free_all();
1936 1 : free_options_test_data(tdata);
1937 1 : tor_free(msg);
1938 1 : }
1939 :
1940 : static void
1941 1 : test_options_validate__testing(void *ignored)
1942 : {
1943 1 : (void)ignored;
1944 1 : int ret;
1945 1 : char *msg;
1946 1 : options_test_data_t *tdata = NULL;
1947 :
1948 : #define ENSURE_DEFAULT(varname, varval) \
1949 : STMT_BEGIN \
1950 : free_options_test_data(tdata); \
1951 : tdata = get_options_test_data(#varname " " #varval "\n"); \
1952 : ret = options_validate(NULL, tdata->opt, &msg); \
1953 : tt_str_op(msg, OP_EQ, \
1954 : #varname " may only be changed in testing Tor networks!"); \
1955 : tt_int_op(ret, OP_EQ, -1); \
1956 : tor_free(msg); \
1957 : \
1958 : free_options_test_data(tdata); \
1959 : tdata = get_options_test_data(#varname " " #varval "\n" \
1960 : VALID_DIR_AUTH \
1961 : "TestingTorNetwork 1\n"); \
1962 : \
1963 : ret = options_validate(NULL, tdata->opt, &msg); \
1964 : if (msg) { \
1965 : tt_str_op(msg, OP_NE, \
1966 : #varname " may only be changed in testing Tor networks!"); \
1967 : tor_free(msg); \
1968 : } \
1969 : \
1970 : free_options_test_data(tdata); \
1971 : tdata = get_options_test_data(#varname " " #varval "\n" \
1972 : "___UsingTestNetworkDefaults 1\n"); \
1973 : \
1974 : ret = options_validate(NULL, tdata->opt, &msg);\
1975 : if (msg) { \
1976 : tt_str_op(msg, OP_NE, \
1977 : #varname " may only be changed in testing Tor networks!"); \
1978 : tor_free(msg); \
1979 : } \
1980 : STMT_END
1981 :
1982 1 : ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600);
1983 1 : ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000);
1984 1 : ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000);
1985 1 : ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000);
1986 1 : ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000);
1987 1 : ENSURE_DEFAULT(TestingServerDownloadInitialDelay, 3000);
1988 1 : ENSURE_DEFAULT(TestingClientDownloadInitialDelay, 3000);
1989 1 : ENSURE_DEFAULT(TestingServerConsensusDownloadInitialDelay, 3000);
1990 1 : ENSURE_DEFAULT(TestingClientConsensusDownloadInitialDelay, 3000);
1991 1 : ENSURE_DEFAULT(TestingBridgeDownloadInitialDelay, 3000);
1992 1 : ENSURE_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay, 3000);
1993 1 : ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
1994 1 : ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
1995 1 : ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000);
1996 1 : ENSURE_DEFAULT(TestingLinkCertLifetime, 3000);
1997 1 : ENSURE_DEFAULT(TestingSigningKeySlop, 3000);
1998 1 : ENSURE_DEFAULT(TestingAuthKeySlop, 3000);
1999 1 : ENSURE_DEFAULT(TestingLinkKeySlop, 3000);
2000 :
2001 1 : done:
2002 1 : escaped(NULL); // This will free the leaking memory from the previous escaped
2003 1 : policies_free_all();
2004 1 : free_options_test_data(tdata);
2005 1 : tor_free(msg);
2006 1 : }
2007 :
2008 : static void
2009 1 : test_options_validate__hidserv(void *ignored)
2010 : {
2011 1 : (void)ignored;
2012 1 : int ret;
2013 1 : char *msg;
2014 1 : setup_capture_of_logs(LOG_WARN);
2015 :
2016 1 : options_test_data_t *tdata = NULL;
2017 :
2018 1 : free_options_test_data(tdata);
2019 1 : tdata = get_options_test_data("RendPostPeriod 1\n" );
2020 1 : mock_clean_saved_logs();
2021 1 : ret = options_validate(NULL, tdata->opt, &msg);
2022 1 : tt_int_op(ret, OP_EQ, 0);
2023 1 : expect_log_msg("RendPostPeriod option is too short;"
2024 1 : " raising to 600 seconds.\n");
2025 1 : tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
2026 1 : tor_free(msg);
2027 :
2028 1 : free_options_test_data(tdata);
2029 1 : tdata = get_options_test_data("RendPostPeriod 302401\n" );
2030 1 : mock_clean_saved_logs();
2031 1 : ret = options_validate(NULL, tdata->opt, &msg);
2032 1 : tt_int_op(ret, OP_EQ, 0);
2033 1 : expect_log_msg("RendPostPeriod is too large; "
2034 1 : "clipping to 302400s.\n");
2035 1 : tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
2036 1 : tor_free(msg);
2037 :
2038 1 : done:
2039 1 : teardown_capture_of_logs();
2040 1 : policies_free_all();
2041 1 : free_options_test_data(tdata);
2042 1 : tor_free(msg);
2043 1 : }
2044 :
2045 : static void
2046 1 : test_options_validate__path_bias(void *ignored)
2047 : {
2048 1 : (void)ignored;
2049 1 : int ret;
2050 1 : char *msg;
2051 :
2052 1 : options_test_data_t *tdata = get_options_test_data(
2053 : "PathBiasNoticeRate 1.1\n");
2054 1 : ret = options_validate(NULL, tdata->opt, &msg);
2055 1 : tt_int_op(ret, OP_EQ, -1);
2056 1 : tt_str_op(msg, OP_EQ,
2057 : "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
2058 1 : tor_free(msg);
2059 :
2060 1 : free_options_test_data(tdata);
2061 1 : tdata = get_options_test_data("PathBiasWarnRate 1.1\n");
2062 1 : ret = options_validate(NULL, tdata->opt, &msg);
2063 1 : tt_int_op(ret, OP_EQ, -1);
2064 1 : tt_str_op(msg, OP_EQ,
2065 : "PathBiasWarnRate is too high. It must be between 0 and 1.0");
2066 1 : tor_free(msg);
2067 :
2068 1 : free_options_test_data(tdata);
2069 1 : tdata = get_options_test_data("PathBiasExtremeRate 1.1\n");
2070 1 : ret = options_validate(NULL, tdata->opt, &msg);
2071 1 : tt_int_op(ret, OP_EQ, -1);
2072 1 : tt_str_op(msg, OP_EQ,
2073 : "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
2074 1 : tor_free(msg);
2075 :
2076 1 : free_options_test_data(tdata);
2077 1 : tdata = get_options_test_data("PathBiasNoticeUseRate 1.1\n");
2078 1 : ret = options_validate(NULL, tdata->opt, &msg);
2079 1 : tt_int_op(ret, OP_EQ, -1);
2080 1 : tt_str_op(msg, OP_EQ,
2081 : "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
2082 1 : tor_free(msg);
2083 :
2084 1 : free_options_test_data(tdata);
2085 1 : tdata = get_options_test_data("PathBiasExtremeUseRate 1.1\n");
2086 1 : ret = options_validate(NULL, tdata->opt, &msg);
2087 1 : tt_int_op(ret, OP_EQ, -1);
2088 1 : tt_str_op(msg, OP_EQ,
2089 : "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
2090 1 : tor_free(msg);
2091 :
2092 1 : done:
2093 1 : free_options_test_data(tdata);
2094 1 : tor_free(msg);
2095 1 : }
2096 :
2097 : static void
2098 1 : test_options_validate__bandwidth(void *ignored)
2099 : {
2100 1 : (void)ignored;
2101 1 : int ret;
2102 1 : char *msg;
2103 1 : options_test_data_t *tdata = NULL;
2104 :
2105 : #define ENSURE_BANDWIDTH_PARAM(p, EXTRA_OPT_STR) \
2106 : STMT_BEGIN \
2107 : free_options_test_data(tdata); \
2108 : tdata = get_options_test_data(EXTRA_OPT_STR \
2109 : #p " 3Gb\n"); \
2110 : ret = options_validate(NULL, tdata->opt, &msg); \
2111 : tt_int_op(ret, OP_EQ, -1); \
2112 : tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
2113 : tor_free(msg); \
2114 : STMT_END
2115 :
2116 1 : ENSURE_BANDWIDTH_PARAM(BandwidthRate, "");
2117 1 : ENSURE_BANDWIDTH_PARAM(BandwidthBurst, "");
2118 :
2119 1 : ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_V3);
2120 1 : ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_V3);
2121 :
2122 1 : ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_BRIDGE);
2123 1 : ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_BRIDGE);
2124 :
2125 1 : ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, "");
2126 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, "");
2127 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, "");
2128 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWRate, "");
2129 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, "");
2130 :
2131 1 : ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_V3);
2132 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_V3);
2133 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_V3);
2134 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_V3);
2135 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_V3);
2136 :
2137 1 : ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_BRIDGE);
2138 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_BRIDGE);
2139 1 : ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_BRIDGE);
2140 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_BRIDGE);
2141 1 : ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_BRIDGE);
2142 :
2143 1 : ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee, ENABLE_AUTHORITY_V3);
2144 1 : ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee, ENABLE_AUTHORITY_V3);
2145 :
2146 1 : free_options_test_data(tdata);
2147 1 : tdata = get_options_test_data("RelayBandwidthRate 1000\n");
2148 1 : ret = options_validate(NULL, tdata->opt, &msg);
2149 1 : tt_int_op(ret, OP_EQ, 0);
2150 1 : tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000);
2151 1 : tor_free(msg);
2152 :
2153 1 : free_options_test_data(tdata);
2154 1 : tdata = get_options_test_data("RelayBandwidthBurst 1001\n");
2155 1 : ret = options_validate(NULL, tdata->opt, &msg);
2156 1 : tt_int_op(ret, OP_EQ, 0);
2157 1 : tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001);
2158 1 : tor_free(msg);
2159 :
2160 1 : free_options_test_data(tdata);
2161 1 : tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2162 : "RelayBandwidthBurst 1000\n");
2163 1 : ret = options_validate(NULL, tdata->opt, &msg);
2164 1 : tt_int_op(ret, OP_EQ, -1);
2165 1 : tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to "
2166 : "RelayBandwidthRate.");
2167 1 : tor_free(msg);
2168 :
2169 1 : free_options_test_data(tdata);
2170 1 : tdata = get_options_test_data("BandwidthRate 1001\n"
2171 : "BandwidthBurst 1000\n");
2172 1 : ret = options_validate(NULL, tdata->opt, &msg);
2173 1 : tt_int_op(ret, OP_EQ, -1);
2174 1 : tt_str_op(msg, OP_EQ,
2175 : "BandwidthBurst must be at least equal to BandwidthRate.");
2176 1 : tor_free(msg);
2177 :
2178 1 : free_options_test_data(tdata);
2179 1 : tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2180 : "BandwidthRate 1000\n"
2181 : "BandwidthBurst 1000\n"
2182 : );
2183 1 : ret = options_validate(NULL, tdata->opt, &msg);
2184 1 : tt_int_op(ret, OP_EQ, 0);
2185 1 : tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001);
2186 1 : tor_free(msg);
2187 :
2188 1 : free_options_test_data(tdata);
2189 1 : tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2190 : "BandwidthRate 1000\n"
2191 : "RelayBandwidthBurst 1001\n"
2192 : "BandwidthBurst 1000\n"
2193 : );
2194 1 : ret = options_validate(NULL, tdata->opt, &msg);
2195 1 : tt_int_op(ret, OP_EQ, 0);
2196 1 : tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001);
2197 1 : tor_free(msg);
2198 :
2199 1 : free_options_test_data(tdata);
2200 1 : tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2201 : "BandwidthRate 1\n"
2202 : );
2203 1 : ret = options_validate(NULL, tdata->opt, &msg);
2204 1 : tt_int_op(ret, OP_EQ, -1);
2205 1 : tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers,"
2206 : " it must be at least 76800.");
2207 1 : tor_free(msg);
2208 :
2209 1 : free_options_test_data(tdata);
2210 1 : tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2211 : "BandwidthRate 76800\n"
2212 : "MaxAdvertisedBandwidth 30000\n"
2213 : );
2214 1 : ret = options_validate(NULL, tdata->opt, &msg);
2215 1 : tt_int_op(ret, OP_EQ, -1);
2216 1 : tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
2217 : " For servers, it must be at least 38400.");
2218 1 : tor_free(msg);
2219 :
2220 1 : free_options_test_data(tdata);
2221 1 : tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2222 : "BandwidthRate 76800\n"
2223 : "RelayBandwidthRate 1\n"
2224 : "MaxAdvertisedBandwidth 38400\n"
2225 : );
2226 1 : ret = options_validate(NULL, tdata->opt, &msg);
2227 1 : tt_int_op(ret, OP_EQ, -1);
2228 1 : tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For "
2229 : "servers, it must be at least 76800.");
2230 1 : tor_free(msg);
2231 :
2232 1 : free_options_test_data(tdata);
2233 1 : tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2234 : "BandwidthRate 76800\n"
2235 : "BandwidthBurst 76800\n"
2236 : "RelayBandwidthRate 76800\n"
2237 : "MaxAdvertisedBandwidth 38400\n"
2238 : );
2239 1 : ret = options_validate(NULL, tdata->opt, &msg);
2240 1 : tt_int_op(ret, OP_EQ, 0);
2241 1 : tor_free(msg);
2242 :
2243 1 : done:
2244 1 : policies_free_all();
2245 1 : free_options_test_data(tdata);
2246 1 : tor_free(msg);
2247 1 : }
2248 :
2249 : static void
2250 1 : test_options_validate__circuits(void *ignored)
2251 : {
2252 1 : (void)ignored;
2253 1 : char *msg;
2254 1 : options_test_data_t *tdata = NULL;
2255 1 : setup_capture_of_logs(LOG_WARN);
2256 :
2257 1 : free_options_test_data(tdata);
2258 1 : tdata = get_options_test_data("MaxCircuitDirtiness 2592001\n");
2259 1 : options_validate(NULL, tdata->opt, &msg);
2260 1 : expect_log_msg("MaxCircuitDirtiness option is too "
2261 1 : "high; setting to 30 days.\n");
2262 1 : tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000);
2263 1 : tor_free(msg);
2264 :
2265 1 : free_options_test_data(tdata);
2266 1 : mock_clean_saved_logs();
2267 1 : tdata = get_options_test_data("CircuitStreamTimeout 1\n");
2268 1 : options_validate(NULL, tdata->opt, &msg);
2269 1 : expect_log_msg("CircuitStreamTimeout option is too"
2270 1 : " short; raising to 10 seconds.\n");
2271 1 : tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10);
2272 1 : tor_free(msg);
2273 :
2274 1 : free_options_test_data(tdata);
2275 1 : mock_clean_saved_logs();
2276 1 : tdata = get_options_test_data("CircuitStreamTimeout 111\n");
2277 1 : options_validate(NULL, tdata->opt, &msg);
2278 1 : expect_no_log_msg("CircuitStreamTimeout option is too"
2279 : " short; raising to 10 seconds.\n");
2280 1 : tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111);
2281 1 : tor_free(msg);
2282 :
2283 1 : free_options_test_data(tdata);
2284 1 : mock_clean_saved_logs();
2285 1 : tdata = get_options_test_data("HeartbeatPeriod 1\n");
2286 1 : options_validate(NULL, tdata->opt, &msg);
2287 1 : expect_log_msg("HeartbeatPeriod option is too short;"
2288 1 : " raising to 1800 seconds.\n");
2289 1 : tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800);
2290 1 : tor_free(msg);
2291 :
2292 1 : free_options_test_data(tdata);
2293 1 : mock_clean_saved_logs();
2294 1 : tdata = get_options_test_data("HeartbeatPeriod 1982\n");
2295 1 : options_validate(NULL, tdata->opt, &msg);
2296 1 : expect_no_log_msg("HeartbeatPeriod option is too short;"
2297 : " raising to 1800 seconds.\n");
2298 1 : tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982);
2299 1 : tor_free(msg);
2300 :
2301 1 : free_options_test_data(tdata);
2302 1 : mock_clean_saved_logs();
2303 1 : tdata = get_options_test_data("LearnCircuitBuildTimeout 0\n"
2304 : "CircuitBuildTimeout 1\n"
2305 : );
2306 1 : options_validate(NULL, tdata->opt, &msg);
2307 1 : expect_log_msg("CircuitBuildTimeout is shorter (1"
2308 : " seconds) than the recommended minimum (10 seconds), and "
2309 : "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2310 1 : "raise this value or enable LearnCircuitBuildTimeout.\n");
2311 1 : tor_free(msg);
2312 :
2313 1 : free_options_test_data(tdata);
2314 1 : mock_clean_saved_logs();
2315 1 : tdata = get_options_test_data("CircuitBuildTimeout 11\n"
2316 : );
2317 1 : options_validate(NULL, tdata->opt, &msg);
2318 1 : expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
2319 : "seconds) than the recommended minimum (10 seconds), and "
2320 : "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2321 : "raise this value or enable LearnCircuitBuildTimeout.\n");
2322 1 : tor_free(msg);
2323 :
2324 1 : done:
2325 1 : policies_free_all();
2326 1 : teardown_capture_of_logs();
2327 1 : free_options_test_data(tdata);
2328 1 : tor_free(msg);
2329 1 : }
2330 :
2331 : static void
2332 1 : test_options_validate__rend(void *ignored)
2333 : {
2334 1 : (void)ignored;
2335 1 : int ret;
2336 1 : char *msg;
2337 1 : options_test_data_t *tdata = NULL;
2338 1 : setup_capture_of_logs(LOG_WARN);
2339 :
2340 1 : free_options_test_data(tdata);
2341 1 : tdata = get_options_test_data(
2342 : "UseEntryGuards 0\n"
2343 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2344 : "HiddenServicePort 80 127.0.0.1:8080\n"
2345 : );
2346 1 : ret = options_validate(NULL, tdata->opt, &msg);
2347 1 : tt_int_op(ret, OP_EQ, 0);
2348 1 : expect_log_msg("UseEntryGuards is disabled, but you"
2349 : " have configured one or more hidden services on this Tor "
2350 : "instance. Your hidden services will be very easy to locate using"
2351 : " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2352 1 : "attack06 for details.\n");
2353 1 : tor_free(msg);
2354 :
2355 1 : free_options_test_data(tdata);
2356 1 : tdata = get_options_test_data(
2357 : "UseEntryGuards 1\n"
2358 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2359 : "HiddenServicePort 80 127.0.0.1:8080\n"
2360 : );
2361 1 : mock_clean_saved_logs();
2362 1 : ret = options_validate(NULL, tdata->opt, &msg);
2363 1 : tt_int_op(ret, OP_EQ, 0);
2364 1 : expect_no_log_msg("UseEntryGuards is disabled, but you"
2365 : " have configured one or more hidden services on this Tor "
2366 : "instance. Your hidden services will be very easy to locate using"
2367 : " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2368 : "attack06 for details.\n");
2369 :
2370 1 : free_options_test_data(tdata);
2371 1 : tdata = get_options_test_data("HiddenServicePort 80 127.0.0.1:8080\n");
2372 1 : ret = options_validate(NULL, tdata->opt, &msg);
2373 1 : tt_int_op(ret, OP_EQ, -1);
2374 1 : tt_str_op(msg, OP_EQ,
2375 : "Failed to configure rendezvous options. See logs for details.");
2376 1 : tor_free(msg);
2377 :
2378 1 : done:
2379 1 : policies_free_all();
2380 1 : teardown_capture_of_logs();
2381 1 : free_options_test_data(tdata);
2382 1 : tor_free(msg);
2383 1 : }
2384 :
2385 : static void
2386 1 : test_options_validate__single_onion(void *ignored)
2387 : {
2388 1 : (void)ignored;
2389 1 : int ret;
2390 1 : char *msg;
2391 1 : options_test_data_t *tdata = NULL;
2392 1 : setup_capture_of_logs(LOG_WARN);
2393 :
2394 : /* Test that HiddenServiceSingleHopMode must come with
2395 : * HiddenServiceNonAnonymousMode */
2396 1 : tdata = get_options_test_data("SOCKSPort 0\n"
2397 : "HiddenServiceSingleHopMode 1\n"
2398 : );
2399 1 : ret = options_validate(NULL, tdata->opt, &msg);
2400 1 : tt_int_op(ret, OP_EQ, -1);
2401 1 : tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2402 : "server anonymity. It must be used with "
2403 : "HiddenServiceNonAnonymousMode set to 1.");
2404 1 : tor_free(msg);
2405 1 : free_options_test_data(tdata);
2406 :
2407 1 : tdata = get_options_test_data("SOCKSPort 0\n"
2408 : "HiddenServiceSingleHopMode 1\n"
2409 : "HiddenServiceNonAnonymousMode 0\n"
2410 : );
2411 1 : ret = options_validate(NULL, tdata->opt, &msg);
2412 1 : tt_int_op(ret, OP_EQ, -1);
2413 1 : tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2414 : "server anonymity. It must be used with "
2415 : "HiddenServiceNonAnonymousMode set to 1.");
2416 1 : tor_free(msg);
2417 1 : free_options_test_data(tdata);
2418 :
2419 1 : tdata = get_options_test_data("SOCKSPort 0\n"
2420 : "HiddenServiceSingleHopMode 1\n"
2421 : "HiddenServiceNonAnonymousMode 1\n"
2422 : );
2423 1 : ret = options_validate(NULL, tdata->opt, &msg);
2424 1 : tt_int_op(ret, OP_EQ, 0);
2425 1 : tt_ptr_op(msg, OP_EQ, NULL);
2426 1 : free_options_test_data(tdata);
2427 :
2428 : /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
2429 1 : tdata = get_options_test_data("SOCKSPort 5000\n"
2430 : "HiddenServiceSingleHopMode 1\n"
2431 : "HiddenServiceNonAnonymousMode 1\n"
2432 : );
2433 1 : ret = options_validate(NULL, tdata->opt, &msg);
2434 1 : tt_int_op(ret, OP_EQ, -1);
2435 1 : tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with "
2436 : "using Tor as an anonymous client. Please set "
2437 : "Socks/Trans/NATD/DNSPort to 0, or revert "
2438 : "HiddenServiceNonAnonymousMode to 0.");
2439 1 : tor_free(msg);
2440 1 : free_options_test_data(tdata);
2441 :
2442 1 : tdata = get_options_test_data("SOCKSPort 0\n"
2443 : "HiddenServiceSingleHopMode 1\n"
2444 : "HiddenServiceNonAnonymousMode 1\n"
2445 : );
2446 1 : ret = options_validate(NULL, tdata->opt, &msg);
2447 1 : tt_int_op(ret, OP_EQ, 0);
2448 1 : tt_ptr_op(msg, OP_EQ, NULL);
2449 1 : free_options_test_data(tdata);
2450 :
2451 1 : tdata = get_options_test_data("SOCKSPort 5000\n"
2452 : "HiddenServiceSingleHopMode 0\n"
2453 : );
2454 1 : ret = options_validate(NULL, tdata->opt, &msg);
2455 1 : tt_int_op(ret, OP_EQ, 0);
2456 1 : tt_ptr_op(msg, OP_EQ, NULL);
2457 1 : free_options_test_data(tdata);
2458 :
2459 : /* Test that a hidden service can't be run in non anonymous mode. */
2460 1 : tdata = get_options_test_data(
2461 : "HiddenServiceNonAnonymousMode 1\n"
2462 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2463 : "HiddenServicePort 80 127.0.0.1:8080\n"
2464 : );
2465 1 : ret = options_validate(NULL, tdata->opt, &msg);
2466 1 : tt_int_op(ret, OP_EQ, -1);
2467 1 : tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2468 : "server anonymity. It must be used with "
2469 : "HiddenServiceSingleHopMode set to 1.");
2470 1 : tor_free(msg);
2471 1 : free_options_test_data(tdata);
2472 :
2473 1 : tdata = get_options_test_data(
2474 : "HiddenServiceNonAnonymousMode 1\n"
2475 : );
2476 1 : ret = options_validate(NULL, tdata->opt, &msg);
2477 1 : tt_int_op(ret, OP_EQ, -1);
2478 1 : tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2479 : "server anonymity. It must be used with "
2480 : "HiddenServiceSingleHopMode set to 1.");
2481 1 : tor_free(msg);
2482 1 : free_options_test_data(tdata);
2483 :
2484 1 : tdata = get_options_test_data(
2485 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2486 : "HiddenServicePort 80 127.0.0.1:8080\n"
2487 : );
2488 1 : ret = options_validate(NULL, tdata->opt, &msg);
2489 1 : tt_int_op(ret, OP_EQ, 0);
2490 1 : tt_ptr_op(msg, OP_EQ, NULL);
2491 1 : free_options_test_data(tdata);
2492 :
2493 1 : tdata = get_options_test_data(
2494 : "HiddenServiceNonAnonymousMode 1\n"
2495 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2496 : "HiddenServicePort 80 127.0.0.1:8080\n"
2497 : "HiddenServiceSingleHopMode 1\n"
2498 : "SOCKSPort 0\n"
2499 : );
2500 1 : ret = options_validate(NULL, tdata->opt, &msg);
2501 1 : tt_int_op(ret, OP_EQ, 0);
2502 1 : tt_ptr_op(msg, OP_EQ, NULL);
2503 :
2504 1 : done:
2505 1 : policies_free_all();
2506 1 : teardown_capture_of_logs();
2507 1 : free_options_test_data(tdata);
2508 1 : tor_free(msg);
2509 1 : }
2510 :
2511 : static void
2512 1 : test_options_validate__accounting(void *ignored)
2513 : {
2514 1 : (void)ignored;
2515 1 : int ret;
2516 1 : char *msg;
2517 1 : options_test_data_t *tdata = NULL;
2518 1 : setup_capture_of_logs(LOG_WARN);
2519 :
2520 1 : free_options_test_data(tdata);
2521 1 : tdata = get_options_test_data("AccountingRule something_bad\n");
2522 1 : ret = options_validate(NULL, tdata->opt, &msg);
2523 1 : tt_int_op(ret, OP_EQ, -1);
2524 1 : tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
2525 1 : tor_free(msg);
2526 :
2527 1 : free_options_test_data(tdata);
2528 1 : tdata = get_options_test_data("AccountingRule sum\n");
2529 1 : ret = options_validate(NULL, tdata->opt, &msg);
2530 1 : tt_int_op(ret, OP_EQ, 0);
2531 1 : tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM);
2532 1 : tor_free(msg);
2533 :
2534 1 : free_options_test_data(tdata);
2535 1 : tdata = get_options_test_data("AccountingRule max\n");
2536 1 : ret = options_validate(NULL, tdata->opt, &msg);
2537 1 : tt_int_op(ret, OP_EQ, 0);
2538 1 : tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX);
2539 1 : tor_free(msg);
2540 :
2541 1 : free_options_test_data(tdata);
2542 1 : tdata = get_options_test_data("AccountingRule in\n");
2543 1 : ret = options_validate(NULL, tdata->opt, &msg);
2544 1 : tt_int_op(ret, OP_EQ, 0);
2545 1 : tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_IN);
2546 1 : tor_free(msg);
2547 :
2548 1 : free_options_test_data(tdata);
2549 1 : tdata = get_options_test_data("AccountingRule out\n");
2550 1 : ret = options_validate(NULL, tdata->opt, &msg);
2551 1 : tt_int_op(ret, OP_EQ, 0);
2552 1 : tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_OUT);
2553 1 : tor_free(msg);
2554 :
2555 1 : free_options_test_data(tdata);
2556 1 : tdata = get_options_test_data("AccountingStart fail\n");
2557 1 : ret = options_validate(NULL, tdata->opt, &msg);
2558 1 : tt_int_op(ret, OP_EQ, -1);
2559 1 : tt_str_op(msg, OP_EQ,
2560 : "Failed to parse accounting options. See logs for details.");
2561 1 : tor_free(msg);
2562 :
2563 1 : free_options_test_data(tdata);
2564 1 : tdata = get_options_test_data("AccountingMax 10\n");
2565 1 : ret = options_validate(NULL, tdata->opt, &msg);
2566 1 : tt_int_op(ret, OP_EQ, 0);
2567 1 : tor_free(msg);
2568 :
2569 1 : free_options_test_data(tdata);
2570 1 : tdata = get_options_test_data(
2571 : "ORPort 127.0.0.1:5555\n"
2572 : "BandwidthRate 76800\n"
2573 : "BandwidthBurst 76800\n"
2574 : "MaxAdvertisedBandwidth 38400\n"
2575 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2576 : "HiddenServicePort 80 127.0.0.1:8080\n"
2577 : "AccountingMax 10\n"
2578 : );
2579 1 : mock_clean_saved_logs();
2580 1 : ret = options_validate(NULL, tdata->opt, &msg);
2581 1 : tt_int_op(ret, OP_EQ, 0);
2582 1 : expect_log_msg("Using accounting with a hidden "
2583 : "service and an ORPort is risky: your hidden service(s) and "
2584 : "your public address will all turn off at the same time, "
2585 : "which may alert observers that they are being run by the "
2586 1 : "same party.\n");
2587 1 : tor_free(msg);
2588 :
2589 1 : free_options_test_data(tdata);
2590 1 : tdata = get_options_test_data(
2591 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2592 : "HiddenServicePort 80 127.0.0.1:8080\n"
2593 : "AccountingMax 10\n"
2594 : );
2595 1 : mock_clean_saved_logs();
2596 1 : ret = options_validate(NULL, tdata->opt, &msg);
2597 1 : tt_int_op(ret, OP_EQ, 0);
2598 1 : expect_no_log_msg("Using accounting with a hidden "
2599 : "service and an ORPort is risky: your hidden service(s) and "
2600 : "your public address will all turn off at the same time, "
2601 : "which may alert observers that they are being run by the "
2602 : "same party.\n");
2603 1 : tor_free(msg);
2604 :
2605 1 : free_options_test_data(tdata);
2606 1 : tdata = get_options_test_data(
2607 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2608 : "HiddenServicePort 80 127.0.0.1:8080\n"
2609 : "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
2610 : "HiddenServicePort 81 127.0.0.1:8081\n"
2611 : "AccountingMax 10\n"
2612 : );
2613 1 : mock_clean_saved_logs();
2614 1 : ret = options_validate(NULL, tdata->opt, &msg);
2615 1 : tt_int_op(ret, OP_EQ, 0);
2616 1 : expect_log_msg("Using accounting with multiple "
2617 : "hidden services is risky: they will all turn off at the same"
2618 : " time, which may alert observers that they are being run by "
2619 1 : "the same party.\n");
2620 1 : tor_free(msg);
2621 :
2622 1 : done:
2623 1 : teardown_capture_of_logs();
2624 1 : policies_free_all();
2625 1 : free_options_test_data(tdata);
2626 1 : tor_free(msg);
2627 1 : }
2628 :
2629 : static void
2630 1 : test_options_validate__proxy(void *ignored)
2631 : {
2632 1 : (void)ignored;
2633 1 : int ret;
2634 1 : char *msg;
2635 1 : options_test_data_t *tdata = NULL;
2636 1 : sandbox_disable_getaddrinfo_cache();
2637 1 : setup_capture_of_logs(LOG_WARN);
2638 1 : MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
2639 :
2640 1 : free_options_test_data(tdata);
2641 1 : tdata = get_options_test_data("HttpProxy 127.0.42.1\n");
2642 1 : ret = options_validate(NULL, tdata->opt, &msg);
2643 1 : tt_int_op(ret, OP_EQ, 0);
2644 1 : tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80);
2645 1 : tor_free(msg);
2646 :
2647 1 : free_options_test_data(tdata);
2648 1 : tdata = get_options_test_data("HttpProxy 127.0.42.1:444\n");
2649 1 : ret = options_validate(NULL, tdata->opt, &msg);
2650 1 : tt_int_op(ret, OP_EQ, 0);
2651 1 : tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444);
2652 1 : tor_free(msg);
2653 :
2654 1 : free_options_test_data(tdata);
2655 :
2656 1 : tdata = get_options_test_data("HttpProxy not_so_valid!\n");
2657 1 : ret = options_validate(NULL, tdata->opt, &msg);
2658 1 : tt_int_op(ret, OP_EQ, -1);
2659 1 : tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix.");
2660 1 : tor_free(msg);
2661 :
2662 1 : free_options_test_data(tdata);
2663 1 : tdata = get_options_test_data("HttpProxyAuthenticator "
2664 : "onetwothreonetwothreonetwothreonetwothreonetw"
2665 : "othreonetwothreonetwothreonetwothreonetwothre"
2666 : "onetwothreonetwothreonetwothreonetwothreonetw"
2667 : "othreonetwothreonetwothreonetwothreonetwothre"
2668 : "onetwothreonetwothreonetwothreonetwothreonetw"
2669 : "othreonetwothreonetwothreonetwothreonetwothre"
2670 : "onetwothreonetwothreonetwothreonetwothreonetw"
2671 : "othreonetwothreonetwothreonetwothreonetwothre"
2672 : "onetwothreonetwothreonetwothreonetwothreonetw"
2673 : "othreonetwothreonetwothreonetwothreonetwothre"
2674 : "onetwothreonetwothreonetwothreonetwothreonetw"
2675 : "othreonetwothreeonetwothreeonetwothree"
2676 : );
2677 1 : ret = options_validate(NULL, tdata->opt, &msg);
2678 1 : tt_int_op(ret, OP_EQ, -1);
2679 1 : tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars).");
2680 1 : tor_free(msg);
2681 :
2682 1 : free_options_test_data(tdata);
2683 1 : tdata = get_options_test_data("HttpProxyAuthenticator validauth\n");
2684 1 : ret = options_validate(NULL, tdata->opt, &msg);
2685 1 : tt_int_op(ret, OP_EQ, 0);
2686 1 : tor_free(msg);
2687 :
2688 1 : free_options_test_data(tdata);
2689 1 : tdata = get_options_test_data("HttpsProxy 127.0.42.1\n");
2690 1 : ret = options_validate(NULL, tdata->opt, &msg);
2691 1 : tt_int_op(ret, OP_EQ, 0);
2692 1 : tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443);
2693 1 : tor_free(msg);
2694 :
2695 1 : free_options_test_data(tdata);
2696 1 : tdata = get_options_test_data("HttpsProxy 127.0.42.1:444\n");
2697 1 : ret = options_validate(NULL, tdata->opt, &msg);
2698 1 : tt_int_op(ret, OP_EQ, 0);
2699 1 : tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444);
2700 1 : tor_free(msg);
2701 :
2702 1 : free_options_test_data(tdata);
2703 1 : tdata = get_options_test_data("HttpsProxy not_so_valid!\n");
2704 1 : ret = options_validate(NULL, tdata->opt, &msg);
2705 1 : tt_int_op(ret, OP_EQ, -1);
2706 1 : tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix.");
2707 1 : tor_free(msg);
2708 :
2709 1 : free_options_test_data(tdata);
2710 1 : tdata = get_options_test_data("HttpsProxyAuthenticator "
2711 : "onetwothreonetwothreonetwothreonetwothreonetw"
2712 : "othreonetwothreonetwothreonetwothreonetwothre"
2713 : "onetwothreonetwothreonetwothreonetwothreonetw"
2714 : "othreonetwothreonetwothreonetwothreonetwothre"
2715 : "onetwothreonetwothreonetwothreonetwothreonetw"
2716 : "othreonetwothreonetwothreonetwothreonetwothre"
2717 : "onetwothreonetwothreonetwothreonetwothreonetw"
2718 : "othreonetwothreonetwothreonetwothreonetwothre"
2719 : "onetwothreonetwothreonetwothreonetwothreonetw"
2720 : "othreonetwothreonetwothreonetwothreonetwothre"
2721 : "onetwothreonetwothreonetwothreonetwothreonetw"
2722 : "othreonetwothreeonetwothreeonetwothree"
2723 :
2724 : );
2725 1 : ret = options_validate(NULL, tdata->opt, &msg);
2726 1 : tt_int_op(ret, OP_EQ, -1);
2727 1 : tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
2728 1 : tor_free(msg);
2729 :
2730 1 : free_options_test_data(tdata);
2731 1 : tdata = get_options_test_data("HttpsProxyAuthenticator validauth\n");
2732 1 : ret = options_validate(NULL, tdata->opt, &msg);
2733 1 : tt_int_op(ret, OP_EQ, 0);
2734 1 : tor_free(msg);
2735 :
2736 1 : free_options_test_data(tdata);
2737 1 : tdata = get_options_test_data("Socks4Proxy 127.0.42.1\n");
2738 1 : ret = options_validate(NULL, tdata->opt, &msg);
2739 1 : tt_int_op(ret, OP_EQ, 0);
2740 1 : tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080);
2741 1 : tor_free(msg);
2742 :
2743 1 : free_options_test_data(tdata);
2744 1 : tdata = get_options_test_data("Socks4Proxy 127.0.42.1:444\n");
2745 1 : ret = options_validate(NULL, tdata->opt, &msg);
2746 1 : tt_int_op(ret, OP_EQ, 0);
2747 1 : tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444);
2748 1 : tor_free(msg);
2749 :
2750 1 : free_options_test_data(tdata);
2751 1 : tdata = get_options_test_data("Socks4Proxy not_so_valid!\n");
2752 1 : ret = options_validate(NULL, tdata->opt, &msg);
2753 1 : tt_int_op(ret, OP_EQ, -1);
2754 1 : tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix.");
2755 1 : tor_free(msg);
2756 :
2757 1 : free_options_test_data(tdata);
2758 1 : tdata = get_options_test_data("Socks5Proxy 127.0.42.1\n");
2759 1 : ret = options_validate(NULL, tdata->opt, &msg);
2760 1 : tt_int_op(ret, OP_EQ, 0);
2761 1 : tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080);
2762 1 : tor_free(msg);
2763 :
2764 1 : free_options_test_data(tdata);
2765 1 : tdata = get_options_test_data("Socks5Proxy 127.0.42.1:444\n");
2766 1 : ret = options_validate(NULL, tdata->opt, &msg);
2767 1 : tt_int_op(ret, OP_EQ, 0);
2768 1 : tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444);
2769 1 : tor_free(msg);
2770 :
2771 1 : free_options_test_data(tdata);
2772 1 : tdata = get_options_test_data("Socks5Proxy not_so_valid!\n");
2773 1 : ret = options_validate(NULL, tdata->opt, &msg);
2774 1 : tt_int_op(ret, OP_EQ, -1);
2775 1 : tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix.");
2776 1 : tor_free(msg);
2777 :
2778 1 : free_options_test_data(tdata);
2779 1 : tdata = get_options_test_data("Socks4Proxy 215.1.1.1\n"
2780 : "Socks5Proxy 215.1.1.2\n"
2781 : );
2782 1 : ret = options_validate(NULL, tdata->opt, &msg);
2783 1 : tt_int_op(ret, OP_EQ, -1);
2784 1 : tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
2785 : "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
2786 1 : tor_free(msg);
2787 :
2788 1 : free_options_test_data(tdata);
2789 1 : tdata = get_options_test_data("HttpProxy 215.1.1.1\n");
2790 1 : mock_clean_saved_logs();
2791 1 : ret = options_validate(NULL, tdata->opt, &msg);
2792 1 : tt_int_op(ret, OP_EQ, 0);
2793 1 : expect_log_msg("HTTPProxy configured, but no SOCKS proxy, "
2794 : "HTTPS proxy, or any other TCP proxy configured. Watch out: "
2795 : "this configuration will proxy unencrypted directory "
2796 1 : "connections only.\n");
2797 1 : tor_free(msg);
2798 :
2799 1 : free_options_test_data(tdata);
2800 1 : tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2801 : "Socks4Proxy 215.1.1.1\n"
2802 : );
2803 1 : mock_clean_saved_logs();
2804 1 : ret = options_validate(NULL, tdata->opt, &msg);
2805 1 : tt_int_op(ret, OP_EQ, 0);
2806 1 : expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2807 : "proxy or HTTPS proxy configured. Watch out: this configuration "
2808 : "will proxy unencrypted directory connections only.\n");
2809 1 : tor_free(msg);
2810 :
2811 1 : free_options_test_data(tdata);
2812 1 : tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2813 : "Socks5Proxy 215.1.1.1\n"
2814 : );
2815 1 : mock_clean_saved_logs();
2816 1 : ret = options_validate(NULL, tdata->opt, &msg);
2817 1 : tt_int_op(ret, OP_EQ, 0);
2818 1 : expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2819 : "proxy or HTTPS proxy configured. Watch out: this configuration "
2820 : "will proxy unencrypted directory connections only.\n");
2821 1 : tor_free(msg);
2822 :
2823 1 : free_options_test_data(tdata);
2824 1 : tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2825 : "HttpsProxy 215.1.1.1\n"
2826 : );
2827 1 : mock_clean_saved_logs();
2828 1 : ret = options_validate(NULL, tdata->opt, &msg);
2829 1 : tt_int_op(ret, OP_EQ, 0);
2830 1 : expect_no_log_msg(
2831 : "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
2832 : "configured. Watch out: this configuration will proxy "
2833 : "unencrypted directory connections only.\n");
2834 1 : tor_free(msg);
2835 :
2836 1 : free_options_test_data(tdata);
2837 1 : tdata = get_options_test_data("");
2838 1 : tdata->opt->Socks5ProxyUsername = tor_strdup("");
2839 1 : ret = options_validate(NULL, tdata->opt, &msg);
2840 1 : tt_int_op(ret, OP_EQ, -1);
2841 1 : tt_str_op(msg, OP_EQ,
2842 : "Socks5ProxyUsername must be between 1 and 255 characters.");
2843 1 : tor_free(msg);
2844 :
2845 1 : free_options_test_data(tdata);
2846 1 : tdata = get_options_test_data("");
2847 2 : tdata->opt->Socks5ProxyUsername =
2848 1 : tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2849 : "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2850 : "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2851 : "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2852 : "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2853 1 : ret = options_validate(NULL, tdata->opt, &msg);
2854 1 : tt_int_op(ret, OP_EQ, -1);
2855 1 : tt_str_op(msg, OP_EQ,
2856 : "Socks5ProxyUsername must be between 1 and 255 characters.");
2857 1 : tor_free(msg);
2858 :
2859 1 : free_options_test_data(tdata);
2860 1 : tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2861 1 : ret = options_validate(NULL, tdata->opt, &msg);
2862 1 : tt_int_op(ret, OP_EQ, -1);
2863 1 : tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
2864 : "Socks5ProxyUsername.");
2865 1 : tor_free(msg);
2866 :
2867 1 : free_options_test_data(tdata);
2868 1 : tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2869 1 : tdata->opt->Socks5ProxyPassword = tor_strdup("");
2870 1 : ret = options_validate(NULL, tdata->opt, &msg);
2871 1 : tt_int_op(ret, OP_EQ, -1);
2872 1 : tt_str_op(msg, OP_EQ,
2873 : "Socks5ProxyPassword must be between 1 and 255 characters.");
2874 1 : tor_free(msg);
2875 :
2876 1 : free_options_test_data(tdata);
2877 1 : tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2878 2 : tdata->opt->Socks5ProxyPassword =
2879 1 : tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2880 : "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2881 : "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2882 : "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2883 : "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2884 1 : ret = options_validate(NULL, tdata->opt, &msg);
2885 1 : tt_int_op(ret, OP_EQ, -1);
2886 1 : tt_str_op(msg, OP_EQ,
2887 : "Socks5ProxyPassword must be between 1 and 255 characters.");
2888 1 : tor_free(msg);
2889 :
2890 1 : free_options_test_data(tdata);
2891 1 : tdata = get_options_test_data("Socks5ProxyUsername hello_world\n"
2892 : "Socks5ProxyPassword world_hello\n");
2893 1 : ret = options_validate(NULL, tdata->opt, &msg);
2894 1 : tt_int_op(ret, OP_EQ, 0);
2895 1 : tor_free(msg);
2896 :
2897 1 : free_options_test_data(tdata);
2898 1 : tdata = get_options_test_data("Socks5ProxyPassword hello_world\n");
2899 1 : ret = options_validate(NULL, tdata->opt, &msg);
2900 1 : tt_int_op(ret, OP_EQ, -1);
2901 1 : tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
2902 : "Socks5ProxyUsername.");
2903 1 : tor_free(msg);
2904 :
2905 1 : done:
2906 1 : teardown_capture_of_logs();
2907 1 : free_options_test_data(tdata);
2908 1 : policies_free_all();
2909 : // sandbox_free_getaddrinfo_cache();
2910 1 : tor_free(msg);
2911 1 : UNMOCK(tor_addr_lookup);
2912 1 : }
2913 :
2914 : static void
2915 1 : test_options_validate__control(void *ignored)
2916 : {
2917 1 : (void)ignored;
2918 1 : int ret;
2919 1 : char *msg;
2920 1 : options_test_data_t *tdata = NULL;
2921 1 : setup_capture_of_logs(LOG_WARN);
2922 :
2923 1 : free_options_test_data(tdata);
2924 1 : tdata = get_options_test_data(
2925 : "HashedControlPassword something_incorrect\n");
2926 1 : ret = options_validate(NULL, tdata->opt, &msg);
2927 1 : tt_int_op(ret, OP_EQ, -1);
2928 1 : tt_str_op(msg, OP_EQ,
2929 : "Bad HashedControlPassword: wrong length or bad encoding");
2930 1 : tor_free(msg);
2931 :
2932 1 : free_options_test_data(tdata);
2933 1 : tdata = get_options_test_data("HashedControlPassword 16:872860B76453A77D60CA"
2934 : "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2935 : );
2936 1 : ret = options_validate(NULL, tdata->opt, &msg);
2937 1 : tt_int_op(ret, OP_EQ, 0);
2938 1 : tor_free(msg);
2939 :
2940 1 : free_options_test_data(tdata);
2941 1 : tdata = get_options_test_data(
2942 : "__HashedControlSessionPassword something_incorrect\n"
2943 : );
2944 1 : ret = options_validate(NULL, tdata->opt, &msg);
2945 1 : tt_int_op(ret, OP_EQ, -1);
2946 1 : tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or "
2947 : "bad encoding");
2948 1 : tor_free(msg);
2949 :
2950 1 : free_options_test_data(tdata);
2951 1 : tdata = get_options_test_data("__HashedControlSessionPassword 16:872860B7645"
2952 : "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
2953 : "4C\n"
2954 : );
2955 1 : ret = options_validate(NULL, tdata->opt, &msg);
2956 1 : tt_int_op(ret, OP_EQ, 0);
2957 1 : tor_free(msg);
2958 :
2959 1 : free_options_test_data(tdata);
2960 1 : tdata = get_options_test_data(
2961 : "__OwningControllerProcess something_incorrect\n"
2962 : );
2963 1 : ret = options_validate(NULL, tdata->opt, &msg);
2964 1 : tt_int_op(ret, OP_EQ, -1);
2965 1 : tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID");
2966 1 : tor_free(msg);
2967 :
2968 1 : free_options_test_data(tdata);
2969 1 : tdata = get_options_test_data("__OwningControllerProcess 123\n"
2970 : );
2971 1 : ret = options_validate(NULL, tdata->opt, &msg);
2972 1 : tt_int_op(ret, OP_EQ, 0);
2973 1 : tor_free(msg);
2974 :
2975 1 : free_options_test_data(tdata);
2976 1 : tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
2977 : );
2978 1 : mock_clean_saved_logs();
2979 1 : ret = options_validate(NULL, tdata->opt, &msg);
2980 1 : tt_int_op(ret, OP_EQ, 0);
2981 1 : expect_log_msg(
2982 : "ControlPort is open, but no authentication method has been "
2983 : "configured. This means that any program on your computer can "
2984 : "reconfigure your Tor. That's bad! You should upgrade your Tor"
2985 1 : " controller as soon as possible.\n");
2986 1 : tor_free(msg);
2987 :
2988 1 : free_options_test_data(tdata);
2989 1 : tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
2990 : "HashedControlPassword 16:872860B76453A77D60CA"
2991 : "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2992 : );
2993 1 : mock_clean_saved_logs();
2994 1 : ret = options_validate(NULL, tdata->opt, &msg);
2995 1 : tt_int_op(ret, OP_EQ, 0);
2996 1 : expect_no_log_msg(
2997 : "ControlPort is open, but no authentication method has been "
2998 : "configured. This means that any program on your computer can "
2999 : "reconfigure your Tor. That's bad! You should upgrade your Tor "
3000 : "controller as soon as possible.\n");
3001 1 : tor_free(msg);
3002 :
3003 1 : free_options_test_data(tdata);
3004 1 : tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
3005 : "__HashedControlSessionPassword 16:872860B7645"
3006 : "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3007 : "4C\n"
3008 : );
3009 1 : mock_clean_saved_logs();
3010 1 : ret = options_validate(NULL, tdata->opt, &msg);
3011 1 : tt_int_op(ret, OP_EQ, 0);
3012 1 : expect_no_log_msg(
3013 : "ControlPort is open, but no authentication method has been "
3014 : "configured. This means that any program on your computer can "
3015 : "reconfigure your Tor. That's bad! You should upgrade your Tor "
3016 : "controller as soon as possible.\n");
3017 1 : tor_free(msg);
3018 :
3019 1 : free_options_test_data(tdata);
3020 1 : tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
3021 : "CookieAuthentication 1\n"
3022 : );
3023 1 : mock_clean_saved_logs();
3024 1 : ret = options_validate(NULL, tdata->opt, &msg);
3025 1 : tt_int_op(ret, OP_EQ, 0);
3026 1 : expect_no_log_msg(
3027 : "ControlPort is open, but no authentication method has been "
3028 : "configured. This means that any program on your computer can "
3029 : "reconfigure your Tor. That's bad! You should upgrade your Tor "
3030 : "controller as soon as possible.\n");
3031 1 : tor_free(msg);
3032 :
3033 : #ifdef HAVE_SYS_UN_H
3034 1 : free_options_test_data(tdata);
3035 1 : tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n");
3036 1 : mock_clean_saved_logs();
3037 1 : ret = options_validate(NULL, tdata->opt, &msg);
3038 1 : tt_int_op(ret, OP_EQ, 0);
3039 1 : expect_log_msg(
3040 : "ControlSocket is world writable, but no authentication method has"
3041 : " been configured. This means that any program on your computer "
3042 : "can reconfigure your Tor. That's bad! You should upgrade your "
3043 1 : "Tor controller as soon as possible.\n");
3044 1 : tor_free(msg);
3045 :
3046 1 : free_options_test_data(tdata);
3047 1 : tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3048 : "HashedControlPassword 16:872860B76453A77D60CA"
3049 : "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3050 : );
3051 1 : mock_clean_saved_logs();
3052 1 : ret = options_validate(NULL, tdata->opt, &msg);
3053 1 : tt_int_op(ret, OP_EQ, 0);
3054 1 : expect_no_log_msg(
3055 : "ControlSocket is world writable, but no authentication method has"
3056 : " been configured. This means that any program on your computer "
3057 : "can reconfigure your Tor. That's bad! You should upgrade your "
3058 : "Tor controller as soon as possible.\n");
3059 1 : tor_free(msg);
3060 :
3061 1 : free_options_test_data(tdata);
3062 1 : tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3063 : "__HashedControlSessionPassword 16:872860B7645"
3064 : "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3065 : "4C\n"
3066 : );
3067 1 : mock_clean_saved_logs();
3068 1 : ret = options_validate(NULL, tdata->opt, &msg);
3069 1 : tt_int_op(ret, OP_EQ, 0);
3070 1 : expect_no_log_msg(
3071 : "ControlSocket is world writable, but no authentication method has"
3072 : " been configured. This means that any program on your computer "
3073 : "can reconfigure your Tor. That's bad! You should upgrade your "
3074 : "Tor controller as soon as possible.\n");
3075 1 : tor_free(msg);
3076 :
3077 1 : free_options_test_data(tdata);
3078 1 : tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3079 : "CookieAuthentication 1\n"
3080 : );
3081 1 : mock_clean_saved_logs();
3082 1 : ret = options_validate(NULL, tdata->opt, &msg);
3083 1 : tt_int_op(ret, OP_EQ, 0);
3084 1 : expect_no_log_msg(
3085 : "ControlSocket is world writable, but no authentication method has"
3086 : " been configured. This means that any program on your computer "
3087 : "can reconfigure your Tor. That's bad! You should upgrade your "
3088 : "Tor controller as soon as possible.\n");
3089 1 : tor_free(msg);
3090 : #endif /* defined(HAVE_SYS_UN_H) */
3091 :
3092 1 : free_options_test_data(tdata);
3093 1 : tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n"
3094 : );
3095 1 : mock_clean_saved_logs();
3096 1 : ret = options_validate(NULL, tdata->opt, &msg);
3097 1 : tt_int_op(ret, OP_EQ, 0);
3098 1 : expect_log_msg(
3099 : "CookieAuthFileGroupReadable is set, but will have no effect: you "
3100 : "must specify an explicit CookieAuthFile to have it "
3101 1 : "group-readable.\n");
3102 1 : tor_free(msg);
3103 :
3104 1 : free_options_test_data(tdata);
3105 1 : tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n"
3106 : "CookieAuthFile /tmp/somewhere\n"
3107 : );
3108 1 : mock_clean_saved_logs();
3109 1 : ret = options_validate(NULL, tdata->opt, &msg);
3110 1 : tt_int_op(ret, OP_EQ, 0);
3111 1 : expect_no_log_msg(
3112 : "CookieAuthFileGroupReadable is set, but will have no effect: you "
3113 : "must specify an explicit CookieAuthFile to have it "
3114 : "group-readable.\n");
3115 1 : tor_free(msg);
3116 :
3117 1 : done:
3118 1 : teardown_capture_of_logs();
3119 1 : policies_free_all();
3120 1 : free_options_test_data(tdata);
3121 1 : tor_free(msg);
3122 1 : }
3123 :
3124 : static void
3125 1 : test_options_validate__families(void *ignored)
3126 : {
3127 1 : (void)ignored;
3128 1 : int ret;
3129 1 : char *msg;
3130 1 : options_test_data_t *tdata = NULL;
3131 1 : setup_capture_of_logs(LOG_WARN);
3132 :
3133 1 : free_options_test_data(tdata);
3134 1 : tdata = get_options_test_data("MyFamily home\n"
3135 : "BridgeRelay 1\n"
3136 : "ORPort 127.0.0.1:5555\n"
3137 : "BandwidthRate 51300\n"
3138 : "BandwidthBurst 51300\n"
3139 : "MaxAdvertisedBandwidth 25700\n"
3140 : "DirCache 1\n"
3141 : );
3142 1 : mock_clean_saved_logs();
3143 1 : ret = options_validate(NULL, tdata->opt, &msg);
3144 1 : tt_int_op(ret, OP_EQ, 0);
3145 1 : expect_log_msg(
3146 : "Listing a family for a bridge relay is not supported: it can "
3147 : "reveal bridge fingerprints to censors. You should also make sure "
3148 : "you aren't listing this bridge's fingerprint in any other "
3149 1 : "MyFamily.\n");
3150 1 : tor_free(msg);
3151 :
3152 1 : free_options_test_data(tdata);
3153 1 : tdata = get_options_test_data("MyFamily home\n");
3154 1 : mock_clean_saved_logs();
3155 1 : ret = options_validate(NULL, tdata->opt, &msg);
3156 1 : tt_int_op(ret, OP_EQ, 0);
3157 1 : expect_no_log_msg(
3158 : "Listing a family for a bridge relay is not supported: it can "
3159 : "reveal bridge fingerprints to censors. You should also make sure "
3160 : "you aren't listing this bridge's fingerprint in any other "
3161 : "MyFamily.\n");
3162 1 : tor_free(msg);
3163 :
3164 1 : free_options_test_data(tdata);
3165 1 : tdata = get_options_test_data("MyFamily !\n");
3166 1 : mock_clean_saved_logs();
3167 1 : ret = options_validate(NULL, tdata->opt, &msg);
3168 1 : tt_int_op(ret, OP_EQ, -1);
3169 1 : tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line");
3170 1 : tor_free(msg);
3171 :
3172 1 : free_options_test_data(tdata);
3173 1 : tdata = get_options_test_data("NodeFamily foo\n"
3174 : "NodeFamily !\n");
3175 1 : mock_clean_saved_logs();
3176 1 : ret = options_validate(NULL, tdata->opt, &msg);
3177 1 : tt_int_op(ret, OP_EQ, -1);
3178 1 : tt_assert(!msg);
3179 1 : tor_free(msg);
3180 :
3181 1 : done:
3182 1 : teardown_capture_of_logs();
3183 1 : policies_free_all();
3184 1 : free_options_test_data(tdata);
3185 1 : tor_free(msg);
3186 1 : }
3187 :
3188 : static void
3189 1 : test_options_validate__addr_policies(void *ignored)
3190 : {
3191 1 : (void)ignored;
3192 1 : int ret;
3193 1 : char *msg;
3194 1 : options_test_data_t *tdata = NULL;
3195 :
3196 1 : free_options_test_data(tdata);
3197 1 : tdata = get_options_test_data("ExitPolicy !!!\n"
3198 : "ExitRelay 1\n"
3199 : );
3200 1 : ret = options_validate(NULL, tdata->opt, &msg);
3201 1 : tt_int_op(ret, OP_EQ, -1);
3202 1 : tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry.");
3203 1 : tor_free(msg);
3204 :
3205 1 : done:
3206 1 : policies_free_all();
3207 1 : free_options_test_data(tdata);
3208 1 : tor_free(msg);
3209 1 : }
3210 :
3211 : static void
3212 1 : test_options_validate__dir_auth(void *ignored)
3213 : {
3214 1 : (void)ignored;
3215 1 : int ret;
3216 1 : char *msg;
3217 1 : options_test_data_t *tdata = NULL;
3218 1 : setup_capture_of_logs(LOG_WARN);
3219 :
3220 1 : free_options_test_data(tdata);
3221 1 : tdata = get_options_test_data(VALID_DIR_AUTH
3222 : VALID_ALT_DIR_AUTH
3223 : );
3224 1 : mock_clean_saved_logs();
3225 1 : ret = options_validate(NULL, tdata->opt, &msg);
3226 1 : tt_int_op(ret, OP_EQ, -1);
3227 1 : tt_str_op(msg, OP_EQ,
3228 : "Directory authority/fallback line did not parse. See logs for "
3229 : "details.");
3230 1 : expect_log_msg(
3231 1 : "You cannot set both DirAuthority and Alternate*Authority.\n");
3232 1 : tor_free(msg);
3233 :
3234 1 : free_options_test_data(tdata);
3235 1 : tdata = get_options_test_data("TestingTorNetwork 1\n");
3236 1 : ret = options_validate(NULL, tdata->opt, &msg);
3237 1 : tt_int_op(ret, OP_EQ, -1);
3238 1 : tt_str_op(msg, OP_EQ,
3239 : "TestingTorNetwork may only be configured in combination with a "
3240 : "non-default set of DirAuthority or both of AlternateDirAuthority "
3241 : "and AlternateBridgeAuthority configured.");
3242 1 : tor_free(msg);
3243 :
3244 1 : free_options_test_data(tdata);
3245 1 : tdata = get_options_test_data(VALID_DIR_AUTH
3246 : "TestingTorNetwork 1\n"
3247 : );
3248 1 : ret = options_validate(NULL, tdata->opt, &msg);
3249 1 : tt_int_op(ret, OP_EQ, 0);
3250 1 : tor_free(msg);
3251 :
3252 1 : free_options_test_data(tdata);
3253 1 : tdata = get_options_test_data("TestingTorNetwork 1\n"
3254 : VALID_ALT_DIR_AUTH
3255 : );
3256 1 : ret = options_validate(NULL, tdata->opt, &msg);
3257 1 : tt_int_op(ret, OP_EQ, -1);
3258 1 : tt_str_op(msg, OP_EQ,
3259 : "TestingTorNetwork may only be configured in combination with a "
3260 : "non-default set of DirAuthority or both of AlternateDirAuthority "
3261 : "and AlternateBridgeAuthority configured.");
3262 1 : tor_free(msg);
3263 :
3264 1 : free_options_test_data(tdata);
3265 1 : tdata = get_options_test_data("TestingTorNetwork 1\n"
3266 : VALID_ALT_BRIDGE_AUTH
3267 : );
3268 1 : ret = options_validate(NULL, tdata->opt, &msg);
3269 1 : tt_int_op(ret, OP_EQ, -1);
3270 1 : tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in "
3271 : "combination with a non-default set of DirAuthority or both of "
3272 : "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3273 1 : tor_free(msg);
3274 :
3275 1 : free_options_test_data(tdata);
3276 1 : tdata = get_options_test_data(VALID_ALT_DIR_AUTH
3277 : VALID_ALT_BRIDGE_AUTH
3278 : "TestingTorNetwork 1\n"
3279 : );
3280 1 : ret = options_validate(NULL, tdata->opt, &msg);
3281 1 : tt_int_op(ret, OP_EQ, 0);
3282 1 : tor_free(msg);
3283 :
3284 1 : done:
3285 1 : policies_free_all();
3286 1 : teardown_capture_of_logs();
3287 1 : free_options_test_data(tdata);
3288 1 : tor_free(msg);
3289 1 : }
3290 :
3291 : static void
3292 1 : test_options_validate__transport(void *ignored)
3293 : {
3294 1 : (void)ignored;
3295 1 : int ret;
3296 1 : char *msg;
3297 1 : options_test_data_t *tdata = NULL;
3298 1 : setup_capture_of_logs(LOG_NOTICE);
3299 :
3300 1 : free_options_test_data(tdata);
3301 1 : tdata = get_options_test_data("ClientTransportPlugin !!\n"
3302 : );
3303 1 : mock_clean_saved_logs();
3304 1 : ret = options_validate(NULL, tdata->opt, &msg);
3305 1 : tt_int_op(ret, OP_EQ, -1);
3306 1 : tt_str_op(msg, OP_EQ,
3307 : "Invalid client transport line. See logs for details.");
3308 1 : expect_log_msg(
3309 1 : "Too few arguments on ClientTransportPlugin line.\n");
3310 1 : tor_free(msg);
3311 :
3312 1 : free_options_test_data(tdata);
3313 1 : tdata = get_options_test_data("ClientTransportPlugin foo exec bar\n"
3314 : );
3315 1 : mock_clean_saved_logs();
3316 1 : ret = options_validate(NULL, tdata->opt, &msg);
3317 1 : tt_int_op(ret, OP_EQ, 0);
3318 1 : tor_free(msg);
3319 :
3320 1 : free_options_test_data(tdata);
3321 1 : tdata = get_options_test_data("ServerTransportPlugin !!\n");
3322 1 : mock_clean_saved_logs();
3323 1 : ret = options_validate(NULL, tdata->opt, &msg);
3324 1 : tt_int_op(ret, OP_EQ, -1);
3325 1 : tt_str_op(msg, OP_EQ,
3326 : "Invalid server transport line. See logs for details.");
3327 1 : expect_log_msg(
3328 1 : "Too few arguments on ServerTransportPlugin line.\n");
3329 1 : tor_free(msg);
3330 :
3331 1 : free_options_test_data(tdata);
3332 1 : tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n");
3333 1 : mock_clean_saved_logs();
3334 1 : ret = options_validate(NULL, tdata->opt, &msg);
3335 1 : tt_int_op(ret, OP_EQ, 0);
3336 1 : expect_log_msg(
3337 : "Tor is not configured as a relay but you specified a "
3338 : "ServerTransportPlugin line (\"foo exec bar\"). The "
3339 1 : "ServerTransportPlugin line will be ignored.\n");
3340 1 : tor_free(msg);
3341 :
3342 1 : free_options_test_data(tdata);
3343 1 : tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n"
3344 : "ORPort 127.0.0.1:5555\n"
3345 : "BandwidthRate 76900\n"
3346 : "BandwidthBurst 76900\n"
3347 : "MaxAdvertisedBandwidth 38500\n"
3348 : );
3349 1 : mock_clean_saved_logs();
3350 1 : ret = options_validate(NULL, tdata->opt, &msg);
3351 1 : tt_int_op(ret, OP_EQ, 0);
3352 1 : expect_no_log_msg(
3353 : "Tor is not configured as a relay but you specified a "
3354 : "ServerTransportPlugin line (\"foo exec bar\"). The "
3355 : "ServerTransportPlugin line will be ignored.\n");
3356 1 : tor_free(msg);
3357 :
3358 1 : free_options_test_data(tdata);
3359 1 : tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3360 : "ServerTransportListenAddr !\n");
3361 1 : ret = options_validate(NULL, tdata->opt, &msg);
3362 1 : tt_int_op(ret, OP_EQ, -1);
3363 1 : tt_str_op(msg, OP_EQ,
3364 : "ServerTransportListenAddr did not parse. See logs for details.");
3365 1 : tor_free(msg);
3366 :
3367 1 : free_options_test_data(tdata);
3368 1 : tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3369 : );
3370 1 : mock_clean_saved_logs();
3371 1 : ret = options_validate(NULL, tdata->opt, &msg);
3372 1 : tt_int_op(ret, OP_EQ, 0);
3373 1 : expect_log_msg(
3374 : "You need at least a single managed-proxy to specify a transport "
3375 : "listen address. The ServerTransportListenAddr line will be "
3376 1 : "ignored.\n");
3377 1 : tor_free(msg);
3378 :
3379 1 : free_options_test_data(tdata);
3380 1 : tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3381 : "ServerTransportPlugin foo exec bar\n"
3382 : "ORPort 127.0.0.1:5555\n"
3383 : "BandwidthRate 76900\n"
3384 : "BandwidthBurst 76900\n"
3385 : "MaxAdvertisedBandwidth 38500\n"
3386 : );
3387 1 : mock_clean_saved_logs();
3388 1 : ret = options_validate(NULL, tdata->opt, &msg);
3389 1 : tt_int_op(ret, OP_EQ, 0);
3390 1 : expect_no_log_msg(
3391 : "You need at least a single managed-proxy to specify a transport "
3392 : "listen address. The ServerTransportListenAddr line will be "
3393 : "ignored.\n");
3394 :
3395 1 : done:
3396 1 : escaped(NULL); // This will free the leaking memory from the previous escaped
3397 1 : policies_free_all();
3398 1 : teardown_capture_of_logs();
3399 1 : free_options_test_data(tdata);
3400 1 : tor_free(msg);
3401 1 : }
3402 :
3403 : static void
3404 1 : test_options_validate__constrained_sockets(void *ignored)
3405 : {
3406 1 : (void)ignored;
3407 1 : int ret;
3408 1 : char *msg;
3409 1 : options_test_data_t *tdata = NULL;
3410 1 : setup_capture_of_logs(LOG_WARN);
3411 :
3412 1 : free_options_test_data(tdata);
3413 1 : tdata = get_options_test_data("ConstrainedSockets 1\n"
3414 : "ConstrainedSockSize 0\n"
3415 : );
3416 1 : mock_clean_saved_logs();
3417 1 : ret = options_validate(NULL, tdata->opt, &msg);
3418 1 : tt_int_op(ret, OP_EQ, -1);
3419 1 : tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3420 : "between 2048 and 262144 in 1024 byte increments.");
3421 1 : tor_free(msg);
3422 :
3423 1 : free_options_test_data(tdata);
3424 1 : tdata = get_options_test_data("ConstrainedSockets 1\n"
3425 : "ConstrainedSockSize 263168\n"
3426 : );
3427 1 : mock_clean_saved_logs();
3428 1 : ret = options_validate(NULL, tdata->opt, &msg);
3429 1 : tt_int_op(ret, OP_EQ, -1);
3430 1 : tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3431 : "between 2048 and 262144 in 1024 byte increments.");
3432 1 : tor_free(msg);
3433 :
3434 1 : free_options_test_data(tdata);
3435 1 : tdata = get_options_test_data("ConstrainedSockets 1\n"
3436 : "ConstrainedSockSize 2047\n"
3437 : );
3438 1 : mock_clean_saved_logs();
3439 1 : ret = options_validate(NULL, tdata->opt, &msg);
3440 1 : tt_int_op(ret, OP_EQ, -1);
3441 1 : tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3442 : "between 2048 and 262144 in 1024 byte increments.");
3443 1 : tor_free(msg);
3444 :
3445 1 : done:
3446 1 : policies_free_all();
3447 1 : teardown_capture_of_logs();
3448 1 : free_options_test_data(tdata);
3449 1 : tor_free(msg);
3450 1 : }
3451 :
3452 : static void
3453 1 : test_options_validate__v3_auth(void *ignored)
3454 : {
3455 1 : (void)ignored;
3456 1 : int ret;
3457 1 : char *msg;
3458 1 : options_test_data_t *tdata = NULL;
3459 1 : setup_capture_of_logs(LOG_WARN);
3460 :
3461 1 : free_options_test_data(tdata);
3462 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3463 : "V3AuthVoteDelay 1000\n"
3464 : "V3AuthDistDelay 1000\n"
3465 : "V3AuthVotingInterval 1000\n"
3466 : );
3467 1 : ret = options_validate(NULL, tdata->opt, &msg);
3468 1 : tt_int_op(ret, OP_EQ, -1);
3469 1 : tt_str_op(msg, OP_EQ,
3470 : "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3471 : "V3AuthVotingInterval");
3472 1 : tor_free(msg);
3473 :
3474 1 : free_options_test_data(tdata);
3475 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3476 : "V3AuthVoteDelay 1\n");
3477 1 : ret = options_validate(NULL, tdata->opt, &msg);
3478 1 : tt_int_op(ret, OP_EQ, -1);
3479 1 : tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3480 1 : tor_free(msg);
3481 :
3482 1 : free_options_test_data(tdata);
3483 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3484 : "V3AuthVoteDelay 1\n"
3485 : "TestingTorNetwork 1\n");
3486 1 : ret = options_validate(NULL, tdata->opt, &msg);
3487 1 : tt_int_op(ret, OP_EQ, -1);
3488 1 : tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3489 1 : tor_free(msg);
3490 :
3491 : // TODO: we can't reach the case of v3authvotedelay lower
3492 : // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
3493 : // since they are the same
3494 :
3495 1 : free_options_test_data(tdata);
3496 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3497 : "V3AuthDistDelay 1\n");
3498 1 : ret = options_validate(NULL, tdata->opt, &msg);
3499 1 : tt_int_op(ret, OP_EQ, -1);
3500 1 : tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3501 1 : tor_free(msg);
3502 :
3503 1 : free_options_test_data(tdata);
3504 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3505 : "V3AuthDistDelay 1\n"
3506 : "TestingTorNetwork 1\n"
3507 : );
3508 1 : ret = options_validate(NULL, tdata->opt, &msg);
3509 1 : tt_int_op(ret, OP_EQ, -1);
3510 1 : tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3511 1 : tor_free(msg);
3512 :
3513 : // We can't reach the case of v3authdistdelay lower than
3514 : // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
3515 : // since they are the same
3516 :
3517 1 : free_options_test_data(tdata);
3518 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3519 : "V3AuthNIntervalsValid 1\n"
3520 : );
3521 1 : ret = options_validate(NULL, tdata->opt, &msg);
3522 1 : tt_int_op(ret, OP_EQ, -1);
3523 1 : tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2.");
3524 1 : tor_free(msg);
3525 :
3526 1 : free_options_test_data(tdata);
3527 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3528 : "V3AuthVoteDelay 49\n"
3529 : "V3AuthDistDelay 49\n"
3530 : "V3AuthVotingInterval 200\n"
3531 : );
3532 1 : ret = options_validate(NULL, tdata->opt, &msg);
3533 1 : tt_int_op(ret, OP_EQ, -1);
3534 1 : tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low.");
3535 1 : tor_free(msg);
3536 :
3537 1 : free_options_test_data(tdata);
3538 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3539 : VALID_DIR_AUTH
3540 : "TestingTorNetwork 1\n"
3541 : "V3AuthVoteDelay 49\n"
3542 : "V3AuthDistDelay 49\n"
3543 : "V3AuthVotingInterval 200\n"
3544 : );
3545 1 : ret = options_validate(NULL, tdata->opt, &msg);
3546 1 : tt_int_op(ret, OP_EQ, 0);
3547 1 : tt_ptr_op(msg, OP_EQ, NULL);
3548 1 : tor_free(msg);
3549 :
3550 1 : free_options_test_data(tdata);
3551 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3552 : VALID_DIR_AUTH
3553 : "TestingTorNetwork 1\n"
3554 : "V3AuthVoteDelay 2\n"
3555 : "V3AuthDistDelay 2\n"
3556 : "V3AuthVotingInterval 9\n"
3557 : );
3558 1 : ret = options_validate(NULL, tdata->opt, &msg);
3559 1 : tt_int_op(ret, OP_EQ, -1);
3560 1 : tt_str_op(msg, OP_EQ,
3561 : "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3562 : "V3AuthVotingInterval");
3563 1 : tor_free(msg);
3564 :
3565 1 : free_options_test_data(tdata);
3566 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3567 : VALID_DIR_AUTH
3568 : "TestingTorNetwork 1\n"
3569 : "V3AuthVoteDelay 2\n"
3570 : "V3AuthDistDelay 2\n"
3571 : "V3AuthVotingInterval 10\n"
3572 : );
3573 1 : ret = options_validate(NULL, tdata->opt, &msg);
3574 1 : tt_int_op(ret, OP_EQ, 0);
3575 1 : tt_ptr_op(msg, OP_EQ, NULL);
3576 1 : tor_free(msg);
3577 :
3578 1 : free_options_test_data(tdata);
3579 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3580 : "V3AuthVoteDelay 49\n"
3581 : "V3AuthDistDelay 49\n"
3582 : "V3AuthVotingInterval 200000\n"
3583 : );
3584 1 : ret = options_validate(NULL, tdata->opt, &msg);
3585 1 : tt_int_op(ret, OP_EQ, -1);
3586 1 : tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high.");
3587 1 : tor_free(msg);
3588 :
3589 1 : free_options_test_data(tdata);
3590 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3591 : "V3AuthVoteDelay 49\n"
3592 : "V3AuthDistDelay 49\n"
3593 : "V3AuthVotingInterval 1441\n"
3594 : );
3595 1 : mock_clean_saved_logs();
3596 1 : ret = options_validate(NULL, tdata->opt, &msg);
3597 1 : tt_int_op(ret, OP_EQ, 0);
3598 1 : expect_log_msg("V3AuthVotingInterval does not divide"
3599 1 : " evenly into 24 hours.\n");
3600 1 : tor_free(msg);
3601 :
3602 1 : free_options_test_data(tdata);
3603 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3604 : "V3AuthVoteDelay 49\n"
3605 : "V3AuthDistDelay 49\n"
3606 : "V3AuthVotingInterval 1440\n"
3607 : );
3608 1 : mock_clean_saved_logs();
3609 1 : ret = options_validate(NULL, tdata->opt, &msg);
3610 1 : tt_int_op(ret, OP_EQ, 0);
3611 1 : expect_no_log_msg("V3AuthVotingInterval does not divide"
3612 : " evenly into 24 hours.\n");
3613 1 : tor_free(msg);
3614 :
3615 1 : free_options_test_data(tdata);
3616 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3617 : "V3AuthVoteDelay 49\n"
3618 : "V3AuthDistDelay 49\n"
3619 : "V3AuthVotingInterval 299\n"
3620 : VALID_DIR_AUTH
3621 : "TestingTorNetwork 1\n"
3622 : );
3623 1 : mock_clean_saved_logs();
3624 1 : ret = options_validate(NULL, tdata->opt, &msg);
3625 1 : tt_int_op(ret, OP_EQ, 0);
3626 1 : expect_log_msg("V3AuthVotingInterval is very low. "
3627 1 : "This may lead to failure to synchronise for a consensus.\n");
3628 1 : tor_free(msg);
3629 :
3630 1 : free_options_test_data(tdata);
3631 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3632 : "V3AuthVoteDelay 1\n"
3633 : "V3AuthDistDelay 1\n"
3634 : "V3AuthVotingInterval 9\n"
3635 : VALID_DIR_AUTH
3636 : "TestingTorNetwork 1\n"
3637 : );
3638 : /* We have to call the dirauth-specific function to reach this case */
3639 1 : ret = options_validate_dirauth_schedule(NULL, tdata->opt, &msg);
3640 1 : tt_int_op(ret, OP_EQ, -1);
3641 1 : tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3642 1 : tor_free(msg);
3643 :
3644 1 : free_options_test_data(tdata);
3645 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3646 : "TestingV3AuthInitialVoteDelay 1\n"
3647 : VALID_DIR_AUTH
3648 : "TestingTorNetwork 1\n"
3649 : );
3650 1 : ret = options_validate(NULL, tdata->opt, &msg);
3651 1 : tt_int_op(ret, OP_EQ, -1);
3652 1 : tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low.");
3653 1 : tor_free(msg);
3654 :
3655 1 : free_options_test_data(tdata);
3656 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3657 : "TestingV3AuthInitialDistDelay 1\n"
3658 : VALID_DIR_AUTH
3659 : "TestingTorNetwork 1\n"
3660 : );
3661 1 : ret = options_validate(NULL, tdata->opt, &msg);
3662 1 : tt_int_op(ret, OP_EQ, -1);
3663 1 : tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low.");
3664 1 : tor_free(msg);
3665 :
3666 1 : free_options_test_data(tdata);
3667 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3668 : VALID_DIR_AUTH
3669 : "TestingTorNetwork 1\n"
3670 : );
3671 1 : tdata->opt->TestingV3AuthVotingStartOffset = 100000;
3672 1 : ret = options_validate(NULL, tdata->opt, &msg);
3673 1 : tt_int_op(ret, OP_EQ, -1);
3674 1 : tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the "
3675 : "voting interval.");
3676 1 : tor_free(msg);
3677 :
3678 1 : free_options_test_data(tdata);
3679 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3680 : VALID_DIR_AUTH
3681 : "TestingTorNetwork 1\n"
3682 : );
3683 1 : tdata->opt->TestingV3AuthVotingStartOffset = -1;
3684 1 : ret = options_validate(NULL, tdata->opt, &msg);
3685 1 : tt_int_op(ret, OP_EQ, -1);
3686 1 : tt_str_op(msg, OP_EQ,
3687 : "TestingV3AuthVotingStartOffset must be non-negative.");
3688 1 : tor_free(msg);
3689 :
3690 1 : free_options_test_data(tdata);
3691 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3692 : VALID_DIR_AUTH
3693 : "TestingTorNetwork 1\n"
3694 : "TestingV3AuthInitialVotingInterval 4\n"
3695 : );
3696 1 : ret = options_validate(NULL, tdata->opt, &msg);
3697 1 : tt_int_op(ret, OP_EQ, -1);
3698 1 : tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low.");
3699 1 : tor_free(msg);
3700 :
3701 1 : free_options_test_data(tdata);
3702 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3703 : VALID_DIR_AUTH
3704 : "TestingTorNetwork 1\n"
3705 : "TestingV3AuthInitialVoteDelay 2\n"
3706 : "TestingV3AuthInitialDistDelay 2\n"
3707 : "TestingV3AuthInitialVotingInterval 5\n"
3708 : );
3709 1 : ret = options_validate(NULL, tdata->opt, &msg);
3710 1 : tt_int_op(ret, OP_EQ, 0);
3711 1 : tt_ptr_op(msg, OP_EQ, NULL);
3712 1 : tor_free(msg);
3713 :
3714 1 : free_options_test_data(tdata);
3715 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3716 : VALID_DIR_AUTH
3717 : "TestingTorNetwork 1\n"
3718 : "TestingV3AuthInitialVotingInterval 7\n"
3719 : );
3720 1 : ret = options_validate(NULL, tdata->opt, &msg);
3721 1 : tt_int_op(ret, OP_EQ, -1);
3722 1 : tt_str_op(msg, OP_EQ,
3723 : "TestingV3AuthInitialVotingInterval does not divide evenly into "
3724 : "30 minutes.");
3725 1 : tor_free(msg);
3726 :
3727 1 : free_options_test_data(tdata);
3728 1 : tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3729 : VALID_DIR_AUTH
3730 : "TestingTorNetwork 1\n"
3731 : "TestingV3AuthInitialVoteDelay 3\n"
3732 : "TestingV3AuthInitialDistDelay 3\n"
3733 : "TestingV3AuthInitialVotingInterval 5\n"
3734 : );
3735 1 : ret = options_validate(NULL, tdata->opt, &msg);
3736 1 : tt_int_op(ret, OP_EQ, -1);
3737 1 : tt_str_op(msg, OP_EQ,
3738 : "TestingV3AuthInitialVoteDelay plus "
3739 : "TestingV3AuthInitialDistDelay must be less than "
3740 : "TestingV3AuthInitialVotingInterval");
3741 1 : tor_free(msg);
3742 :
3743 1 : done:
3744 1 : policies_free_all();
3745 1 : teardown_capture_of_logs();
3746 1 : free_options_test_data(tdata);
3747 1 : tor_free(msg);
3748 1 : }
3749 :
3750 : static void
3751 1 : test_options_validate__virtual_addr(void *ignored)
3752 : {
3753 1 : (void)ignored;
3754 1 : int ret;
3755 1 : char *msg;
3756 1 : options_test_data_t *tdata = NULL;
3757 :
3758 1 : free_options_test_data(tdata);
3759 1 : tdata = get_options_test_data("VirtualAddrNetworkIPv4 !!");
3760 1 : ret = options_validate(NULL, tdata->opt, &msg);
3761 1 : tt_int_op(ret, OP_EQ, -1);
3762 1 : tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!");
3763 1 : tor_free(msg);
3764 :
3765 1 : free_options_test_data(tdata);
3766 1 : tdata = get_options_test_data("VirtualAddrNetworkIPv6 !!"
3767 : );
3768 1 : ret = options_validate(NULL, tdata->opt, &msg);
3769 1 : tt_int_op(ret, OP_EQ, -1);
3770 1 : tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!");
3771 1 : tor_free(msg);
3772 :
3773 1 : done:
3774 1 : escaped(NULL); // This will free the leaking memory from the previous escaped
3775 1 : policies_free_all();
3776 1 : free_options_test_data(tdata);
3777 1 : tor_free(msg);
3778 1 : }
3779 :
3780 : static void
3781 1 : test_options_validate__testing_options(void *ignored)
3782 : {
3783 1 : (void)ignored;
3784 1 : int ret;
3785 1 : char *msg;
3786 1 : options_test_data_t *tdata = NULL;
3787 1 : setup_capture_of_logs(LOG_WARN);
3788 :
3789 : #define TEST_TESTING_OPTION(name, accessor, \
3790 : low_val, high_val, err_low, EXTRA_OPT_STR) \
3791 : STMT_BEGIN \
3792 : free_options_test_data(tdata); \
3793 : tdata = get_options_test_data(EXTRA_OPT_STR \
3794 : VALID_DIR_AUTH \
3795 : "TestingTorNetwork 1\n" \
3796 : ); \
3797 : accessor(tdata->opt)->name = low_val; \
3798 : ret = options_validate(NULL, tdata->opt, &msg); \
3799 : tt_int_op(ret, OP_EQ, -1); \
3800 : tt_str_op(msg, OP_EQ, #name " " err_low); \
3801 : tor_free(msg); \
3802 : \
3803 : free_options_test_data(tdata); \
3804 : tdata = get_options_test_data(EXTRA_OPT_STR \
3805 : VALID_DIR_AUTH \
3806 : "TestingTorNetwork 1\n" \
3807 : ); \
3808 : accessor(tdata->opt)->name = high_val; \
3809 : mock_clean_saved_logs(); \
3810 : ret = options_validate(NULL, tdata->opt, &msg); \
3811 : tt_int_op(ret, OP_EQ, 0); \
3812 : tt_ptr_op(msg, OP_EQ, NULL); \
3813 : expect_log_msg( #name " is insanely high.\n"); \
3814 : tor_free(msg); \
3815 : STMT_END
3816 :
3817 1 : TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3818 : "is way too low.", "");
3819 1 : TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3820 : "is way too low.", "");
3821 :
3822 1 : TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3823 : "is way too low.", ENABLE_AUTHORITY_V3);
3824 1 : TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3825 : "is way too low.", ENABLE_AUTHORITY_V3);
3826 :
3827 1 : TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3828 : "is way too low.", ENABLE_AUTHORITY_BRIDGE);
3829 1 : TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3830 : "is way too low.", ENABLE_AUTHORITY_BRIDGE);
3831 :
3832 1 : free_options_test_data(tdata);
3833 1 : tdata = get_options_test_data("TestingEnableConnBwEvent 1\n");
3834 1 : ret = options_validate(NULL, tdata->opt, &msg);
3835 1 : tt_int_op(ret, OP_EQ, -1);
3836 1 : tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in "
3837 : "testing Tor networks!");
3838 1 : tor_free(msg);
3839 :
3840 1 : free_options_test_data(tdata);
3841 1 : tdata = get_options_test_data("TestingEnableConnBwEvent 1\n"
3842 : VALID_DIR_AUTH
3843 : "TestingTorNetwork 1\n"
3844 : "___UsingTestNetworkDefaults 0\n"
3845 : );
3846 :
3847 1 : ret = options_validate(NULL, tdata->opt, &msg);
3848 1 : tt_int_op(ret, OP_EQ, 0);
3849 1 : tt_assert(!msg);
3850 1 : tor_free(msg);
3851 :
3852 1 : free_options_test_data(tdata);
3853 1 : tdata = get_options_test_data("TestingEnableConnBwEvent 1\n"
3854 : VALID_DIR_AUTH
3855 : "TestingTorNetwork 0\n"
3856 : "___UsingTestNetworkDefaults 1\n"
3857 : );
3858 :
3859 1 : ret = options_validate(NULL, tdata->opt, &msg);
3860 1 : tt_int_op(ret, OP_EQ, 0);
3861 1 : tt_assert(!msg);
3862 1 : tor_free(msg);
3863 :
3864 1 : free_options_test_data(tdata);
3865 1 : tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n");
3866 1 : ret = options_validate(NULL, tdata->opt, &msg);
3867 1 : tt_int_op(ret, OP_EQ, -1);
3868 1 : tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in "
3869 : "testing Tor networks!");
3870 1 : tor_free(msg);
3871 :
3872 1 : free_options_test_data(tdata);
3873 1 : tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n"
3874 : VALID_DIR_AUTH
3875 : "TestingTorNetwork 1\n"
3876 : "___UsingTestNetworkDefaults 0\n"
3877 : );
3878 :
3879 1 : ret = options_validate(NULL, tdata->opt, &msg);
3880 1 : tt_int_op(ret, OP_EQ, 0);
3881 1 : tt_assert(!msg);
3882 1 : tor_free(msg);
3883 :
3884 1 : free_options_test_data(tdata);
3885 1 : tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n"
3886 : VALID_DIR_AUTH
3887 : "TestingTorNetwork 0\n"
3888 : "___UsingTestNetworkDefaults 1\n"
3889 : );
3890 :
3891 1 : ret = options_validate(NULL, tdata->opt, &msg);
3892 1 : tt_int_op(ret, OP_EQ, 0);
3893 1 : tt_assert(!msg);
3894 1 : tor_free(msg);
3895 :
3896 1 : free_options_test_data(tdata);
3897 1 : tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3898 : VALID_DIR_AUTH
3899 : "TestingTorNetwork 1\n"
3900 : "___UsingTestNetworkDefaults 0\n"
3901 : );
3902 :
3903 1 : ret = options_validate(NULL, tdata->opt, &msg);
3904 1 : tt_int_op(ret, OP_EQ, 0);
3905 1 : tt_assert(!msg);
3906 1 : tor_free(msg);
3907 :
3908 1 : free_options_test_data(tdata);
3909 1 : tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3910 : VALID_DIR_AUTH
3911 : "TestingTorNetwork 0\n"
3912 : "___UsingTestNetworkDefaults 1\n"
3913 : );
3914 :
3915 1 : ret = options_validate(NULL, tdata->opt, &msg);
3916 1 : tt_int_op(ret, OP_EQ, 0);
3917 1 : tt_assert(!msg);
3918 1 : tor_free(msg);
3919 :
3920 1 : done:
3921 1 : policies_free_all();
3922 1 : teardown_capture_of_logs();
3923 1 : free_options_test_data(tdata);
3924 1 : tor_free(msg);
3925 1 : }
3926 :
3927 : static void
3928 1 : test_options_validate__accel(void *ignored)
3929 : {
3930 1 : (void)ignored;
3931 1 : int ret;
3932 1 : char *msg;
3933 1 : options_test_data_t *tdata = NULL;
3934 :
3935 1 : free_options_test_data(tdata);
3936 1 : tdata = get_options_test_data("AccelName foo\n");
3937 1 : ret = options_validate(NULL, tdata->opt, &msg);
3938 1 : tt_int_op(ret, OP_EQ, 0);
3939 1 : tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 0);
3940 1 : tor_free(msg);
3941 :
3942 1 : free_options_test_data(tdata);
3943 1 : tdata = get_options_test_data("AccelName foo\n");
3944 1 : get_crypto_options(tdata->opt)->HardwareAccel = 2;
3945 1 : ret = options_validate(NULL, tdata->opt, &msg);
3946 1 : tt_int_op(ret, OP_EQ, 0);
3947 1 : tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 2);
3948 1 : tor_free(msg);
3949 :
3950 1 : free_options_test_data(tdata);
3951 1 : tdata = get_options_test_data("AccelDir 1\n");
3952 1 : ret = options_validate(NULL, tdata->opt, &msg);
3953 1 : tt_int_op(ret, OP_EQ, -1);
3954 1 : tt_str_op(msg, OP_EQ,
3955 : "Can't use hardware crypto accelerator dir without engine name.");
3956 1 : tor_free(msg);
3957 :
3958 1 : free_options_test_data(tdata);
3959 1 : tdata = get_options_test_data("AccelDir 1\n"
3960 : "AccelName something\n");
3961 1 : ret = options_validate(NULL, tdata->opt, &msg);
3962 1 : tt_int_op(ret, OP_EQ, 0);
3963 1 : tor_free(msg);
3964 :
3965 1 : done:
3966 1 : policies_free_all();
3967 1 : free_options_test_data(tdata);
3968 1 : tor_free(msg);
3969 1 : }
3970 :
3971 : static int mocked_granularity;
3972 :
3973 : static void
3974 6 : mock_set_log_time_granularity(int g)
3975 : {
3976 6 : mocked_granularity = g;
3977 6 : }
3978 :
3979 : static void
3980 1 : test_options_init_logs_granularity(void *arg)
3981 : {
3982 1 : options_test_data_t *tdata = get_options_test_data("");
3983 1 : int rv;
3984 1 : (void) arg;
3985 :
3986 1 : MOCK(set_log_time_granularity, mock_set_log_time_granularity);
3987 :
3988 : /* Reasonable value. */
3989 1 : tdata->opt->LogTimeGranularity = 100;
3990 1 : mocked_granularity = -1;
3991 1 : rv = options_init_logs(NULL, tdata->opt, 0);
3992 1 : tt_int_op(rv, OP_EQ, 0);
3993 1 : tt_int_op(mocked_granularity, OP_EQ, 100);
3994 :
3995 : /* Doesn't divide 1000. */
3996 1 : tdata->opt->LogTimeGranularity = 249;
3997 1 : mocked_granularity = -1;
3998 1 : rv = options_init_logs(NULL, tdata->opt, 0);
3999 1 : tt_int_op(rv, OP_EQ, 0);
4000 1 : tt_int_op(mocked_granularity, OP_EQ, 250);
4001 :
4002 : /* Doesn't divide 1000. */
4003 1 : tdata->opt->LogTimeGranularity = 3;
4004 1 : mocked_granularity = -1;
4005 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4006 1 : tt_int_op(rv, OP_EQ, 0);
4007 1 : tt_int_op(mocked_granularity, OP_EQ, 4);
4008 :
4009 : /* Not a multiple of 1000. */
4010 1 : tdata->opt->LogTimeGranularity = 1500;
4011 1 : mocked_granularity = -1;
4012 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4013 1 : tt_int_op(rv, OP_EQ, 0);
4014 1 : tt_int_op(mocked_granularity, OP_EQ, 2000);
4015 :
4016 : /* Reasonable value. */
4017 1 : tdata->opt->LogTimeGranularity = 3000;
4018 1 : mocked_granularity = -1;
4019 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4020 1 : tt_int_op(rv, OP_EQ, 0);
4021 1 : tt_int_op(mocked_granularity, OP_EQ, 3000);
4022 :
4023 : /* Negative. (Shouldn't be allowed by rest of config parsing.) */
4024 1 : tdata->opt->LogTimeGranularity = -1;
4025 1 : mocked_granularity = -1;
4026 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4027 1 : tt_int_op(rv, OP_EQ, -1);
4028 :
4029 : /* Very big */
4030 1 : tdata->opt->LogTimeGranularity = 3600 * 1000;
4031 1 : mocked_granularity = -1;
4032 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4033 1 : tt_int_op(rv, OP_EQ, 0);
4034 1 : tt_int_op(mocked_granularity, OP_EQ, 3600 * 1000);
4035 :
4036 1 : done:
4037 1 : free_options_test_data(tdata);
4038 1 : UNMOCK(set_log_time_granularity);
4039 1 : }
4040 :
4041 : typedef struct {
4042 : char *name;
4043 : log_severity_list_t sev;
4044 : int fd;
4045 : bool stream;
4046 : } added_log_t;
4047 :
4048 : static smartlist_t *added_logs = NULL;
4049 :
4050 : static void
4051 2 : mock_add_stream_log_impl(const log_severity_list_t *sev, const char *name,
4052 : int fd)
4053 : {
4054 2 : added_log_t *a = tor_malloc_zero(sizeof(added_log_t));
4055 2 : a->name = tor_strdup(name);
4056 2 : memcpy(&a->sev, sev, sizeof(log_severity_list_t));
4057 2 : a->fd = fd;
4058 2 : a->stream = true;
4059 2 : smartlist_add(added_logs, a);
4060 2 : }
4061 :
4062 : static int
4063 1 : mock_add_file_log(const log_severity_list_t *sev, const char *name, int fd)
4064 : {
4065 1 : added_log_t *a = tor_malloc_zero(sizeof(added_log_t));
4066 1 : a->name = tor_strdup(name);
4067 1 : memcpy(&a->sev, sev, sizeof(log_severity_list_t));
4068 1 : a->fd = fd;
4069 1 : smartlist_add(added_logs, a);
4070 1 : return 0;
4071 : }
4072 :
4073 : static void
4074 3 : clear_added_logs(void)
4075 : {
4076 6 : SMARTLIST_FOREACH(added_logs, added_log_t *, a,
4077 : { tor_free(a->name); tor_free(a); });
4078 3 : smartlist_clear(added_logs);
4079 3 : }
4080 :
4081 : static void
4082 1 : test_options_init_logs_quiet(void *arg)
4083 : {
4084 1 : (void)arg;
4085 1 : char *cfg = NULL;
4086 1 : options_test_data_t *tdata = get_options_test_data("");
4087 1 : char *fn1 = tor_strdup(get_fname_rnd("log"));
4088 1 : const added_log_t *a;
4089 1 : int rv;
4090 1 : tdata->opt->RunAsDaemon = 0;
4091 :
4092 1 : added_logs = smartlist_new();
4093 1 : MOCK(add_stream_log_impl, mock_add_stream_log_impl);
4094 1 : MOCK(add_file_log, mock_add_file_log);
4095 :
4096 1 : tt_ptr_op(tdata->opt->Logs, OP_EQ, NULL);
4097 :
4098 : /* First, try with no configured logs, and make sure that our configured
4099 : logs match the quiet level. */
4100 1 : quiet_level = QUIET_SILENT;
4101 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4102 1 : tt_int_op(rv, OP_EQ, 0);
4103 1 : tt_int_op(smartlist_len(added_logs), OP_EQ, 0);
4104 :
4105 1 : quiet_level = QUIET_HUSH;
4106 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4107 1 : tt_int_op(rv, OP_EQ, 0);
4108 1 : tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4109 1 : a = smartlist_get(added_logs, 0);
4110 1 : tt_assert(a);
4111 1 : tt_assert(a->stream);
4112 1 : tt_int_op(a->fd, OP_EQ, fileno(stdout));
4113 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0);
4114 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ, 0);
4115 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4116 1 : clear_added_logs();
4117 :
4118 1 : quiet_level = QUIET_NONE;
4119 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4120 1 : tt_int_op(rv, OP_EQ, 0);
4121 1 : tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4122 1 : a = smartlist_get(added_logs, 0);
4123 1 : tt_assert(a);
4124 1 : tt_assert(a->stream);
4125 1 : tt_int_op(a->fd, OP_EQ, fileno(stdout));
4126 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0);
4127 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ,
4128 : LD_ALL_DOMAINS);
4129 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4130 1 : clear_added_logs();
4131 :
4132 : /* Make sure that adding a configured log makes the default logs go away. */
4133 1 : tor_asprintf(&cfg, "Log info file %s\n", fn1);
4134 1 : free_options_test_data(tdata);
4135 1 : tdata = get_options_test_data(cfg);
4136 1 : rv = options_init_logs(NULL, tdata->opt, 0);
4137 1 : tt_int_op(rv, OP_EQ, 0);
4138 1 : tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4139 1 : a = smartlist_get(added_logs, 0);
4140 1 : tt_assert(a);
4141 1 : tt_assert(! a->stream);
4142 1 : tt_int_op(a->fd, OP_NE, fileno(stdout));
4143 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, LD_ALL_DOMAINS);
4144 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ,
4145 : LD_ALL_DOMAINS);
4146 1 : tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4147 :
4148 1 : done:
4149 1 : free_options_test_data(tdata);
4150 1 : tor_free(fn1);
4151 1 : tor_free(cfg);
4152 1 : clear_added_logs();
4153 1 : smartlist_free(added_logs);
4154 1 : UNMOCK(add_stream_log_impl);
4155 1 : UNMOCK(add_file_log);
4156 1 : }
4157 :
4158 : static int mock_options_act_status = 0;
4159 : static int
4160 2 : mock_options_act(const or_options_t *old_options)
4161 : {
4162 2 : (void)old_options;
4163 2 : return mock_options_act_status;
4164 : }
4165 : static int
4166 2 : mock_options_act_reversible(const or_options_t *old_options, char **msg_out)
4167 : {
4168 2 : (void)old_options;
4169 2 : (void)msg_out;
4170 2 : return 0;
4171 : }
4172 :
4173 : static void
4174 1 : test_options_trial_assign(void *arg)
4175 : {
4176 1 : (void)arg;
4177 1 : setopt_err_t v;
4178 1 : config_line_t *lines = NULL;
4179 1 : char *msg = NULL;
4180 1 : int r;
4181 :
4182 : // replace options_act*() so that we don't actually launch tor here.
4183 1 : MOCK(options_act, mock_options_act);
4184 1 : MOCK(options_act_reversible, mock_options_act_reversible);
4185 :
4186 : // Try assigning nothing; that should work.
4187 1 : v = options_trial_assign(lines, 0, &msg);
4188 1 : if (msg)
4189 0 : puts(msg);
4190 1 : tt_ptr_op(msg, OP_EQ, NULL);
4191 1 : tt_int_op(v, OP_EQ, SETOPT_OK);
4192 :
4193 : // Assigning a nickname is okay
4194 1 : r = config_get_lines("Nickname Hemiramphinae", &lines, 0);
4195 1 : tt_int_op(r, OP_EQ, 0);
4196 1 : v = options_trial_assign(lines, 0, &msg);
4197 1 : tt_ptr_op(msg, OP_EQ, NULL);
4198 1 : tt_int_op(v, OP_EQ, SETOPT_OK);
4199 1 : tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae");
4200 1 : config_free_lines(lines);
4201 :
4202 : // We can't change the User; that's a transition error.
4203 1 : r = config_get_lines("User Heraclitus", &lines, 0);
4204 1 : tt_int_op(r, OP_EQ, 0);
4205 1 : v = options_trial_assign(lines, 0, &msg);
4206 1 : tt_int_op(v, OP_EQ, SETOPT_ERR_TRANSITION);
4207 1 : tt_str_op(msg, OP_EQ, "While Tor is running, changing User is not allowed");
4208 1 : tor_free(msg);
4209 1 : config_free_lines(lines);
4210 :
4211 : // We can't set the ORPort to nonsense: that's a validation error.
4212 1 : r = config_get_lines("ORPort fractabling planished", &lines, 0);
4213 1 : tt_int_op(r, OP_EQ, 0);
4214 1 : v = options_trial_assign(lines, 0, &msg);
4215 1 : tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE); // (same error code for now)
4216 1 : tt_str_op(msg, OP_EQ, "Invalid ORPort configuration");
4217 1 : tor_free(msg);
4218 1 : config_free_lines(lines);
4219 :
4220 : // We can't set UseBridges to a non-boolean: that's a parse error.
4221 1 : r = config_get_lines("UseBridges ambidextrous", &lines, 0);
4222 1 : tt_int_op(r, OP_EQ, 0);
4223 1 : v = options_trial_assign(lines, 0, &msg);
4224 1 : tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE);
4225 1 : tt_str_op(msg, OP_EQ,
4226 : "Could not parse UseBridges: Unrecognized value ambidextrous. "
4227 : "Allowed values are 0 and 1.");
4228 1 : tor_free(msg);
4229 1 : config_free_lines(lines);
4230 :
4231 : // this didn't change.
4232 1 : tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae");
4233 :
4234 1 : done:
4235 1 : config_free_lines(lines);
4236 1 : tor_free(msg);
4237 1 : UNMOCK(options_act);
4238 1 : UNMOCK(options_act_reversible);
4239 1 : }
4240 :
4241 : #ifndef COCCI
4242 : #define LOCAL_VALIDATE_TEST(name) \
4243 : { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
4244 : #endif
4245 :
4246 : struct testcase_t options_tests[] = {
4247 : { "validate", test_options_validate, TT_FORK, NULL, NULL },
4248 : { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL },
4249 : LOCAL_VALIDATE_TEST(uname_for_server),
4250 : LOCAL_VALIDATE_TEST(outbound_addresses),
4251 : LOCAL_VALIDATE_TEST(data_directory),
4252 : LOCAL_VALIDATE_TEST(nickname),
4253 : LOCAL_VALIDATE_TEST(contactinfo),
4254 : LOCAL_VALIDATE_TEST(logs),
4255 : LOCAL_VALIDATE_TEST(authdir),
4256 : LOCAL_VALIDATE_TEST(relay_with_hidden_services),
4257 : LOCAL_VALIDATE_TEST(listen_ports),
4258 : LOCAL_VALIDATE_TEST(transproxy),
4259 : LOCAL_VALIDATE_TEST(exclude_nodes),
4260 : LOCAL_VALIDATE_TEST(node_families),
4261 : LOCAL_VALIDATE_TEST(token_bucket),
4262 : LOCAL_VALIDATE_TEST(fetch_dir),
4263 : LOCAL_VALIDATE_TEST(conn_limit),
4264 : LOCAL_VALIDATE_TEST(paths_needed),
4265 : LOCAL_VALIDATE_TEST(max_client_circuits),
4266 : LOCAL_VALIDATE_TEST(ports),
4267 : LOCAL_VALIDATE_TEST(reachable_addresses),
4268 : LOCAL_VALIDATE_TEST(use_bridges),
4269 : LOCAL_VALIDATE_TEST(entry_nodes),
4270 : LOCAL_VALIDATE_TEST(safe_logging),
4271 : LOCAL_VALIDATE_TEST(publish_server_descriptor),
4272 : LOCAL_VALIDATE_TEST(testing),
4273 : LOCAL_VALIDATE_TEST(hidserv),
4274 : LOCAL_VALIDATE_TEST(path_bias),
4275 : LOCAL_VALIDATE_TEST(bandwidth),
4276 : LOCAL_VALIDATE_TEST(circuits),
4277 : LOCAL_VALIDATE_TEST(rend),
4278 : LOCAL_VALIDATE_TEST(single_onion),
4279 : LOCAL_VALIDATE_TEST(accounting),
4280 : LOCAL_VALIDATE_TEST(proxy),
4281 : LOCAL_VALIDATE_TEST(control),
4282 : LOCAL_VALIDATE_TEST(families),
4283 : LOCAL_VALIDATE_TEST(addr_policies),
4284 : LOCAL_VALIDATE_TEST(dir_auth),
4285 : LOCAL_VALIDATE_TEST(transport),
4286 : LOCAL_VALIDATE_TEST(constrained_sockets),
4287 : LOCAL_VALIDATE_TEST(v3_auth),
4288 : LOCAL_VALIDATE_TEST(virtual_addr),
4289 : LOCAL_VALIDATE_TEST(testing_options),
4290 : LOCAL_VALIDATE_TEST(accel),
4291 : { "init_logs/granularity", test_options_init_logs_granularity, TT_FORK,
4292 : NULL, NULL },
4293 : { "init_logs/quiet", test_options_init_logs_quiet, TT_FORK,
4294 : NULL, NULL },
4295 : { "trial_assign", test_options_trial_assign, TT_FORK, NULL, NULL },
4296 : END_OF_TESTCASES /* */
4297 : };
|
