1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define CONFIG_PRIVATE
7 #define RELAY_CONFIG_PRIVATE
8 #define LOG_PRIVATE
9 #define ROUTERSET_PRIVATE
10 #include "core/or/or.h"
11 #include "lib/confmgt/confmgt.h"
12 #include "app/config/config.h"
13 #include "feature/dirauth/dirauth_config.h"
14 #include "feature/dirauth/dirauth_options_st.h"
15 #include "feature/dirauth/dirauth_sys.h"
16 #include "feature/relay/relay_config.h"
17 #include "test/test.h"
18 #include "lib/geoip/geoip.h"
19
20 #include "feature/nodelist/routerset.h"
21 #include "core/mainloop/mainloop.h"
22 #include "app/main/subsysmgr.h"
23 #include "test/log_test_helpers.h"
24 #include "test/resolve_test_helpers.h"
25 #include "lib/crypt_ops/crypto_options_st.h"
26 #include "lib/crypt_ops/crypto_sys.h"
27
28 #include "lib/sandbox/sandbox.h"
29 #include "lib/memarea/memarea.h"
30 #include "lib/osinfo/uname.h"
31 #include "lib/encoding/confline.h"
32 #include "core/or/policies.h"
33 #include "test/test_helpers.h"
34 #include "test/opts_test_helpers.h"
35 #include "lib/net/resolve.h"
36
37 #ifdef HAVE_SYS_PARAM_H
38 #include <sys/param.h>
39 #endif
40
41 typedef struct {
42 int severity;
43 log_domain_mask_t domain;
44 char *msg;
45 } logmsg_t;
46
47 static smartlist_t *messages = NULL;
48
49 static void
log_cback(int severity,log_domain_mask_t domain,const char * msg)50 log_cback(int severity, log_domain_mask_t domain, const char *msg)
51 {
52 logmsg_t *x = tor_malloc(sizeof(*x));
53 x->severity = severity;
54 x->domain = domain;
55 x->msg = tor_strdup(msg);
56 if (!messages)
57 messages = smartlist_new();
58 smartlist_add(messages, x);
59 }
60
61 static void
setup_log_callback(void)62 setup_log_callback(void)
63 {
64 log_severity_list_t lst;
65 memset(&lst, 0, sizeof(lst));
66 lst.masks[SEVERITY_MASK_IDX(LOG_ERR)] = LD_ALL_DOMAINS;
67 lst.masks[SEVERITY_MASK_IDX(LOG_WARN)] = LD_ALL_DOMAINS;
68 lst.masks[SEVERITY_MASK_IDX(LOG_NOTICE)] = LD_ALL_DOMAINS;
69 add_callback_log(&lst, log_cback);
70 mark_logs_temp();
71 }
72
73 static char *
dump_logs(void)74 dump_logs(void)
75 {
76 smartlist_t *msgs;
77 char *out;
78 if (! messages)
79 return tor_strdup("");
80 msgs = smartlist_new();
81 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, x) {
82 smartlist_add_asprintf(msgs, "[%s] %s",
83 log_level_to_string(x->severity), x->msg);
84 } SMARTLIST_FOREACH_END(x);
85 out = smartlist_join_strings(msgs, "", 0, NULL);
86 SMARTLIST_FOREACH(msgs, char *, cp, tor_free(cp));
87 smartlist_free(msgs);
88 return out;
89 }
90
91 static void
clear_log_messages(void)92 clear_log_messages(void)
93 {
94 if (!messages)
95 return;
96 SMARTLIST_FOREACH(messages, logmsg_t *, m,
97 { tor_free(m->msg); tor_free(m); });
98 smartlist_free(messages);
99 messages = NULL;
100 }
101
102 #define setup_options(opt) \
103 do { \
104 opt = options_new(); \
105 opt->command = CMD_RUN_TOR; \
106 options_init(opt); \
107 } while (0)
108
109 #ifdef COCCI
110
111 #define ENABLE_AUTHORITY_MIN ""
112 #define ENABLE_AUTHORITY_V3_MIN ""
113 #define ENABLE_AUTHORITY_BRIDGE_MIN ""
114 #define AUTHORITY_OPT_REQ_ ""
115 #define ENABLE_AUTHORITY ""
116 #define ENABLE_AUTHORITY_V3 ""
117 #define ENABLE_AUTHORITY_BRIDGE ""
118
119 #else /* !defined(COCCI) */
120
121 #define ENABLE_AUTHORITY_MIN \
122 "AuthoritativeDirectory 1\n"
123
124 #define ENABLE_AUTHORITY_V3_MIN \
125 ENABLE_AUTHORITY_MIN \
126 "V3AuthoritativeDir 1\n"
127
128 #define ENABLE_AUTHORITY_BRIDGE_MIN \
129 ENABLE_AUTHORITY_MIN \
130 "BridgeAuthoritativeDir 1\n"
131
132 #define AUTHORITY_OPT_REQ_ \
133 "Address 192.0.2.111\n" \
134 "ContactInfo a@example.org\n" \
135 "DirPort 1025\n" \
136 "ORPort 1026\n"
137
138 /* Not actually valid: requires v3 / bridge */
139 #define ENABLE_AUTHORITY \
140 ENABLE_AUTHORITY_MIN \
141 AUTHORITY_OPT_REQ_
142
143 #define ENABLE_AUTHORITY_V3 \
144 ENABLE_AUTHORITY_V3_MIN \
145 AUTHORITY_OPT_REQ_
146
147 #define ENABLE_AUTHORITY_BRIDGE \
148 ENABLE_AUTHORITY_BRIDGE_MIN \
149 AUTHORITY_OPT_REQ_
150
151 #endif /* defined(COCCI) */
152
153 #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \
154 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
155 " 083C 538F 4403 8BBF A077 587D D755\n"
156 #define VALID_ALT_BRIDGE_AUTH \
157 "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \
158 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
159 " 083C 538F 4403 8BBF A077 587D D755\n"
160 #define VALID_ALT_DIR_AUTH \
161 "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \
162 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
163 " 083C 538F 4403 8BBF A077 587D D755\n"
164
165 static int
test_options_checklog(const char * configuration,int expect_log_severity,const char * expect_log)166 test_options_checklog(const char *configuration, int expect_log_severity,
167 const char *expect_log)
168 {
169 int found = 0, ret = -1;
170 char *actual_log = NULL;
171
172 if (messages) {
173 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, m) {
174 if (m->severity == expect_log_severity &&
175 strstr(m->msg, expect_log)) {
176 found = 1;
177 break;
178 }
179 } SMARTLIST_FOREACH_END(m);
180 }
181 if (!found) {
182 actual_log = dump_logs();
183 TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.",
184 log_level_to_string(expect_log_severity), expect_log,
185 configuration, actual_log));
186 }
187 ret = 0;
188
189 done:
190 tor_free(actual_log);
191 return ret;
192 }
193
194 static int
test_options_checkmsgs(const char * configuration,const char * expect_errmsg,int expect_log_severity,const char * expect_log,char * msg)195 test_options_checkmsgs(const char *configuration,
196 const char *expect_errmsg,
197 int expect_log_severity,
198 const char *expect_log,
199 char *msg)
200 {
201 if (expect_errmsg && !msg) {
202 TT_DIE(("Expected error message <%s> from <%s>, but got none.",
203 expect_errmsg, configuration));
204 } else if (expect_errmsg && !strstr(msg, expect_errmsg)) {
205 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
206 expect_errmsg, configuration, msg));
207 } else if (!expect_errmsg && msg) {
208 TT_DIE(("Expected no error message from <%s> but got <%s>.",
209 configuration, msg));
210 }
211 if (expect_log) {
212 return test_options_checklog(configuration, expect_log_severity,
213 expect_log);
214 }
215 return 0;
216
217 done:
218 return -1;
219 }
220
221 /* Which phases of config parsing/validation to check for messages/logs */
222 enum { PH_GETLINES, PH_ASSIGN, PH_VALIDATE };
223
224 static void
test_options_validate_impl(const char * configuration,const char * expect_errmsg,int expect_log_severity,const char * expect_log,int phase)225 test_options_validate_impl(const char *configuration,
226 const char *expect_errmsg,
227 int expect_log_severity,
228 const char *expect_log,
229 int phase)
230 {
231 or_options_t *opt=NULL;
232 config_line_t *cl=NULL;
233 char *msg=NULL;
234 int r;
235
236 setup_options(opt);
237
238 r = config_get_lines(configuration, &cl, 1);
239 if (phase == PH_GETLINES) {
240 if (test_options_checkmsgs(configuration, expect_errmsg,
241 expect_log_severity,
242 expect_log, msg))
243 goto done;
244 }
245 if (r)
246 goto done;
247
248 r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
249 if (phase == PH_ASSIGN) {
250 if (test_options_checkmsgs(configuration, expect_errmsg,
251 expect_log_severity,
252 expect_log, msg))
253 goto done;
254 }
255 tt_int_op((r == 0), OP_EQ, (msg == NULL));
256 if (r)
257 goto done;
258
259 r = options_validate(NULL, opt, &msg);
260 if (phase == PH_VALIDATE) {
261 if (test_options_checkmsgs(configuration, expect_errmsg,
262 expect_log_severity,
263 expect_log, msg))
264 goto done;
265 }
266 tt_int_op((r == 0), OP_EQ, (msg == NULL));
267
268 done:
269 escaped(NULL);
270 policies_free_all();
271 config_free_lines(cl);
272 or_options_free(opt);
273 tor_free(msg);
274 clear_log_messages();
275 }
276
277 #define WANT_ERR(config, msg, ph) \
278 test_options_validate_impl((config), (msg), 0, NULL, (ph))
279 #define WANT_LOG(config, severity, msg, ph) \
280 test_options_validate_impl((config), NULL, (severity), (msg), (ph))
281 #define WANT_ERR_LOG(config, msg, severity, logmsg, ph) \
282 test_options_validate_impl((config), (msg), (severity), (logmsg), (ph))
283 #define OK(config, ph) \
284 test_options_validate_impl((config), NULL, 0, NULL, (ph))
285
286 static void
test_options_validate(void * arg)287 test_options_validate(void *arg)
288 {
289 (void)arg;
290 setup_log_callback();
291 sandbox_disable_getaddrinfo_cache();
292 mock_hostname_resolver();
293
294 WANT_ERR("ExtORPort 500000", "Invalid ExtORPort", PH_VALIDATE);
295
296 WANT_ERR_LOG("ServerTransportOptions trebuchet",
297 "ServerTransportOptions did not parse",
298 LOG_WARN, "Too few arguments", PH_VALIDATE);
299 OK("ServerTransportOptions trebuchet sling=snappy", PH_VALIDATE);
300 OK("ServerTransportOptions trebuchet sling=", PH_VALIDATE);
301 WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy",
302 "ServerTransportOptions did not parse",
303 LOG_WARN, "\"slingsnappy\" is not a k=v", PH_VALIDATE);
304
305 WANT_ERR("BridgeRelay 1\nDirCache 0",
306 "We're a bridge but DirCache is disabled.", PH_VALIDATE);
307
308 WANT_ERR("HeartbeatPeriod 21 snarks",
309 "Unknown unit in 21 snarks", PH_ASSIGN);
310 WANT_ERR("LogTimeGranularity 21 snarks",
311 "Unknown unit in 21 snarks", PH_ASSIGN);
312 OK("HeartbeatPeriod 1 hour", PH_VALIDATE);
313 OK("LogTimeGranularity 100 milliseconds", PH_VALIDATE);
314
315 WANT_LOG("ControlSocket \"string with trailing garbage\" bogus", LOG_WARN,
316 "Error while parsing configuration: "
317 "Excess data after quoted string", PH_GETLINES);
318 WANT_LOG("ControlSocket \"bogus escape \\@\"", LOG_WARN,
319 "Error while parsing configuration: "
320 "Invalid escape sequence in quoted string", PH_GETLINES);
321
322 close_temp_logs();
323 clear_log_messages();
324 unmock_hostname_resolver();
325 return;
326 }
327
328 #define MEGABYTEIFY(mb) (UINT64_C(mb) << 20)
329 static void
test_have_enough_mem_for_dircache(void * arg)330 test_have_enough_mem_for_dircache(void *arg)
331 {
332 (void)arg;
333 or_options_t *opt=NULL;
334 config_line_t *cl=NULL;
335 char *msg=NULL;
336 int r;
337 const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg;
338
339 setup_options(opt);
340 setup_log_callback();
341
342 r = config_get_lines(configuration, &cl, 1);
343 tt_int_op(r, OP_EQ, 0);
344
345 r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
346 tt_int_op(r, OP_EQ, 0);
347
348 /* 300 MB RAM available, DirCache enabled */
349 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
350 tt_int_op(r, OP_EQ, 0);
351 tt_ptr_op(msg, OP_EQ, NULL);
352
353 /* 200 MB RAM available, DirCache enabled */
354 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
355 tt_int_op(r, OP_EQ, -1);
356 expect_errmsg = "Being a directory cache (default) with less than ";
357 if (!strstr(msg, expect_errmsg)) {
358 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
359 expect_errmsg, configuration, msg));
360 }
361 tor_free(msg);
362
363 config_free_lines(cl); cl = NULL;
364 configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1";
365 r = config_get_lines(configuration, &cl, 1);
366 tt_int_op(r, OP_EQ, 0);
367
368 r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
369 tt_int_op(r, OP_EQ, 0);
370
371 /* 300 MB RAM available, DirCache enabled, Bridge */
372 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
373 tt_int_op(r, OP_EQ, 0);
374 tt_ptr_op(msg, OP_EQ, NULL);
375
376 /* 200 MB RAM available, DirCache enabled, Bridge */
377 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
378 tt_int_op(r, OP_EQ, -1);
379 expect_errmsg = "Running a Bridge with less than ";
380 if (!strstr(msg, expect_errmsg)) {
381 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
382 expect_errmsg, configuration, msg));
383 }
384 tor_free(msg);
385
386 config_free_lines(cl); cl = NULL;
387 configuration = "ORPort 8080\nDirCache 0";
388 r = config_get_lines(configuration, &cl, 1);
389 tt_int_op(r, OP_EQ, 0);
390
391 r = config_assign(get_options_mgr(), opt, cl, 0, &msg);
392 tt_int_op(r, OP_EQ, 0);
393
394 /* 200 MB RAM available, DirCache disabled */
395 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
396 tt_int_op(r, OP_EQ, 0);
397 tt_ptr_op(msg, OP_EQ, NULL);
398
399 /* 300 MB RAM available, DirCache disabled */
400 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
401 tt_int_op(r, OP_EQ, -1);
402 expect_errmsg = "DirCache is disabled and we are configured as a ";
403 if (!strstr(msg, expect_errmsg)) {
404 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
405 expect_errmsg, configuration, msg));
406 }
407 tor_free(msg);
408
409 clear_log_messages();
410
411 done:
412 if (msg)
413 tor_free(msg);
414 or_options_free(opt);
415 config_free_lines(cl);
416 return;
417 }
418
419 static const char *fixed_get_uname_result = NULL;
420
421 static const char *
fixed_get_uname(void)422 fixed_get_uname(void)
423 {
424 return fixed_get_uname_result;
425 }
426
427 typedef struct {
428 or_options_t *opt;
429 } options_test_data_t;
430
431 static void free_options_test_data(options_test_data_t *td);
432
433 static options_test_data_t *
get_options_test_data(const char * conf)434 get_options_test_data(const char *conf)
435 {
436 int rv = -1;
437 char *msg = NULL;
438 config_line_t *cl=NULL;
439 options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
440 result->opt = options_new();
441
442 options_init(result->opt);
443
444 rv = config_get_lines(conf, &cl, 1);
445 tt_int_op(rv, OP_EQ, 0);
446 rv = config_assign(get_options_mgr(), result->opt, cl, 0, &msg);
447 if (msg) {
448 /* Display the parse error message by comparing it with an empty string */
449 tt_str_op(msg, OP_EQ, "");
450 }
451 tt_int_op(rv, OP_EQ, 0);
452 config_free_lines(cl);
453 result->opt->LogTimeGranularity = 1;
454 result->opt->TokenBucketRefillInterval = 1;
455 rv = config_get_lines("", &cl, 1);
456 tt_int_op(rv, OP_EQ, 0);
457
458 done:
459 config_free_lines(cl);
460 if (rv != 0) {
461 free_options_test_data(result);
462 result = NULL;
463 /* Callers expect a non-NULL result, so just die if we can't provide one.
464 */
465 tor_assert(0);
466 }
467 return result;
468 }
469
470 static void
free_options_test_data(options_test_data_t * td)471 free_options_test_data(options_test_data_t *td)
472 {
473 if (!td) return;
474 or_options_free(td->opt);
475 tor_free(td);
476 }
477
478 static void
test_options_validate__uname_for_server(void * ignored)479 test_options_validate__uname_for_server(void *ignored)
480 {
481 (void)ignored;
482 char *msg;
483
484 #ifndef _WIN32
485 int unset_home_env = 0;
486 if (setenv("HOME", "/home/john", 0) == 0)
487 unset_home_env = 1;
488 #endif
489
490 options_test_data_t *tdata = get_options_test_data(
491 "ORPort 127.0.0.1:5555\n"
492 "ContactInfo nobody@example.com");
493 setup_capture_of_logs(LOG_WARN);
494
495 MOCK(get_uname, fixed_get_uname);
496 fixed_get_uname_result = "Windows 95";
497 options_validate(NULL, tdata->opt, &msg);
498 expect_log_msg("Tor is running as a server, but you"
499 " are running Windows 95; this probably won't work. See https://www"
500 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
501 tor_free(msg);
502
503 fixed_get_uname_result = "Windows 98";
504 mock_clean_saved_logs();
505 options_validate(NULL, tdata->opt, &msg);
506 expect_log_msg("Tor is running as a server, but you"
507 " are running Windows 98; this probably won't work. See https://www"
508 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
509 tor_free(msg);
510
511 fixed_get_uname_result = "Windows Me";
512 mock_clean_saved_logs();
513 options_validate(NULL, tdata->opt, &msg);
514 expect_log_msg("Tor is running as a server, but you"
515 " are running Windows Me; this probably won't work. See https://www"
516 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
517 tor_free(msg);
518
519 fixed_get_uname_result = "Windows 2000";
520 mock_clean_saved_logs();
521 options_validate(NULL, tdata->opt, &msg);
522 expect_no_log_msg("Tor is running as a server, but you ");
523 tor_free(msg);
524
525 done:
526 UNMOCK(get_uname);
527 free_options_test_data(tdata);
528 tor_free(msg);
529 teardown_capture_of_logs();
530 #ifndef _WIN32
531 if (unset_home_env)
532 unsetenv("HOME");
533 #endif
534 }
535
536 static void
test_options_validate__outbound_addresses(void * ignored)537 test_options_validate__outbound_addresses(void *ignored)
538 {
539 (void)ignored;
540 int ret;
541 char *msg;
542 options_test_data_t *tdata = get_options_test_data(
543 "OutboundBindAddress xxyy!!!sdfaf");
544
545 ret = options_validate(NULL, tdata->opt, &msg);
546 tt_int_op(ret, OP_EQ, -1);
547 tt_str_op(msg, OP_EQ, "Multiple outbound bind addresses configured: "
548 "xxyy!!!sdfaf");
549
550 done:
551 free_options_test_data(tdata);
552 tor_free(msg);
553 }
554
555 static void
test_options_validate__data_directory(void * ignored)556 test_options_validate__data_directory(void *ignored)
557 {
558 (void)ignored;
559 int ret;
560 char *msg;
561 options_test_data_t *tdata = get_options_test_data(
562 "DataDirectory longreallyl"
563 "ongLONGLONGlongreallylong"
564 "LONGLONGlongreallylongLON"
565 "GLONGlongreallylongLONGLO"
566 "NGlongreallylongLONGLONGl"
567 "ongreallylongLONGLONGlong"
568 "reallylongLONGLONGlongrea"
569 "llylongLONGLONGlongreally"
570 "longLONGLONGlongreallylon"
571 "gLONGLONGlongreallylongLO"
572 "NGLONGlongreallylongLONGL"
573 "ONGlongreallylongLONGLONG"
574 "longreallylongLONGLONGlon"
575 "greallylongLONGLONGlongre"
576 "allylongLONGLONGlongreall"
577 "ylongLONGLONGlongreallylo"
578 "ngLONGLONGlongreallylongL"
579 "ONGLONGlongreallylongLONG"
580 "LONG"); // 440 characters
581
582 ret = options_validate(NULL, tdata->opt, &msg);
583 tt_int_op(ret, OP_EQ, -1);
584 tt_str_op(msg, OP_EQ, "Invalid DataDirectory");
585
586 done:
587 free_options_test_data(tdata);
588 tor_free(msg);
589 }
590
591 static void
test_options_validate__nickname(void * ignored)592 test_options_validate__nickname(void *ignored)
593 {
594 (void)ignored;
595 int ret;
596 char *msg;
597 options_test_data_t *tdata = get_options_test_data(
598 "Nickname ThisNickNameIsABitTooLong");
599
600 ret = options_validate(NULL, tdata->opt, &msg);
601 tt_int_op(ret, OP_EQ, -1);
602 tt_str_op(msg, OP_EQ,
603 "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between "
604 "1 and 19 characters inclusive, and must contain only the "
605 "characters [a-zA-Z0-9].");
606 tor_free(msg);
607
608 free_options_test_data(tdata);
609 tdata = get_options_test_data("Nickname AMoreValidNick");
610 ret = options_validate(NULL, tdata->opt, &msg);
611 tt_int_op(ret, OP_EQ, 0);
612 tor_free(msg);
613
614 free_options_test_data(tdata);
615 tdata = get_options_test_data("DataDirectory /tmp/somewhere");
616 ret = options_validate(NULL, tdata->opt, &msg);
617 tt_int_op(ret, OP_EQ, 0);
618
619 done:
620 free_options_test_data(tdata);
621 tor_free(msg);
622 }
623
624 static void
test_options_validate__contactinfo(void * ignored)625 test_options_validate__contactinfo(void *ignored)
626 {
627 (void)ignored;
628 int ret;
629 char *msg;
630 options_test_data_t *tdata = get_options_test_data(
631 "ORPort 127.0.0.1:5555");
632 setup_capture_of_logs(LOG_DEBUG);
633 tdata->opt->ContactInfo = NULL;
634
635 ret = options_validate(NULL, tdata->opt, &msg);
636 tt_int_op(ret, OP_EQ, 0);
637 expect_log_msg(
638 "Your ContactInfo config option is not set. Please strongly "
639 "consider setting it, so we can contact you if your relay is "
640 "misconfigured, end-of-life, or something else goes wrong. It "
641 "is also possible that your relay might get rejected from the "
642 "network due to a missing valid contact address.\n");
643 tor_free(msg);
644
645 free_options_test_data(tdata);
646 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
647 "ContactInfo hella@example.org");
648 mock_clean_saved_logs();
649 ret = options_validate(NULL, tdata->opt, &msg);
650 tt_int_op(ret, OP_EQ, 0);
651 expect_no_log_msg(
652 "Your ContactInfo config option is not set. Please strongly "
653 "consider setting it, so we can contact you if your relay is "
654 "misconfigured, end-of-life, or something else goes wrong. It "
655 "is also possible that your relay might get rejected from the "
656 "network due to a missing valid contact address.\n");
657 tor_free(msg);
658
659 done:
660 teardown_capture_of_logs();
661 free_options_test_data(tdata);
662 tor_free(msg);
663 }
664
665 static void
test_options_validate__logs(void * ignored)666 test_options_validate__logs(void *ignored)
667 {
668 (void)ignored;
669 int ret;
670 (void)ret;
671 char *msg;
672 int orig_quiet_level = quiet_level;
673 options_test_data_t *tdata = get_options_test_data("");
674 tdata->opt->Logs = NULL;
675 tdata->opt->RunAsDaemon = 0;
676
677 ret = options_validate(NULL, tdata->opt, &msg);
678 tt_assert(!tdata->opt->Logs);
679 tor_free(msg);
680 tt_int_op(ret, OP_EQ, 0);
681
682 free_options_test_data(tdata);
683 tdata = get_options_test_data("");
684 tdata->opt->Logs = NULL;
685 tdata->opt->RunAsDaemon = 0;
686 quiet_level = 1;
687 ret = options_validate(NULL, tdata->opt, &msg);
688 tt_assert(!tdata->opt->Logs);
689 tor_free(msg);
690 tt_int_op(ret, OP_EQ, 0);
691
692 free_options_test_data(tdata);
693 tdata = get_options_test_data("");
694 tdata->opt->Logs = NULL;
695 tdata->opt->RunAsDaemon = 0;
696 quiet_level = 2;
697 ret = options_validate(NULL, tdata->opt, &msg);
698 tt_assert(!tdata->opt->Logs);
699 tor_free(msg);
700 tt_int_op(ret, OP_EQ, 0);
701
702 free_options_test_data(tdata);
703 tdata = get_options_test_data("");
704 tdata->opt->Logs = NULL;
705 tdata->opt->RunAsDaemon = 0;
706 ret = options_validate(NULL, tdata->opt, &msg);
707 tt_assert(!tdata->opt->Logs);
708 tor_free(msg);
709 tt_int_op(ret, OP_EQ, 0);
710
711 free_options_test_data(tdata);
712 tdata = get_options_test_data("");
713 tdata->opt->Logs = NULL;
714 tdata->opt->RunAsDaemon = 1;
715 ret = options_validate(NULL, tdata->opt, &msg);
716 tt_assert(!tdata->opt->Logs);
717 tor_free(msg);
718 #ifdef _WIN32
719 /* Can't RunAsDaemon on Windows. */
720 tt_int_op(ret, OP_EQ, -1);
721 #else
722 tt_int_op(ret, OP_EQ, 0);
723 #endif /* defined(_WIN32) */
724
725 free_options_test_data(tdata);
726 tdata = get_options_test_data("");
727 tdata->opt->RunAsDaemon = 0;
728 config_line_t *cl=NULL;
729 config_get_lines("Log foo", &cl, 1);
730 tdata->opt->Logs = cl;
731 ret = options_validate(NULL, tdata->opt, &msg);
732 tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl);
733 tt_int_op(ret, OP_EQ, -1);
734
735 done:
736 quiet_level = orig_quiet_level;
737 free_options_test_data(tdata);
738 tor_free(msg);
739 }
740
741 /* static config_line_t * */
742 /* mock_config_line(const char *key, const char *val) */
743 /* { */
744 /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
745 /* memset(config_line, 0, sizeof(config_line_t)); */
746 /* config_line->key = tor_strdup(key); */
747 /* config_line->value = tor_strdup(val); */
748 /* return config_line; */
749 /* } */
750
751 static void
test_options_validate__authdir(void * ignored)752 test_options_validate__authdir(void *ignored)
753 {
754 (void)ignored;
755 int ret;
756 char *msg;
757 setup_capture_of_logs(LOG_INFO);
758 options_test_data_t *tdata = get_options_test_data(
759 ENABLE_AUTHORITY_V3_MIN
760 "Address this.should.not!exist!.example.org");
761 const dirauth_options_t *da_opt;
762
763 sandbox_disable_getaddrinfo_cache();
764
765 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
766 ret = options_validate(NULL, tdata->opt, &msg);
767 UNMOCK(tor_addr_lookup);
768 tt_int_op(ret, OP_EQ, -1);
769 tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
770 " details.");
771 expect_log_msg("Could not resolve local Address "
772 "'this.should.not!exist!.example.org'. Failing.\n");
773 tor_free(msg);
774
775 free_options_test_data(tdata);
776 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
777 "Address 100.200.10.1");
778 mock_clean_saved_logs();
779 ret = options_validate(NULL, tdata->opt, &msg);
780 tt_int_op(ret, OP_EQ, -1);
781 tt_str_op(msg, OP_EQ, "Authoritative directory servers must set "
782 "ContactInfo");
783 tor_free(msg);
784
785 free_options_test_data(tdata);
786 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
787 "Address 100.200.10.1\n");
788 mock_clean_saved_logs();
789 ret = options_validate(NULL, tdata->opt, &msg);
790 tt_int_op(ret, OP_EQ, -1);
791 tt_str_op(msg, OP_EQ,
792 "Authoritative directory servers must set ContactInfo");
793 tor_free(msg);
794
795 free_options_test_data(tdata);
796 tdata = get_options_test_data(ENABLE_AUTHORITY_MIN
797 "Address 100.200.10.1\n"
798 "TestingTorNetwork 1\n");
799 mock_clean_saved_logs();
800 ret = options_validate(NULL, tdata->opt, &msg);
801 tt_int_op(ret, OP_EQ, -1);
802 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
803 "AuthoritativeDir is set.");
804 tor_free(msg);
805
806 free_options_test_data(tdata);
807 tdata = get_options_test_data(ENABLE_AUTHORITY);
808 mock_clean_saved_logs();
809 ret = options_validate(NULL, tdata->opt, &msg);
810 tt_int_op(ret, OP_EQ, -1);
811 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
812 "AuthoritativeDir is set.");
813 tor_free(msg);
814
815 free_options_test_data(tdata);
816 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
817 "RecommendedVersions 1.2, 3.14\n");
818 mock_clean_saved_logs();
819 options_validate(NULL, tdata->opt, &msg);
820 da_opt = get_dirauth_options(tdata->opt);
821 tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14");
822 tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14");
823 tor_free(msg);
824
825 free_options_test_data(tdata);
826 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
827 "RecommendedVersions 1.2, 3.14\n"
828 "RecommendedClientVersions 25\n"
829 "RecommendedServerVersions 4.18\n");
830 mock_clean_saved_logs();
831 options_validate(NULL, tdata->opt, &msg);
832 da_opt = get_dirauth_options(tdata->opt);
833 tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "25");
834 tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "4.18");
835 tor_free(msg);
836
837 free_options_test_data(tdata);
838 tdata = get_options_test_data(ENABLE_AUTHORITY
839 "VersioningAuthoritativeDirectory 1\n"
840 "RecommendedVersions 1.2, 3.14\n"
841 "RecommendedClientVersions 25\n"
842 "RecommendedServerVersions 4.18\n");
843 mock_clean_saved_logs();
844 options_validate(NULL, tdata->opt, &msg);
845 da_opt = get_dirauth_options(tdata->opt);
846 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
847 "AuthoritativeDir is set.");
848 tor_free(msg);
849
850 free_options_test_data(tdata);
851 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
852 "VersioningAuthoritativeDirectory 1\n"
853 "RecommendedServerVersions 4.18\n");
854 mock_clean_saved_logs();
855 options_validate(NULL, tdata->opt, &msg);
856 da_opt = get_dirauth_options(tdata->opt);
857 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
858 "Recommended*Versions.");
859 tor_free(msg);
860
861 free_options_test_data(tdata);
862 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
863 "VersioningAuthoritativeDirectory 1\n"
864 "RecommendedClientVersions 4.18\n");
865 mock_clean_saved_logs();
866 options_validate(NULL, tdata->opt, &msg);
867 da_opt = get_dirauth_options(tdata->opt);
868 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
869 "Recommended*Versions.");
870 tor_free(msg);
871 da_opt = NULL;
872
873 free_options_test_data(tdata);
874 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
875 "UseEntryGuards 1\n");
876 mock_clean_saved_logs();
877 options_validate(NULL, tdata->opt, &msg);
878 expect_log_msg("Authoritative directory servers "
879 "can't set UseEntryGuards. Disabling.\n");
880 tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0);
881 tor_free(msg);
882
883 free_options_test_data(tdata);
884 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
885 "DownloadExtraInfo 0\n");
886 mock_clean_saved_logs();
887 options_validate(NULL, tdata->opt, &msg);
888 expect_log_msg("Authoritative directories always try"
889 " to download extra-info documents. Setting DownloadExtraInfo.\n");
890 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
891 tor_free(msg);
892
893 free_options_test_data(tdata);
894 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
895 "V3BandwidthsFile non-existent-file\n");
896 mock_clean_saved_logs();
897 options_validate(NULL, tdata->opt, &msg);
898 expect_log_msg("Can't open bandwidth file at configured location: "
899 "non-existent-file\n");
900 tor_free(msg);
901
902 free_options_test_data(tdata);
903 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
904 "GuardfractionFile non-existent-file\n");
905 mock_clean_saved_logs();
906 options_validate(NULL, tdata->opt, &msg);
907 expect_log_msg("Cannot open guardfraction file 'non-existent-file'. "
908 "Failing.\n");
909 tor_free(msg);
910
911 free_options_test_data(tdata);
912 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
913 "Address 100.200.10.1\n"
914 "ORPort 2000\n"
915 "ContactInfo hello@hello.com\n");
916 mock_clean_saved_logs();
917 ret = options_validate(NULL, tdata->opt, &msg);
918 tt_int_op(ret, OP_EQ, -1);
919 tt_str_op(msg, OP_EQ,
920 "Running as authoritative directory, but no DirPort set.");
921 tor_free(msg);
922
923 free_options_test_data(tdata);
924 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
925 "Address 100.200.10.1\n"
926 "ORPort 2000\n"
927 "ContactInfo hello@hello.com\n");
928 mock_clean_saved_logs();
929 ret = options_validate(NULL, tdata->opt, &msg);
930 tt_int_op(ret, OP_EQ, -1);
931 tt_str_op(msg, OP_EQ,
932 "Running as authoritative directory, but no DirPort set.");
933 tor_free(msg);
934
935 free_options_test_data(tdata);
936 tdata = get_options_test_data(ENABLE_AUTHORITY_V3_MIN
937 "Address 100.200.10.1\n"
938 "DirPort 999\n"
939 "ContactInfo hello@hello.com\n");
940 mock_clean_saved_logs();
941 ret = options_validate(NULL, tdata->opt, &msg);
942 tt_int_op(ret, OP_EQ, -1);
943 tt_str_op(msg, OP_EQ,
944 "Running as authoritative directory, but no ORPort set.");
945 tor_free(msg);
946
947 free_options_test_data(tdata);
948 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
949 "Address 100.200.10.1\n"
950 "DirPort 999\n"
951 "ContactInfo hello@hello.com\n");
952 mock_clean_saved_logs();
953 ret = options_validate(NULL, tdata->opt, &msg);
954 tt_int_op(ret, OP_EQ, -1);
955 tt_str_op(msg, OP_EQ,
956 "Running as authoritative directory, but no ORPort set.");
957 tor_free(msg);
958
959 free_options_test_data(tdata);
960 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
961 "ClientOnly 1\n");
962 /* We have to call the dirauth-specific function, and fake port parsing,
963 * to hit this case */
964 tdata->opt->DirPort_set = 1;
965 tdata->opt->ORPort_set = 1;
966 mock_clean_saved_logs();
967 ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg);
968 tt_int_op(ret, OP_EQ, -1);
969 tt_str_op(msg, OP_EQ, "Running as authoritative directory, "
970 "but ClientOnly also set.");
971 tor_free(msg);
972
973 free_options_test_data(tdata);
974 tdata = get_options_test_data(ENABLE_AUTHORITY_BRIDGE
975 "ClientOnly 1\n");
976 /* We have to call the dirauth-specific function, and fake port parsing,
977 * to hit this case */
978 tdata->opt->DirPort_set = 1;
979 tdata->opt->ORPort_set = 1;
980 mock_clean_saved_logs();
981 ret = options_validate_dirauth_mode(NULL, tdata->opt, &msg);
982 tt_int_op(ret, OP_EQ, -1);
983 tt_str_op(msg, OP_EQ, "Running as authoritative directory, "
984 "but ClientOnly also set.");
985 tor_free(msg);
986
987 done:
988 teardown_capture_of_logs();
989 // sandbox_free_getaddrinfo_cache();
990 free_options_test_data(tdata);
991 tor_free(msg);
992 }
993
994 static void
test_options_validate__relay_with_hidden_services(void * ignored)995 test_options_validate__relay_with_hidden_services(void *ignored)
996 {
997 (void)ignored;
998 char *msg;
999 int ret;
1000 setup_capture_of_logs(LOG_DEBUG);
1001 options_test_data_t *tdata = get_options_test_data(
1002 "ORPort 127.0.0.1:5555\n"
1003 "HiddenServiceDir "
1004 "/Library/Tor/var/lib/tor/hidden_service/\n"
1005 "HiddenServicePort 80 127.0.0.1:8080\n"
1006 );
1007
1008 ret = options_validate(NULL, tdata->opt, &msg);
1009 tt_int_op(ret, OP_EQ, 0);
1010 expect_log_msg(
1011 "Tor is currently configured as a relay and a hidden service. "
1012 "That's not very secure: you should probably run your hidden servi"
1013 "ce in a separate Tor process, at least -- see "
1014 "https://bugs.torproject.org/tpo/core/tor/8742.\n");
1015
1016 done:
1017 teardown_capture_of_logs();
1018 free_options_test_data(tdata);
1019 tor_free(msg);
1020 }
1021
1022 static void
test_options_validate__listen_ports(void * ignored)1023 test_options_validate__listen_ports(void *ignored)
1024 {
1025 (void)ignored;
1026 int ret;
1027 char *msg;
1028 setup_capture_of_logs(LOG_WARN);
1029 options_test_data_t *tdata = get_options_test_data("SOCKSPort 0");
1030 ret = options_validate(NULL, tdata->opt, &msg);
1031 tt_int_op(ret, OP_EQ, 0);
1032 expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort "
1033 "are all undefined, and there aren't any hidden services "
1034 "configured. "
1035 " Tor will still run, but probably won't do anything.\n");
1036 done:
1037 teardown_capture_of_logs();
1038 free_options_test_data(tdata);
1039 tor_free(msg);
1040 }
1041
1042 static void
test_options_validate__transproxy(void * ignored)1043 test_options_validate__transproxy(void *ignored)
1044 {
1045 (void)ignored;
1046 int ret;
1047 char *msg;
1048 options_test_data_t *tdata;
1049
1050 #ifdef USE_TRANSPARENT
1051 // Test default trans proxy
1052 tdata = get_options_test_data("TransProxyType default\n");
1053
1054 ret = options_validate(NULL, tdata->opt, &msg);
1055 tt_int_op(ret, OP_EQ, 0);
1056 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT);
1057 tor_free(msg);
1058
1059 // Test pf-divert trans proxy
1060 free_options_test_data(tdata);
1061 tdata = get_options_test_data("TransProxyType pf-divert\n");
1062 ret = options_validate(NULL, tdata->opt, &msg);
1063 tt_int_op(ret, OP_EQ, -1);
1064
1065 #if !defined(OpenBSD) && !defined(DARWIN)
1066 tt_str_op(msg, OP_EQ,
1067 "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
1068 #else
1069 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT);
1070 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without "
1071 "any valid TransPort.");
1072 #endif /* !defined(OpenBSD) && !defined(DARWIN) */
1073 tor_free(msg);
1074
1075 // Test tproxy trans proxy
1076 free_options_test_data(tdata);
1077 tdata = get_options_test_data("TransProxyType tproxy\n");
1078 ret = options_validate(NULL, tdata->opt, &msg);
1079 tt_int_op(ret, OP_EQ, -1);
1080
1081 #if !defined(__linux__)
1082 tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature.");
1083 #else
1084 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY);
1085 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1086 "TransPort.");
1087 #endif /* !defined(__linux__) */
1088 tor_free(msg);
1089
1090 // Test ipfw trans proxy
1091 free_options_test_data(tdata);
1092 tdata = get_options_test_data("TransProxyType ipfw\n");
1093 ret = options_validate(NULL, tdata->opt, &msg);
1094 tt_int_op(ret, OP_EQ, -1);
1095
1096 #ifndef KERNEL_MAY_SUPPORT_IPFW
1097 tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specific and OS X/Darwin-specific "
1098 "feature.");
1099 #else
1100 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW);
1101 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1102 "TransPort.");
1103 #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */
1104 tor_free(msg);
1105
1106 // Test unknown trans proxy
1107 free_options_test_data(tdata);
1108 tdata = get_options_test_data("TransProxyType non-existent\n");
1109 ret = options_validate(NULL, tdata->opt, &msg);
1110 tt_int_op(ret, OP_EQ, -1);
1111 tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType");
1112 tor_free(msg);
1113
1114 // Test trans proxy success
1115 free_options_test_data(tdata);
1116 tdata = NULL;
1117
1118 #if defined(__linux__)
1119 tdata = get_options_test_data("TransProxyType tproxy\n"
1120 "TransPort 127.0.0.1:123\n");
1121 ret = options_validate(NULL, tdata->opt, &msg);
1122 tt_int_op(ret, OP_EQ, 0);
1123 #elif defined(KERNEL_MAY_SUPPORT_IPFW)
1124 tdata = get_options_test_data("TransProxyType ipfw\n"
1125 "TransPort 127.0.0.1:123\n");
1126 ret = options_validate(NULL, tdata->opt, &msg);
1127 tt_int_op(ret, OP_EQ, 0);
1128 tor_free(msg);
1129 #elif defined(OpenBSD)
1130 tdata = get_options_test_data("TransProxyType pf-divert\n"
1131 "TransPort 127.0.0.1:123\n");
1132 ret = options_validate(NULL, tdata->opt, &msg);
1133 tt_int_op(ret, OP_EQ, 0);
1134 tor_free(msg);
1135 #elif defined(__NetBSD__)
1136 tdata = get_options_test_data("TransProxyType default\n"
1137 "TransPort 127.0.0.1:123\n");
1138 ret = options_validate(NULL, tdata->opt, &msg);
1139 tt_int_op(ret, OP_EQ, 0);
1140 tor_free(msg);
1141 #endif /* defined(__linux__) || ... */
1142
1143 // Assert that a test has run for some TransProxyType
1144 tt_assert(tdata);
1145
1146 #else /* !defined(USE_TRANSPARENT) */
1147 tdata = get_options_test_data("TransPort 127.0.0.1:555\n");
1148
1149 ret = options_validate(NULL, tdata->opt, &msg);
1150 tt_int_op(ret, OP_EQ, -1);
1151 tt_str_op(msg, OP_EQ, "TransPort is disabled in this build.");
1152 tor_free(msg);
1153 #endif /* defined(USE_TRANSPARENT) */
1154
1155 done:
1156 free_options_test_data(tdata);
1157 tor_free(msg);
1158 }
1159
1160 static country_t opt_tests_geoip_get_country(const char *country);
1161 ATTR_UNUSED static int opt_tests_geoip_get_country_called = 0;
1162
1163 static country_t
opt_tests_geoip_get_country(const char * countrycode)1164 opt_tests_geoip_get_country(const char *countrycode)
1165 {
1166 (void)countrycode;
1167 opt_tests_geoip_get_country_called++;
1168
1169 return 1;
1170 }
1171
1172 static void
test_options_validate__exclude_nodes(void * ignored)1173 test_options_validate__exclude_nodes(void *ignored)
1174 {
1175 (void)ignored;
1176
1177 MOCK(geoip_get_country,
1178 opt_tests_geoip_get_country);
1179
1180 int ret;
1181 char *msg;
1182 setup_capture_of_logs(LOG_WARN);
1183 options_test_data_t *tdata = get_options_test_data(
1184 "ExcludeExitNodes {us}\n");
1185
1186 ret = options_validate(NULL, tdata->opt, &msg);
1187 tt_int_op(ret, OP_EQ, 0);
1188 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1189 tt_str_op((char *)
1190 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1191 OP_EQ, "{us}");
1192 tor_free(msg);
1193
1194 free_options_test_data(tdata);
1195 tdata = get_options_test_data("ExcludeNodes {cn}\n");
1196 ret = options_validate(NULL, tdata->opt, &msg);
1197 tt_int_op(ret, OP_EQ, 0);
1198 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1199 tt_str_op((char *)
1200 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1201 OP_EQ, "{cn}");
1202 tor_free(msg);
1203
1204 free_options_test_data(tdata);
1205 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1206 "ExcludeExitNodes {us} {cn}\n");
1207 ret = options_validate(NULL, tdata->opt, &msg);
1208 tt_int_op(ret, OP_EQ, 0);
1209 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2);
1210 tt_str_op((char *)
1211 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1212 OP_EQ, "{us} {cn}");
1213 tt_str_op((char *)
1214 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)),
1215 OP_EQ, "{cn}");
1216 tor_free(msg);
1217
1218 free_options_test_data(tdata);
1219 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1220 "StrictNodes 1\n");
1221 mock_clean_saved_logs();
1222 ret = options_validate(NULL, tdata->opt, &msg);
1223 tt_int_op(ret, OP_EQ, 0);
1224 expect_log_msg(
1225 "You have asked to exclude certain relays from all positions "
1226 "in your circuits. Expect hidden services and other Tor "
1227 "features to be broken in unpredictable ways.\n");
1228 tor_free(msg);
1229
1230 free_options_test_data(tdata);
1231 tdata = get_options_test_data("ExcludeNodes {cn}\n");
1232 mock_clean_saved_logs();
1233 ret = options_validate(NULL, tdata->opt, &msg);
1234 tt_int_op(ret, OP_EQ, 0);
1235 expect_no_log_msg(
1236 "You have asked to exclude certain relays from all positions "
1237 "in your circuits. Expect hidden services and other Tor "
1238 "features to be broken in unpredictable ways.\n");
1239 tor_free(msg);
1240
1241 done:
1242 UNMOCK(geoip_get_country);
1243 teardown_capture_of_logs();
1244 free_options_test_data(tdata);
1245 tor_free(msg);
1246 }
1247
1248 static void
test_options_validate__node_families(void * ignored)1249 test_options_validate__node_families(void *ignored)
1250 {
1251 (void)ignored;
1252 int ret;
1253 char *msg;
1254 options_test_data_t *tdata = get_options_test_data(
1255 "NodeFamily flux, flax\n"
1256 "NodeFamily somewhere\n");
1257
1258 ret = options_validate(NULL, tdata->opt, &msg);
1259 tt_int_op(ret, OP_EQ, 0);
1260 tt_assert(tdata->opt->NodeFamilySets);
1261 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2);
1262 tt_str_op((char *)(smartlist_get(
1263 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)),
1264 OP_EQ, "flux");
1265 tt_str_op((char *)(smartlist_get(
1266 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)),
1267 OP_EQ, "flax");
1268 tt_str_op((char *)(smartlist_get(
1269 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)),
1270 OP_EQ, "somewhere");
1271 tor_free(msg);
1272
1273 free_options_test_data(tdata);
1274 tdata = get_options_test_data("");
1275
1276 ret = options_validate(NULL, tdata->opt, &msg);
1277 tt_int_op(ret, OP_EQ, 0);
1278 tt_assert(!tdata->opt->NodeFamilySets);
1279 tor_free(msg);
1280
1281 free_options_test_data(tdata);
1282 tdata = get_options_test_data("NodeFamily !flux\n");
1283
1284 ret = options_validate(NULL, tdata->opt, &msg);
1285 tt_int_op(ret, OP_EQ, -1);
1286 tt_assert(tdata->opt->NodeFamilySets);
1287 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0);
1288 tor_free(msg);
1289
1290 done:
1291 free_options_test_data(tdata);
1292 tor_free(msg);
1293 }
1294
1295 static void
test_options_validate__token_bucket(void * ignored)1296 test_options_validate__token_bucket(void *ignored)
1297 {
1298 (void)ignored;
1299 int ret;
1300 char *msg;
1301 options_test_data_t *tdata = get_options_test_data("");
1302
1303 tdata->opt->TokenBucketRefillInterval = 0;
1304 ret = options_validate(NULL, tdata->opt, &msg);
1305 tt_int_op(ret, OP_EQ, -1);
1306 tt_str_op(msg, OP_EQ,
1307 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1308 tor_free(msg);
1309
1310 tdata->opt->TokenBucketRefillInterval = 1001;
1311 ret = options_validate(NULL, tdata->opt, &msg);
1312 tt_int_op(ret, OP_EQ, -1);
1313 tt_str_op(msg, OP_EQ,
1314 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1315 tor_free(msg);
1316
1317 done:
1318 free_options_test_data(tdata);
1319 tor_free(msg);
1320 }
1321
1322 static void
test_options_validate__fetch_dir(void * ignored)1323 test_options_validate__fetch_dir(void *ignored)
1324 {
1325 (void)ignored;
1326 int ret;
1327 char *msg;
1328 options_test_data_t *tdata = get_options_test_data(
1329 "FetchDirInfoExtraEarly 1\n"
1330 "FetchDirInfoEarly 0\n");
1331
1332 ret = options_validate(NULL, tdata->opt, &msg);
1333 tt_int_op(ret, OP_EQ, -1);
1334 tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you"
1335 " also set FetchDirInfoEarly");
1336 tor_free(msg);
1337
1338 free_options_test_data(tdata);
1339 tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n"
1340 "FetchDirInfoEarly 1\n");
1341
1342 ret = options_validate(NULL, tdata->opt, &msg);
1343 tt_int_op(ret, OP_EQ, 0);
1344 tor_free(msg);
1345
1346 done:
1347 free_options_test_data(tdata);
1348 tor_free(msg);
1349 }
1350
1351 static void
test_options_validate__conn_limit(void * ignored)1352 test_options_validate__conn_limit(void *ignored)
1353 {
1354 (void)ignored;
1355 int ret;
1356 char *msg;
1357 options_test_data_t *tdata = get_options_test_data(
1358 "ConnLimit 0\n");
1359
1360 ret = options_validate(NULL, tdata->opt, &msg);
1361 tt_int_op(ret, OP_EQ, -1);
1362 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1363 tor_free(msg);
1364
1365 free_options_test_data(tdata);
1366 tdata = get_options_test_data("ConnLimit 1\n");
1367
1368 ret = options_validate(NULL, tdata->opt, &msg);
1369 tt_int_op(ret, OP_EQ, 0);
1370 tor_free(msg);
1371
1372 done:
1373 free_options_test_data(tdata);
1374 tor_free(msg);
1375 }
1376
1377 static void
test_options_validate__paths_needed(void * ignored)1378 test_options_validate__paths_needed(void *ignored)
1379 {
1380 (void)ignored;
1381 int ret;
1382 char *msg;
1383
1384 #ifndef _WIN32
1385 int unset_home_env = 0;
1386 if (setenv("HOME", "/home/john", 0) == 0)
1387 unset_home_env = 1;
1388 #endif
1389
1390 setup_capture_of_logs(LOG_WARN);
1391 options_test_data_t *tdata = get_options_test_data(
1392 "PathsNeededToBuildCircuits 0.1\n");
1393
1394 ret = options_validate(NULL, tdata->opt, &msg);
1395 tt_int_op(ret, OP_EQ, 0);
1396 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 &&
1397 tdata->opt->PathsNeededToBuildCircuits < 0.26);
1398 expect_log_msg("PathsNeededToBuildCircuits is too low. "
1399 "Increasing to 0.25\n");
1400 tor_free(msg);
1401
1402 free_options_test_data(tdata);
1403 mock_clean_saved_logs();
1404 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n");
1405
1406 ret = options_validate(NULL, tdata->opt, &msg);
1407 tt_int_op(ret, OP_EQ, 0);
1408 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 &&
1409 tdata->opt->PathsNeededToBuildCircuits < 0.96);
1410 expect_log_msg("PathsNeededToBuildCircuits is "
1411 "too high. Decreasing to 0.95\n");
1412 tor_free(msg);
1413
1414 free_options_test_data(tdata);
1415 mock_clean_saved_logs();
1416 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n");
1417
1418 ret = options_validate(NULL, tdata->opt, &msg);
1419 tt_int_op(ret, OP_EQ, 0);
1420 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 &&
1421 tdata->opt->PathsNeededToBuildCircuits < 0.92);
1422 expect_no_log_msg_containing("PathsNeededToBuildCircuits");
1423 tor_free(msg);
1424
1425 done:
1426 teardown_capture_of_logs();
1427 free_options_test_data(tdata);
1428 tor_free(msg);
1429 #ifndef _WIN32
1430 if (unset_home_env)
1431 unsetenv("HOME");
1432 #endif
1433 }
1434
1435 static void
test_options_validate__max_client_circuits(void * ignored)1436 test_options_validate__max_client_circuits(void *ignored)
1437 {
1438 (void)ignored;
1439 int ret;
1440 char *msg;
1441 options_test_data_t *tdata = get_options_test_data(
1442 "MaxClientCircuitsPending 0\n");
1443
1444 ret = options_validate(NULL, tdata->opt, &msg);
1445 tt_int_op(ret, OP_EQ, -1);
1446 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1447 " but was set to 0");
1448 tor_free(msg);
1449
1450 free_options_test_data(tdata);
1451 tdata = get_options_test_data("MaxClientCircuitsPending 1025\n");
1452
1453 ret = options_validate(NULL, tdata->opt, &msg);
1454 tt_int_op(ret, OP_EQ, -1);
1455 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1456 " but was set to 1025");
1457 tor_free(msg);
1458
1459 free_options_test_data(tdata);
1460 tdata = get_options_test_data("MaxClientCircuitsPending 1\n");
1461
1462 ret = options_validate(NULL, tdata->opt, &msg);
1463 tt_int_op(ret, OP_EQ, 0);
1464 tor_free(msg);
1465
1466 done:
1467 free_options_test_data(tdata);
1468 tor_free(msg);
1469 }
1470
1471 static void
test_options_validate__ports(void * ignored)1472 test_options_validate__ports(void *ignored)
1473 {
1474 (void)ignored;
1475 int ret;
1476 char *msg;
1477 options_test_data_t *tdata = get_options_test_data("FirewallPorts 65537\n");
1478
1479 ret = options_validate(NULL, tdata->opt, &msg);
1480 tt_int_op(ret, OP_EQ, -1);
1481 tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts");
1482 tor_free(msg);
1483
1484 free_options_test_data(tdata);
1485 tdata = get_options_test_data("FirewallPorts 1\n"
1486 "LongLivedPorts 124444\n");
1487
1488 ret = options_validate(NULL, tdata->opt, &msg);
1489 tt_int_op(ret, OP_EQ, -1);
1490 tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts");
1491 tor_free(msg);
1492
1493 free_options_test_data(tdata);
1494 tdata = get_options_test_data("FirewallPorts 1\n"
1495 "LongLivedPorts 2\n"
1496 "RejectPlaintextPorts 112233\n");
1497
1498 ret = options_validate(NULL, tdata->opt, &msg);
1499 tt_int_op(ret, OP_EQ, -1);
1500 tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts");
1501 tor_free(msg);
1502
1503 free_options_test_data(tdata);
1504 tdata = get_options_test_data("FirewallPorts 1\n"
1505 "LongLivedPorts 2\n"
1506 "RejectPlaintextPorts 3\n"
1507 "WarnPlaintextPorts 65536\n");
1508
1509 ret = options_validate(NULL, tdata->opt, &msg);
1510 tt_int_op(ret, OP_EQ, -1);
1511 tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts");
1512 tor_free(msg);
1513
1514 free_options_test_data(tdata);
1515 tdata = get_options_test_data("FirewallPorts 1\n"
1516 "LongLivedPorts 2\n"
1517 "RejectPlaintextPorts 3\n"
1518 "WarnPlaintextPorts 4\n");
1519
1520 ret = options_validate(NULL, tdata->opt, &msg);
1521 tt_int_op(ret, OP_EQ, 0);
1522 tor_free(msg);
1523
1524 done:
1525 free_options_test_data(tdata);
1526 tor_free(msg);
1527 }
1528
1529 static void
test_options_validate__reachable_addresses(void * ignored)1530 test_options_validate__reachable_addresses(void *ignored)
1531 {
1532 (void)ignored;
1533 int ret;
1534 char *msg;
1535 setup_capture_of_logs(LOG_NOTICE);
1536 options_test_data_t *tdata = get_options_test_data("FascistFirewall 1\n");
1537
1538 ret = options_validate(NULL, tdata->opt, &msg);
1539 tt_int_op(ret, OP_EQ, 0);
1540 expect_log_msg("Converting FascistFirewall config "
1541 "option to new format: \"ReachableDirAddresses *:80\"\n");
1542 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80");
1543 expect_log_msg("Converting FascistFirewall config "
1544 "option to new format: \"ReachableORAddresses *:443\"\n");
1545 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443");
1546 tor_free(msg);
1547
1548 free_options_test_data(tdata);
1549 mock_clean_saved_logs();
1550 tdata = get_options_test_data("FascistFirewall 1\n"
1551 "ReachableDirAddresses *:81\n"
1552 "ReachableORAddresses *:444\n");
1553 tt_assert(tdata->opt->FirewallPorts);
1554 SMARTLIST_FOREACH(tdata->opt->FirewallPorts, char *, cp, tor_free(cp));
1555 smartlist_clear(tdata->opt->FirewallPorts);
1556 ret = options_validate(NULL, tdata->opt, &msg);
1557 tt_int_op(ret, OP_EQ, 0);
1558 #if 0
1559 /* This does not actually produce any logs, and did not produce any relevant
1560 * logs before. */
1561 expect_log_entry();
1562 #endif
1563 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81");
1564 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444");
1565 tor_free(msg);
1566
1567 free_options_test_data(tdata);
1568 mock_clean_saved_logs();
1569 tdata = get_options_test_data("FascistFirewall 1\n"
1570 "FirewallPort 123\n");
1571
1572 ret = options_validate(NULL, tdata->opt, &msg);
1573 tt_int_op(ret, OP_EQ, 0);
1574 expect_log_msg("Converting FascistFirewall and "
1575 "FirewallPorts config options to new format: "
1576 "\"ReachableAddresses *:123\"\n");
1577 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123");
1578 tor_free(msg);
1579
1580 free_options_test_data(tdata);
1581 mock_clean_saved_logs();
1582 tdata = get_options_test_data("FascistFirewall 1\n"
1583 "ReachableAddresses *:82\n"
1584 "ReachableAddresses *:83\n"
1585 "ReachableAddresses reject *:*\n");
1586
1587 ret = options_validate(NULL, tdata->opt, &msg);
1588 tt_int_op(ret, OP_EQ, 0);
1589 #if 0
1590 /* This does not actually produce any logs, and did not produce any relevant
1591 * logs before. */
1592 expect_log_entry();
1593 #endif
1594 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
1595 tor_free(msg);
1596
1597 free_options_test_data(tdata);
1598 mock_clean_saved_logs();
1599 tdata = get_options_test_data("FascistFirewall 1\n"
1600 "ReachableAddresses *:82\n");
1601
1602 ret = options_validate(NULL, tdata->opt, &msg);
1603 tt_int_op(ret, OP_EQ, 0);
1604 tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL);
1605 tor_free(msg);
1606
1607 #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
1608 " the rest of the Internet, so they must not set Reachable*Addresses or" \
1609 " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
1610
1611 free_options_test_data(tdata);
1612 tdata = get_options_test_data("ReachableAddresses *:82\n"
1613 "ORPort 127.0.0.1:5555\n");
1614
1615 ret = options_validate(NULL, tdata->opt, &msg);
1616 tt_int_op(ret, OP_EQ, -1);
1617 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1618 tor_free(msg);
1619
1620 free_options_test_data(tdata);
1621 tdata = get_options_test_data("ReachableORAddresses *:82\n"
1622 "ORPort 127.0.0.1:5555\n");
1623
1624 ret = options_validate(NULL, tdata->opt, &msg);
1625 tt_int_op(ret, OP_EQ, -1);
1626 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1627 tor_free(msg);
1628
1629 free_options_test_data(tdata);
1630 tdata = get_options_test_data("ReachableDirAddresses *:82\n"
1631 "ORPort 127.0.0.1:5555\n");
1632
1633 ret = options_validate(NULL, tdata->opt, &msg);
1634 tt_int_op(ret, OP_EQ, -1);
1635 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1636 tor_free(msg);
1637
1638 free_options_test_data(tdata);
1639 tdata = get_options_test_data("ClientUseIPv4 0\n"
1640 "ORPort 127.0.0.1:5555\n");
1641
1642 ret = options_validate(NULL, tdata->opt, &msg);
1643 tt_int_op(ret, OP_EQ, -1);
1644 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1645 tor_free(msg);
1646
1647 /* Test IPv4-only clients setting IPv6 preferences */
1648
1649 free_options_test_data(tdata);
1650 tdata = get_options_test_data("ClientUseIPv4 1\n"
1651 "ClientUseIPv6 0\n"
1652 "UseBridges 0\n"
1653 "ClientPreferIPv6ORPort 1\n");
1654
1655 ret = options_validate(NULL, tdata->opt, &msg);
1656 tt_int_op(ret, OP_EQ, 0);
1657 tor_free(msg);
1658
1659 free_options_test_data(tdata);
1660 tdata = get_options_test_data("ClientUseIPv4 1\n"
1661 "ClientUseIPv6 0\n"
1662 "UseBridges 0\n"
1663 "ClientPreferIPv6DirPort 1\n");
1664
1665 ret = options_validate(NULL, tdata->opt, &msg);
1666 tt_int_op(ret, OP_EQ, 0);
1667 tor_free(msg);
1668
1669 /* Now test an IPv4/IPv6 client setting IPv6 preferences */
1670
1671 free_options_test_data(tdata);
1672 tdata = get_options_test_data("ClientUseIPv4 1\n"
1673 "ClientUseIPv6 1\n"
1674 "ClientPreferIPv6ORPort 1\n"
1675 "ClientPreferIPv6DirPort 1\n");
1676
1677 ret = options_validate(NULL, tdata->opt, &msg);
1678 tt_int_op(ret, OP_EQ, 0);
1679 tt_ptr_op(msg, OP_EQ, NULL);
1680
1681 /* Now test an IPv6 client setting IPv6 preferences */
1682
1683 free_options_test_data(tdata);
1684 tdata = get_options_test_data("ClientUseIPv6 1\n"
1685 "ClientPreferIPv6ORPort 1\n"
1686 "ClientPreferIPv6DirPort 1\n");
1687
1688 ret = options_validate(NULL, tdata->opt, &msg);
1689 tt_int_op(ret, OP_EQ, 0);
1690 tt_ptr_op(msg, OP_EQ, NULL);
1691
1692 /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
1693
1694 free_options_test_data(tdata);
1695 tdata = get_options_test_data("ClientUseIPv4 0\n"
1696 "ClientPreferIPv6ORPort 1\n"
1697 "ClientPreferIPv6DirPort 1\n");
1698
1699 ret = options_validate(NULL, tdata->opt, &msg);
1700 tt_int_op(ret, OP_EQ, 0);
1701 tt_ptr_op(msg, OP_EQ, NULL);
1702
1703 /* And an implicit (bridge) client setting IPv6 preferences */
1704
1705 free_options_test_data(tdata);
1706 tdata = get_options_test_data("UseBridges 1\n"
1707 "Bridge 127.0.0.1:12345\n"
1708 "ClientPreferIPv6ORPort 1\n"
1709 "ClientPreferIPv6DirPort 1\n");
1710
1711 ret = options_validate(NULL, tdata->opt, &msg);
1712 tt_int_op(ret, OP_EQ, 0);
1713 tt_ptr_op(msg, OP_EQ, NULL);
1714
1715 done:
1716 teardown_capture_of_logs();
1717 free_options_test_data(tdata);
1718 tor_free(msg);
1719 }
1720
1721 static void
test_options_validate__use_bridges(void * ignored)1722 test_options_validate__use_bridges(void *ignored)
1723 {
1724 (void)ignored;
1725 int ret;
1726 char *msg;
1727 options_test_data_t *tdata = get_options_test_data(
1728 "UseBridges 1\n"
1729 "ClientUseIPv4 1\n"
1730 "ORPort 127.0.0.1:5555\n");
1731
1732 ret = options_validate(NULL, tdata->opt, &msg);
1733 tt_int_op(ret, OP_EQ, -1);
1734 tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
1735 " the Internet, so they must not set UseBridges.");
1736 tor_free(msg);
1737
1738 free_options_test_data(tdata);
1739 tdata = get_options_test_data("UseBridges 1\n");
1740
1741 ret = options_validate(NULL, tdata->opt, &msg);
1742 tt_int_op(ret, OP_EQ, -1);
1743 tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of"
1744 " the Internet, so they must not set UseBridges.");
1745 tor_free(msg);
1746
1747 MOCK(geoip_get_country,
1748 opt_tests_geoip_get_country);
1749 free_options_test_data(tdata);
1750 tdata = get_options_test_data("UseBridges 1\n"
1751 "EntryNodes {cn}\n");
1752
1753 ret = options_validate(NULL, tdata->opt, &msg);
1754 tt_int_op(ret, OP_EQ, -1);
1755 tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes.");
1756 tor_free(msg);
1757
1758 free_options_test_data(tdata);
1759 tdata = get_options_test_data("UseBridges 1\n");
1760
1761 ret = options_validate(NULL, tdata->opt, &msg);
1762 tt_int_op(ret, OP_EQ, -1);
1763 tt_str_op(msg, OP_EQ,
1764 "If you set UseBridges, you must specify at least one bridge.");
1765 tor_free(msg);
1766
1767 free_options_test_data(tdata);
1768 tdata = get_options_test_data("UseBridges 1\n"
1769 "Bridge 10.0.0.1\n"
1770 "UseEntryGuards 0\n"
1771 );
1772
1773 ret = options_validate(NULL, tdata->opt, &msg);
1774 tt_int_op(ret, OP_EQ, -1);
1775 tt_str_op(msg, OP_EQ,
1776 "Setting UseBridges requires also setting UseEntryGuards.");
1777 tor_free(msg);
1778
1779 free_options_test_data(tdata);
1780 tdata = get_options_test_data("UseBridges 1\n"
1781 "Bridge 10.0.0.1\n"
1782 "Bridge !!!\n"
1783 );
1784
1785 ret = options_validate(NULL, tdata->opt, &msg);
1786 tt_int_op(ret, OP_EQ, -1);
1787 tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details.");
1788 tor_free(msg);
1789
1790 done:
1791 UNMOCK(geoip_get_country);
1792 policies_free_all();
1793 free_options_test_data(tdata);
1794 tor_free(msg);
1795 }
1796
1797 static void
test_options_validate__entry_nodes(void * ignored)1798 test_options_validate__entry_nodes(void *ignored)
1799 {
1800 (void)ignored;
1801 int ret;
1802 char *msg;
1803 MOCK(geoip_get_country,
1804 opt_tests_geoip_get_country);
1805 options_test_data_t *tdata = get_options_test_data(
1806 "EntryNodes {cn}\n"
1807 "UseEntryGuards 0\n");
1808
1809 ret = options_validate(NULL, tdata->opt, &msg);
1810 tt_int_op(ret, OP_EQ, -1);
1811 tt_str_op(msg, OP_EQ,
1812 "If EntryNodes is set, UseEntryGuards must be enabled.");
1813 tor_free(msg);
1814
1815 free_options_test_data(tdata);
1816 tdata = get_options_test_data("EntryNodes {cn}\n"
1817 "UseEntryGuards 1\n");
1818
1819 ret = options_validate(NULL, tdata->opt, &msg);
1820 tt_int_op(ret, OP_EQ, 0);
1821 tor_free(msg);
1822
1823 done:
1824 UNMOCK(geoip_get_country);
1825 free_options_test_data(tdata);
1826 tor_free(msg);
1827 }
1828
1829 static void
test_options_validate__safe_logging(void * ignored)1830 test_options_validate__safe_logging(void *ignored)
1831 {
1832 (void)ignored;
1833 int ret;
1834 char *msg;
1835 options_test_data_t *tdata = get_options_test_data("SafeLogging 0\n");
1836
1837 ret = options_validate(NULL, tdata->opt, &msg);
1838 tt_int_op(ret, OP_EQ, 0);
1839 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1840 tor_free(msg);
1841
1842 free_options_test_data(tdata);
1843 tdata = get_options_test_data("SafeLogging 0\n");
1844
1845 ret = options_validate(NULL, tdata->opt, &msg);
1846 tt_int_op(ret, OP_EQ, 0);
1847 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1848 tor_free(msg);
1849
1850 free_options_test_data(tdata);
1851 tdata = get_options_test_data("SafeLogging Relay\n");
1852
1853 ret = options_validate(NULL, tdata->opt, &msg);
1854 tt_int_op(ret, OP_EQ, 0);
1855 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY);
1856 tor_free(msg);
1857
1858 free_options_test_data(tdata);
1859 tdata = get_options_test_data("SafeLogging 1\n");
1860
1861 ret = options_validate(NULL, tdata->opt, &msg);
1862 tt_int_op(ret, OP_EQ, 0);
1863 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL);
1864 tor_free(msg);
1865
1866 free_options_test_data(tdata);
1867 tdata = get_options_test_data("SafeLogging stuffy\n");
1868
1869 ret = options_validate(NULL, tdata->opt, &msg);
1870 tt_int_op(ret, OP_EQ, -1);
1871 tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging");
1872 tor_free(msg);
1873
1874 done:
1875 escaped(NULL); // This will free the leaking memory from the previous escaped
1876 free_options_test_data(tdata);
1877 tor_free(msg);
1878 }
1879
1880 static void
test_options_validate__publish_server_descriptor(void * ignored)1881 test_options_validate__publish_server_descriptor(void *ignored)
1882 {
1883 (void)ignored;
1884 int ret;
1885 char *msg;
1886 setup_capture_of_logs(LOG_WARN);
1887 options_test_data_t *tdata = get_options_test_data(
1888 "PublishServerDescriptor bridge\n");
1889
1890 ret = options_validate(NULL, tdata->opt, &msg);
1891 tt_int_op(ret, OP_EQ, 0);
1892 tt_assert(!msg);
1893
1894 free_options_test_data(tdata);
1895 tdata = get_options_test_data("PublishServerDescriptor humma\n");
1896
1897 ret = options_validate(NULL, tdata->opt, &msg);
1898 tt_int_op(ret, OP_EQ, -1);
1899 tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor");
1900 tor_free(msg);
1901
1902 free_options_test_data(tdata);
1903 tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n");
1904
1905 ret = options_validate(NULL, tdata->opt, &msg);
1906 tt_int_op(ret, OP_EQ, -1);
1907 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1908 "descriptors to the directory authorities. Please correct your "
1909 "PublishServerDescriptor line.");
1910 tor_free(msg);
1911
1912 free_options_test_data(tdata);
1913 tdata = get_options_test_data("BridgeRelay 1\n"
1914 "PublishServerDescriptor v3\n");
1915
1916 ret = options_validate(NULL, tdata->opt, &msg);
1917 tt_int_op(ret, OP_EQ, -1);
1918 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1919 "descriptors to the directory authorities. Please correct your "
1920 "PublishServerDescriptor line.");
1921 tor_free(msg);
1922
1923 free_options_test_data(tdata);
1924 tdata = get_options_test_data("BridgeRelay 1\n");
1925
1926 ret = options_validate(NULL, tdata->opt, &msg);
1927 tt_int_op(ret, OP_EQ, -1);
1928 tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router "
1929 "descriptors to the directory authorities. Please correct your "
1930 "PublishServerDescriptor line.");
1931 tor_free(msg);
1932
1933 done:
1934 teardown_capture_of_logs();
1935 policies_free_all();
1936 free_options_test_data(tdata);
1937 tor_free(msg);
1938 }
1939
1940 static void
test_options_validate__testing(void * ignored)1941 test_options_validate__testing(void *ignored)
1942 {
1943 (void)ignored;
1944 int ret;
1945 char *msg;
1946 options_test_data_t *tdata = NULL;
1947
1948 #define ENSURE_DEFAULT(varname, varval) \
1949 STMT_BEGIN \
1950 free_options_test_data(tdata); \
1951 tdata = get_options_test_data(#varname " " #varval "\n"); \
1952 ret = options_validate(NULL, tdata->opt, &msg); \
1953 tt_str_op(msg, OP_EQ, \
1954 #varname " may only be changed in testing Tor networks!"); \
1955 tt_int_op(ret, OP_EQ, -1); \
1956 tor_free(msg); \
1957 \
1958 free_options_test_data(tdata); \
1959 tdata = get_options_test_data(#varname " " #varval "\n" \
1960 VALID_DIR_AUTH \
1961 "TestingTorNetwork 1\n"); \
1962 \
1963 ret = options_validate(NULL, tdata->opt, &msg); \
1964 if (msg) { \
1965 tt_str_op(msg, OP_NE, \
1966 #varname " may only be changed in testing Tor networks!"); \
1967 tor_free(msg); \
1968 } \
1969 \
1970 free_options_test_data(tdata); \
1971 tdata = get_options_test_data(#varname " " #varval "\n" \
1972 "___UsingTestNetworkDefaults 1\n"); \
1973 \
1974 ret = options_validate(NULL, tdata->opt, &msg);\
1975 if (msg) { \
1976 tt_str_op(msg, OP_NE, \
1977 #varname " may only be changed in testing Tor networks!"); \
1978 tor_free(msg); \
1979 } \
1980 STMT_END
1981
1982 ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600);
1983 ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000);
1984 ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000);
1985 ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000);
1986 ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000);
1987 ENSURE_DEFAULT(TestingServerDownloadInitialDelay, 3000);
1988 ENSURE_DEFAULT(TestingClientDownloadInitialDelay, 3000);
1989 ENSURE_DEFAULT(TestingServerConsensusDownloadInitialDelay, 3000);
1990 ENSURE_DEFAULT(TestingClientConsensusDownloadInitialDelay, 3000);
1991 ENSURE_DEFAULT(TestingBridgeDownloadInitialDelay, 3000);
1992 ENSURE_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay, 3000);
1993 ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
1994 ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
1995 ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000);
1996 ENSURE_DEFAULT(TestingLinkCertLifetime, 3000);
1997 ENSURE_DEFAULT(TestingSigningKeySlop, 3000);
1998 ENSURE_DEFAULT(TestingAuthKeySlop, 3000);
1999 ENSURE_DEFAULT(TestingLinkKeySlop, 3000);
2000
2001 done:
2002 escaped(NULL); // This will free the leaking memory from the previous escaped
2003 policies_free_all();
2004 free_options_test_data(tdata);
2005 tor_free(msg);
2006 }
2007
2008 static void
test_options_validate__hidserv(void * ignored)2009 test_options_validate__hidserv(void *ignored)
2010 {
2011 (void)ignored;
2012 int ret;
2013 char *msg;
2014 setup_capture_of_logs(LOG_WARN);
2015
2016 options_test_data_t *tdata = NULL;
2017
2018 free_options_test_data(tdata);
2019 tdata = get_options_test_data("RendPostPeriod 1\n" );
2020 mock_clean_saved_logs();
2021 ret = options_validate(NULL, tdata->opt, &msg);
2022 tt_int_op(ret, OP_EQ, 0);
2023 expect_log_msg("RendPostPeriod option is too short;"
2024 " raising to 600 seconds.\n");
2025 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
2026 tor_free(msg);
2027
2028 free_options_test_data(tdata);
2029 tdata = get_options_test_data("RendPostPeriod 302401\n" );
2030 mock_clean_saved_logs();
2031 ret = options_validate(NULL, tdata->opt, &msg);
2032 tt_int_op(ret, OP_EQ, 0);
2033 expect_log_msg("RendPostPeriod is too large; "
2034 "clipping to 302400s.\n");
2035 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
2036 tor_free(msg);
2037
2038 done:
2039 teardown_capture_of_logs();
2040 policies_free_all();
2041 free_options_test_data(tdata);
2042 tor_free(msg);
2043 }
2044
2045 static void
test_options_validate__path_bias(void * ignored)2046 test_options_validate__path_bias(void *ignored)
2047 {
2048 (void)ignored;
2049 int ret;
2050 char *msg;
2051
2052 options_test_data_t *tdata = get_options_test_data(
2053 "PathBiasNoticeRate 1.1\n");
2054 ret = options_validate(NULL, tdata->opt, &msg);
2055 tt_int_op(ret, OP_EQ, -1);
2056 tt_str_op(msg, OP_EQ,
2057 "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
2058 tor_free(msg);
2059
2060 free_options_test_data(tdata);
2061 tdata = get_options_test_data("PathBiasWarnRate 1.1\n");
2062 ret = options_validate(NULL, tdata->opt, &msg);
2063 tt_int_op(ret, OP_EQ, -1);
2064 tt_str_op(msg, OP_EQ,
2065 "PathBiasWarnRate is too high. It must be between 0 and 1.0");
2066 tor_free(msg);
2067
2068 free_options_test_data(tdata);
2069 tdata = get_options_test_data("PathBiasExtremeRate 1.1\n");
2070 ret = options_validate(NULL, tdata->opt, &msg);
2071 tt_int_op(ret, OP_EQ, -1);
2072 tt_str_op(msg, OP_EQ,
2073 "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
2074 tor_free(msg);
2075
2076 free_options_test_data(tdata);
2077 tdata = get_options_test_data("PathBiasNoticeUseRate 1.1\n");
2078 ret = options_validate(NULL, tdata->opt, &msg);
2079 tt_int_op(ret, OP_EQ, -1);
2080 tt_str_op(msg, OP_EQ,
2081 "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
2082 tor_free(msg);
2083
2084 free_options_test_data(tdata);
2085 tdata = get_options_test_data("PathBiasExtremeUseRate 1.1\n");
2086 ret = options_validate(NULL, tdata->opt, &msg);
2087 tt_int_op(ret, OP_EQ, -1);
2088 tt_str_op(msg, OP_EQ,
2089 "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
2090 tor_free(msg);
2091
2092 done:
2093 free_options_test_data(tdata);
2094 tor_free(msg);
2095 }
2096
2097 static void
test_options_validate__bandwidth(void * ignored)2098 test_options_validate__bandwidth(void *ignored)
2099 {
2100 (void)ignored;
2101 int ret;
2102 char *msg;
2103 options_test_data_t *tdata = NULL;
2104
2105 #define ENSURE_BANDWIDTH_PARAM(p, EXTRA_OPT_STR) \
2106 STMT_BEGIN \
2107 free_options_test_data(tdata); \
2108 tdata = get_options_test_data(EXTRA_OPT_STR \
2109 #p " 3Gb\n"); \
2110 ret = options_validate(NULL, tdata->opt, &msg); \
2111 tt_int_op(ret, OP_EQ, -1); \
2112 tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
2113 tor_free(msg); \
2114 STMT_END
2115
2116 ENSURE_BANDWIDTH_PARAM(BandwidthRate, "");
2117 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, "");
2118
2119 ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_V3);
2120 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_V3);
2121
2122 ENSURE_BANDWIDTH_PARAM(BandwidthRate, ENABLE_AUTHORITY_BRIDGE);
2123 ENSURE_BANDWIDTH_PARAM(BandwidthBurst, ENABLE_AUTHORITY_BRIDGE);
2124
2125 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, "");
2126 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, "");
2127 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, "");
2128 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, "");
2129 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, "");
2130
2131 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_V3);
2132 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_V3);
2133 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_V3);
2134 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_V3);
2135 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_V3);
2136
2137 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth, ENABLE_AUTHORITY_BRIDGE);
2138 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate, ENABLE_AUTHORITY_BRIDGE);
2139 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst, ENABLE_AUTHORITY_BRIDGE);
2140 ENSURE_BANDWIDTH_PARAM(PerConnBWRate, ENABLE_AUTHORITY_BRIDGE);
2141 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst, ENABLE_AUTHORITY_BRIDGE);
2142
2143 ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee, ENABLE_AUTHORITY_V3);
2144 ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee, ENABLE_AUTHORITY_V3);
2145
2146 free_options_test_data(tdata);
2147 tdata = get_options_test_data("RelayBandwidthRate 1000\n");
2148 ret = options_validate(NULL, tdata->opt, &msg);
2149 tt_int_op(ret, OP_EQ, 0);
2150 tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000);
2151 tor_free(msg);
2152
2153 free_options_test_data(tdata);
2154 tdata = get_options_test_data("RelayBandwidthBurst 1001\n");
2155 ret = options_validate(NULL, tdata->opt, &msg);
2156 tt_int_op(ret, OP_EQ, 0);
2157 tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001);
2158 tor_free(msg);
2159
2160 free_options_test_data(tdata);
2161 tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2162 "RelayBandwidthBurst 1000\n");
2163 ret = options_validate(NULL, tdata->opt, &msg);
2164 tt_int_op(ret, OP_EQ, -1);
2165 tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to "
2166 "RelayBandwidthRate.");
2167 tor_free(msg);
2168
2169 free_options_test_data(tdata);
2170 tdata = get_options_test_data("BandwidthRate 1001\n"
2171 "BandwidthBurst 1000\n");
2172 ret = options_validate(NULL, tdata->opt, &msg);
2173 tt_int_op(ret, OP_EQ, -1);
2174 tt_str_op(msg, OP_EQ,
2175 "BandwidthBurst must be at least equal to BandwidthRate.");
2176 tor_free(msg);
2177
2178 free_options_test_data(tdata);
2179 tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2180 "BandwidthRate 1000\n"
2181 "BandwidthBurst 1000\n"
2182 );
2183 ret = options_validate(NULL, tdata->opt, &msg);
2184 tt_int_op(ret, OP_EQ, 0);
2185 tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001);
2186 tor_free(msg);
2187
2188 free_options_test_data(tdata);
2189 tdata = get_options_test_data("RelayBandwidthRate 1001\n"
2190 "BandwidthRate 1000\n"
2191 "RelayBandwidthBurst 1001\n"
2192 "BandwidthBurst 1000\n"
2193 );
2194 ret = options_validate(NULL, tdata->opt, &msg);
2195 tt_int_op(ret, OP_EQ, 0);
2196 tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001);
2197 tor_free(msg);
2198
2199 free_options_test_data(tdata);
2200 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2201 "BandwidthRate 1\n"
2202 );
2203 ret = options_validate(NULL, tdata->opt, &msg);
2204 tt_int_op(ret, OP_EQ, -1);
2205 tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers,"
2206 " it must be at least 76800.");
2207 tor_free(msg);
2208
2209 free_options_test_data(tdata);
2210 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2211 "BandwidthRate 76800\n"
2212 "MaxAdvertisedBandwidth 30000\n"
2213 );
2214 ret = options_validate(NULL, tdata->opt, &msg);
2215 tt_int_op(ret, OP_EQ, -1);
2216 tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
2217 " For servers, it must be at least 38400.");
2218 tor_free(msg);
2219
2220 free_options_test_data(tdata);
2221 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2222 "BandwidthRate 76800\n"
2223 "RelayBandwidthRate 1\n"
2224 "MaxAdvertisedBandwidth 38400\n"
2225 );
2226 ret = options_validate(NULL, tdata->opt, &msg);
2227 tt_int_op(ret, OP_EQ, -1);
2228 tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For "
2229 "servers, it must be at least 76800.");
2230 tor_free(msg);
2231
2232 free_options_test_data(tdata);
2233 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
2234 "BandwidthRate 76800\n"
2235 "BandwidthBurst 76800\n"
2236 "RelayBandwidthRate 76800\n"
2237 "MaxAdvertisedBandwidth 38400\n"
2238 );
2239 ret = options_validate(NULL, tdata->opt, &msg);
2240 tt_int_op(ret, OP_EQ, 0);
2241 tor_free(msg);
2242
2243 done:
2244 policies_free_all();
2245 free_options_test_data(tdata);
2246 tor_free(msg);
2247 }
2248
2249 static void
test_options_validate__circuits(void * ignored)2250 test_options_validate__circuits(void *ignored)
2251 {
2252 (void)ignored;
2253 char *msg;
2254 options_test_data_t *tdata = NULL;
2255 setup_capture_of_logs(LOG_WARN);
2256
2257 free_options_test_data(tdata);
2258 tdata = get_options_test_data("MaxCircuitDirtiness 2592001\n");
2259 options_validate(NULL, tdata->opt, &msg);
2260 expect_log_msg("MaxCircuitDirtiness option is too "
2261 "high; setting to 30 days.\n");
2262 tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000);
2263 tor_free(msg);
2264
2265 free_options_test_data(tdata);
2266 mock_clean_saved_logs();
2267 tdata = get_options_test_data("CircuitStreamTimeout 1\n");
2268 options_validate(NULL, tdata->opt, &msg);
2269 expect_log_msg("CircuitStreamTimeout option is too"
2270 " short; raising to 10 seconds.\n");
2271 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10);
2272 tor_free(msg);
2273
2274 free_options_test_data(tdata);
2275 mock_clean_saved_logs();
2276 tdata = get_options_test_data("CircuitStreamTimeout 111\n");
2277 options_validate(NULL, tdata->opt, &msg);
2278 expect_no_log_msg("CircuitStreamTimeout option is too"
2279 " short; raising to 10 seconds.\n");
2280 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111);
2281 tor_free(msg);
2282
2283 free_options_test_data(tdata);
2284 mock_clean_saved_logs();
2285 tdata = get_options_test_data("HeartbeatPeriod 1\n");
2286 options_validate(NULL, tdata->opt, &msg);
2287 expect_log_msg("HeartbeatPeriod option is too short;"
2288 " raising to 1800 seconds.\n");
2289 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800);
2290 tor_free(msg);
2291
2292 free_options_test_data(tdata);
2293 mock_clean_saved_logs();
2294 tdata = get_options_test_data("HeartbeatPeriod 1982\n");
2295 options_validate(NULL, tdata->opt, &msg);
2296 expect_no_log_msg("HeartbeatPeriod option is too short;"
2297 " raising to 1800 seconds.\n");
2298 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982);
2299 tor_free(msg);
2300
2301 free_options_test_data(tdata);
2302 mock_clean_saved_logs();
2303 tdata = get_options_test_data("LearnCircuitBuildTimeout 0\n"
2304 "CircuitBuildTimeout 1\n"
2305 );
2306 options_validate(NULL, tdata->opt, &msg);
2307 expect_log_msg("CircuitBuildTimeout is shorter (1"
2308 " seconds) than the recommended minimum (10 seconds), and "
2309 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2310 "raise this value or enable LearnCircuitBuildTimeout.\n");
2311 tor_free(msg);
2312
2313 free_options_test_data(tdata);
2314 mock_clean_saved_logs();
2315 tdata = get_options_test_data("CircuitBuildTimeout 11\n"
2316 );
2317 options_validate(NULL, tdata->opt, &msg);
2318 expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
2319 "seconds) than the recommended minimum (10 seconds), and "
2320 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2321 "raise this value or enable LearnCircuitBuildTimeout.\n");
2322 tor_free(msg);
2323
2324 done:
2325 policies_free_all();
2326 teardown_capture_of_logs();
2327 free_options_test_data(tdata);
2328 tor_free(msg);
2329 }
2330
2331 static void
test_options_validate__rend(void * ignored)2332 test_options_validate__rend(void *ignored)
2333 {
2334 (void)ignored;
2335 int ret;
2336 char *msg;
2337 options_test_data_t *tdata = NULL;
2338 setup_capture_of_logs(LOG_WARN);
2339
2340 free_options_test_data(tdata);
2341 tdata = get_options_test_data(
2342 "UseEntryGuards 0\n"
2343 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2344 "HiddenServicePort 80 127.0.0.1:8080\n"
2345 );
2346 ret = options_validate(NULL, tdata->opt, &msg);
2347 tt_int_op(ret, OP_EQ, 0);
2348 expect_log_msg("UseEntryGuards is disabled, but you"
2349 " have configured one or more hidden services on this Tor "
2350 "instance. Your hidden services will be very easy to locate using"
2351 " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2352 "attack06 for details.\n");
2353 tor_free(msg);
2354
2355 free_options_test_data(tdata);
2356 tdata = get_options_test_data(
2357 "UseEntryGuards 1\n"
2358 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2359 "HiddenServicePort 80 127.0.0.1:8080\n"
2360 );
2361 mock_clean_saved_logs();
2362 ret = options_validate(NULL, tdata->opt, &msg);
2363 tt_int_op(ret, OP_EQ, 0);
2364 expect_no_log_msg("UseEntryGuards is disabled, but you"
2365 " have configured one or more hidden services on this Tor "
2366 "instance. Your hidden services will be very easy to locate using"
2367 " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2368 "attack06 for details.\n");
2369
2370 free_options_test_data(tdata);
2371 tdata = get_options_test_data("HiddenServicePort 80 127.0.0.1:8080\n");
2372 ret = options_validate(NULL, tdata->opt, &msg);
2373 tt_int_op(ret, OP_EQ, -1);
2374 tt_str_op(msg, OP_EQ,
2375 "Failed to configure rendezvous options. See logs for details.");
2376 tor_free(msg);
2377
2378 done:
2379 policies_free_all();
2380 teardown_capture_of_logs();
2381 free_options_test_data(tdata);
2382 tor_free(msg);
2383 }
2384
2385 static void
test_options_validate__single_onion(void * ignored)2386 test_options_validate__single_onion(void *ignored)
2387 {
2388 (void)ignored;
2389 int ret;
2390 char *msg;
2391 options_test_data_t *tdata = NULL;
2392 setup_capture_of_logs(LOG_WARN);
2393
2394 /* Test that HiddenServiceSingleHopMode must come with
2395 * HiddenServiceNonAnonymousMode */
2396 tdata = get_options_test_data("SOCKSPort 0\n"
2397 "HiddenServiceSingleHopMode 1\n"
2398 );
2399 ret = options_validate(NULL, tdata->opt, &msg);
2400 tt_int_op(ret, OP_EQ, -1);
2401 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2402 "server anonymity. It must be used with "
2403 "HiddenServiceNonAnonymousMode set to 1.");
2404 tor_free(msg);
2405 free_options_test_data(tdata);
2406
2407 tdata = get_options_test_data("SOCKSPort 0\n"
2408 "HiddenServiceSingleHopMode 1\n"
2409 "HiddenServiceNonAnonymousMode 0\n"
2410 );
2411 ret = options_validate(NULL, tdata->opt, &msg);
2412 tt_int_op(ret, OP_EQ, -1);
2413 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2414 "server anonymity. It must be used with "
2415 "HiddenServiceNonAnonymousMode set to 1.");
2416 tor_free(msg);
2417 free_options_test_data(tdata);
2418
2419 tdata = get_options_test_data("SOCKSPort 0\n"
2420 "HiddenServiceSingleHopMode 1\n"
2421 "HiddenServiceNonAnonymousMode 1\n"
2422 );
2423 ret = options_validate(NULL, tdata->opt, &msg);
2424 tt_int_op(ret, OP_EQ, 0);
2425 tt_ptr_op(msg, OP_EQ, NULL);
2426 free_options_test_data(tdata);
2427
2428 /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
2429 tdata = get_options_test_data("SOCKSPort 5000\n"
2430 "HiddenServiceSingleHopMode 1\n"
2431 "HiddenServiceNonAnonymousMode 1\n"
2432 );
2433 ret = options_validate(NULL, tdata->opt, &msg);
2434 tt_int_op(ret, OP_EQ, -1);
2435 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with "
2436 "using Tor as an anonymous client. Please set "
2437 "Socks/Trans/NATD/DNSPort to 0, or revert "
2438 "HiddenServiceNonAnonymousMode to 0.");
2439 tor_free(msg);
2440 free_options_test_data(tdata);
2441
2442 tdata = get_options_test_data("SOCKSPort 0\n"
2443 "HiddenServiceSingleHopMode 1\n"
2444 "HiddenServiceNonAnonymousMode 1\n"
2445 );
2446 ret = options_validate(NULL, tdata->opt, &msg);
2447 tt_int_op(ret, OP_EQ, 0);
2448 tt_ptr_op(msg, OP_EQ, NULL);
2449 free_options_test_data(tdata);
2450
2451 tdata = get_options_test_data("SOCKSPort 5000\n"
2452 "HiddenServiceSingleHopMode 0\n"
2453 );
2454 ret = options_validate(NULL, tdata->opt, &msg);
2455 tt_int_op(ret, OP_EQ, 0);
2456 tt_ptr_op(msg, OP_EQ, NULL);
2457 free_options_test_data(tdata);
2458
2459 /* Test that a hidden service can't be run in non anonymous mode. */
2460 tdata = get_options_test_data(
2461 "HiddenServiceNonAnonymousMode 1\n"
2462 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2463 "HiddenServicePort 80 127.0.0.1:8080\n"
2464 );
2465 ret = options_validate(NULL, tdata->opt, &msg);
2466 tt_int_op(ret, OP_EQ, -1);
2467 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2468 "server anonymity. It must be used with "
2469 "HiddenServiceSingleHopMode set to 1.");
2470 tor_free(msg);
2471 free_options_test_data(tdata);
2472
2473 tdata = get_options_test_data(
2474 "HiddenServiceNonAnonymousMode 1\n"
2475 );
2476 ret = options_validate(NULL, tdata->opt, &msg);
2477 tt_int_op(ret, OP_EQ, -1);
2478 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2479 "server anonymity. It must be used with "
2480 "HiddenServiceSingleHopMode set to 1.");
2481 tor_free(msg);
2482 free_options_test_data(tdata);
2483
2484 tdata = get_options_test_data(
2485 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2486 "HiddenServicePort 80 127.0.0.1:8080\n"
2487 );
2488 ret = options_validate(NULL, tdata->opt, &msg);
2489 tt_int_op(ret, OP_EQ, 0);
2490 tt_ptr_op(msg, OP_EQ, NULL);
2491 free_options_test_data(tdata);
2492
2493 tdata = get_options_test_data(
2494 "HiddenServiceNonAnonymousMode 1\n"
2495 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2496 "HiddenServicePort 80 127.0.0.1:8080\n"
2497 "HiddenServiceSingleHopMode 1\n"
2498 "SOCKSPort 0\n"
2499 );
2500 ret = options_validate(NULL, tdata->opt, &msg);
2501 tt_int_op(ret, OP_EQ, 0);
2502 tt_ptr_op(msg, OP_EQ, NULL);
2503
2504 done:
2505 policies_free_all();
2506 teardown_capture_of_logs();
2507 free_options_test_data(tdata);
2508 tor_free(msg);
2509 }
2510
2511 static void
test_options_validate__accounting(void * ignored)2512 test_options_validate__accounting(void *ignored)
2513 {
2514 (void)ignored;
2515 int ret;
2516 char *msg;
2517 options_test_data_t *tdata = NULL;
2518 setup_capture_of_logs(LOG_WARN);
2519
2520 free_options_test_data(tdata);
2521 tdata = get_options_test_data("AccountingRule something_bad\n");
2522 ret = options_validate(NULL, tdata->opt, &msg);
2523 tt_int_op(ret, OP_EQ, -1);
2524 tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
2525 tor_free(msg);
2526
2527 free_options_test_data(tdata);
2528 tdata = get_options_test_data("AccountingRule sum\n");
2529 ret = options_validate(NULL, tdata->opt, &msg);
2530 tt_int_op(ret, OP_EQ, 0);
2531 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM);
2532 tor_free(msg);
2533
2534 free_options_test_data(tdata);
2535 tdata = get_options_test_data("AccountingRule max\n");
2536 ret = options_validate(NULL, tdata->opt, &msg);
2537 tt_int_op(ret, OP_EQ, 0);
2538 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX);
2539 tor_free(msg);
2540
2541 free_options_test_data(tdata);
2542 tdata = get_options_test_data("AccountingRule in\n");
2543 ret = options_validate(NULL, tdata->opt, &msg);
2544 tt_int_op(ret, OP_EQ, 0);
2545 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_IN);
2546 tor_free(msg);
2547
2548 free_options_test_data(tdata);
2549 tdata = get_options_test_data("AccountingRule out\n");
2550 ret = options_validate(NULL, tdata->opt, &msg);
2551 tt_int_op(ret, OP_EQ, 0);
2552 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_OUT);
2553 tor_free(msg);
2554
2555 free_options_test_data(tdata);
2556 tdata = get_options_test_data("AccountingStart fail\n");
2557 ret = options_validate(NULL, tdata->opt, &msg);
2558 tt_int_op(ret, OP_EQ, -1);
2559 tt_str_op(msg, OP_EQ,
2560 "Failed to parse accounting options. See logs for details.");
2561 tor_free(msg);
2562
2563 free_options_test_data(tdata);
2564 tdata = get_options_test_data("AccountingMax 10\n");
2565 ret = options_validate(NULL, tdata->opt, &msg);
2566 tt_int_op(ret, OP_EQ, 0);
2567 tor_free(msg);
2568
2569 free_options_test_data(tdata);
2570 tdata = get_options_test_data(
2571 "ORPort 127.0.0.1:5555\n"
2572 "BandwidthRate 76800\n"
2573 "BandwidthBurst 76800\n"
2574 "MaxAdvertisedBandwidth 38400\n"
2575 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2576 "HiddenServicePort 80 127.0.0.1:8080\n"
2577 "AccountingMax 10\n"
2578 );
2579 mock_clean_saved_logs();
2580 ret = options_validate(NULL, tdata->opt, &msg);
2581 tt_int_op(ret, OP_EQ, 0);
2582 expect_log_msg("Using accounting with a hidden "
2583 "service and an ORPort is risky: your hidden service(s) and "
2584 "your public address will all turn off at the same time, "
2585 "which may alert observers that they are being run by the "
2586 "same party.\n");
2587 tor_free(msg);
2588
2589 free_options_test_data(tdata);
2590 tdata = get_options_test_data(
2591 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2592 "HiddenServicePort 80 127.0.0.1:8080\n"
2593 "AccountingMax 10\n"
2594 );
2595 mock_clean_saved_logs();
2596 ret = options_validate(NULL, tdata->opt, &msg);
2597 tt_int_op(ret, OP_EQ, 0);
2598 expect_no_log_msg("Using accounting with a hidden "
2599 "service and an ORPort is risky: your hidden service(s) and "
2600 "your public address will all turn off at the same time, "
2601 "which may alert observers that they are being run by the "
2602 "same party.\n");
2603 tor_free(msg);
2604
2605 free_options_test_data(tdata);
2606 tdata = get_options_test_data(
2607 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2608 "HiddenServicePort 80 127.0.0.1:8080\n"
2609 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
2610 "HiddenServicePort 81 127.0.0.1:8081\n"
2611 "AccountingMax 10\n"
2612 );
2613 mock_clean_saved_logs();
2614 ret = options_validate(NULL, tdata->opt, &msg);
2615 tt_int_op(ret, OP_EQ, 0);
2616 expect_log_msg("Using accounting with multiple "
2617 "hidden services is risky: they will all turn off at the same"
2618 " time, which may alert observers that they are being run by "
2619 "the same party.\n");
2620 tor_free(msg);
2621
2622 done:
2623 teardown_capture_of_logs();
2624 policies_free_all();
2625 free_options_test_data(tdata);
2626 tor_free(msg);
2627 }
2628
2629 static void
test_options_validate__proxy(void * ignored)2630 test_options_validate__proxy(void *ignored)
2631 {
2632 (void)ignored;
2633 int ret;
2634 char *msg;
2635 options_test_data_t *tdata = NULL;
2636 sandbox_disable_getaddrinfo_cache();
2637 setup_capture_of_logs(LOG_WARN);
2638 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
2639
2640 free_options_test_data(tdata);
2641 tdata = get_options_test_data("HttpProxy 127.0.42.1\n");
2642 ret = options_validate(NULL, tdata->opt, &msg);
2643 tt_int_op(ret, OP_EQ, 0);
2644 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80);
2645 tor_free(msg);
2646
2647 free_options_test_data(tdata);
2648 tdata = get_options_test_data("HttpProxy 127.0.42.1:444\n");
2649 ret = options_validate(NULL, tdata->opt, &msg);
2650 tt_int_op(ret, OP_EQ, 0);
2651 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444);
2652 tor_free(msg);
2653
2654 free_options_test_data(tdata);
2655
2656 tdata = get_options_test_data("HttpProxy not_so_valid!\n");
2657 ret = options_validate(NULL, tdata->opt, &msg);
2658 tt_int_op(ret, OP_EQ, -1);
2659 tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix.");
2660 tor_free(msg);
2661
2662 free_options_test_data(tdata);
2663 tdata = get_options_test_data("HttpProxyAuthenticator "
2664 "onetwothreonetwothreonetwothreonetwothreonetw"
2665 "othreonetwothreonetwothreonetwothreonetwothre"
2666 "onetwothreonetwothreonetwothreonetwothreonetw"
2667 "othreonetwothreonetwothreonetwothreonetwothre"
2668 "onetwothreonetwothreonetwothreonetwothreonetw"
2669 "othreonetwothreonetwothreonetwothreonetwothre"
2670 "onetwothreonetwothreonetwothreonetwothreonetw"
2671 "othreonetwothreonetwothreonetwothreonetwothre"
2672 "onetwothreonetwothreonetwothreonetwothreonetw"
2673 "othreonetwothreonetwothreonetwothreonetwothre"
2674 "onetwothreonetwothreonetwothreonetwothreonetw"
2675 "othreonetwothreeonetwothreeonetwothree"
2676 );
2677 ret = options_validate(NULL, tdata->opt, &msg);
2678 tt_int_op(ret, OP_EQ, -1);
2679 tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars).");
2680 tor_free(msg);
2681
2682 free_options_test_data(tdata);
2683 tdata = get_options_test_data("HttpProxyAuthenticator validauth\n");
2684 ret = options_validate(NULL, tdata->opt, &msg);
2685 tt_int_op(ret, OP_EQ, 0);
2686 tor_free(msg);
2687
2688 free_options_test_data(tdata);
2689 tdata = get_options_test_data("HttpsProxy 127.0.42.1\n");
2690 ret = options_validate(NULL, tdata->opt, &msg);
2691 tt_int_op(ret, OP_EQ, 0);
2692 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443);
2693 tor_free(msg);
2694
2695 free_options_test_data(tdata);
2696 tdata = get_options_test_data("HttpsProxy 127.0.42.1:444\n");
2697 ret = options_validate(NULL, tdata->opt, &msg);
2698 tt_int_op(ret, OP_EQ, 0);
2699 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444);
2700 tor_free(msg);
2701
2702 free_options_test_data(tdata);
2703 tdata = get_options_test_data("HttpsProxy not_so_valid!\n");
2704 ret = options_validate(NULL, tdata->opt, &msg);
2705 tt_int_op(ret, OP_EQ, -1);
2706 tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix.");
2707 tor_free(msg);
2708
2709 free_options_test_data(tdata);
2710 tdata = get_options_test_data("HttpsProxyAuthenticator "
2711 "onetwothreonetwothreonetwothreonetwothreonetw"
2712 "othreonetwothreonetwothreonetwothreonetwothre"
2713 "onetwothreonetwothreonetwothreonetwothreonetw"
2714 "othreonetwothreonetwothreonetwothreonetwothre"
2715 "onetwothreonetwothreonetwothreonetwothreonetw"
2716 "othreonetwothreonetwothreonetwothreonetwothre"
2717 "onetwothreonetwothreonetwothreonetwothreonetw"
2718 "othreonetwothreonetwothreonetwothreonetwothre"
2719 "onetwothreonetwothreonetwothreonetwothreonetw"
2720 "othreonetwothreonetwothreonetwothreonetwothre"
2721 "onetwothreonetwothreonetwothreonetwothreonetw"
2722 "othreonetwothreeonetwothreeonetwothree"
2723
2724 );
2725 ret = options_validate(NULL, tdata->opt, &msg);
2726 tt_int_op(ret, OP_EQ, -1);
2727 tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
2728 tor_free(msg);
2729
2730 free_options_test_data(tdata);
2731 tdata = get_options_test_data("HttpsProxyAuthenticator validauth\n");
2732 ret = options_validate(NULL, tdata->opt, &msg);
2733 tt_int_op(ret, OP_EQ, 0);
2734 tor_free(msg);
2735
2736 free_options_test_data(tdata);
2737 tdata = get_options_test_data("Socks4Proxy 127.0.42.1\n");
2738 ret = options_validate(NULL, tdata->opt, &msg);
2739 tt_int_op(ret, OP_EQ, 0);
2740 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080);
2741 tor_free(msg);
2742
2743 free_options_test_data(tdata);
2744 tdata = get_options_test_data("Socks4Proxy 127.0.42.1:444\n");
2745 ret = options_validate(NULL, tdata->opt, &msg);
2746 tt_int_op(ret, OP_EQ, 0);
2747 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444);
2748 tor_free(msg);
2749
2750 free_options_test_data(tdata);
2751 tdata = get_options_test_data("Socks4Proxy not_so_valid!\n");
2752 ret = options_validate(NULL, tdata->opt, &msg);
2753 tt_int_op(ret, OP_EQ, -1);
2754 tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix.");
2755 tor_free(msg);
2756
2757 free_options_test_data(tdata);
2758 tdata = get_options_test_data("Socks5Proxy 127.0.42.1\n");
2759 ret = options_validate(NULL, tdata->opt, &msg);
2760 tt_int_op(ret, OP_EQ, 0);
2761 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080);
2762 tor_free(msg);
2763
2764 free_options_test_data(tdata);
2765 tdata = get_options_test_data("Socks5Proxy 127.0.42.1:444\n");
2766 ret = options_validate(NULL, tdata->opt, &msg);
2767 tt_int_op(ret, OP_EQ, 0);
2768 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444);
2769 tor_free(msg);
2770
2771 free_options_test_data(tdata);
2772 tdata = get_options_test_data("Socks5Proxy not_so_valid!\n");
2773 ret = options_validate(NULL, tdata->opt, &msg);
2774 tt_int_op(ret, OP_EQ, -1);
2775 tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix.");
2776 tor_free(msg);
2777
2778 free_options_test_data(tdata);
2779 tdata = get_options_test_data("Socks4Proxy 215.1.1.1\n"
2780 "Socks5Proxy 215.1.1.2\n"
2781 );
2782 ret = options_validate(NULL, tdata->opt, &msg);
2783 tt_int_op(ret, OP_EQ, -1);
2784 tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
2785 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
2786 tor_free(msg);
2787
2788 free_options_test_data(tdata);
2789 tdata = get_options_test_data("HttpProxy 215.1.1.1\n");
2790 mock_clean_saved_logs();
2791 ret = options_validate(NULL, tdata->opt, &msg);
2792 tt_int_op(ret, OP_EQ, 0);
2793 expect_log_msg("HTTPProxy configured, but no SOCKS proxy, "
2794 "HTTPS proxy, or any other TCP proxy configured. Watch out: "
2795 "this configuration will proxy unencrypted directory "
2796 "connections only.\n");
2797 tor_free(msg);
2798
2799 free_options_test_data(tdata);
2800 tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2801 "Socks4Proxy 215.1.1.1\n"
2802 );
2803 mock_clean_saved_logs();
2804 ret = options_validate(NULL, tdata->opt, &msg);
2805 tt_int_op(ret, OP_EQ, 0);
2806 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2807 "proxy or HTTPS proxy configured. Watch out: this configuration "
2808 "will proxy unencrypted directory connections only.\n");
2809 tor_free(msg);
2810
2811 free_options_test_data(tdata);
2812 tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2813 "Socks5Proxy 215.1.1.1\n"
2814 );
2815 mock_clean_saved_logs();
2816 ret = options_validate(NULL, tdata->opt, &msg);
2817 tt_int_op(ret, OP_EQ, 0);
2818 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2819 "proxy or HTTPS proxy configured. Watch out: this configuration "
2820 "will proxy unencrypted directory connections only.\n");
2821 tor_free(msg);
2822
2823 free_options_test_data(tdata);
2824 tdata = get_options_test_data("HttpProxy 215.1.1.1\n"
2825 "HttpsProxy 215.1.1.1\n"
2826 );
2827 mock_clean_saved_logs();
2828 ret = options_validate(NULL, tdata->opt, &msg);
2829 tt_int_op(ret, OP_EQ, 0);
2830 expect_no_log_msg(
2831 "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
2832 "configured. Watch out: this configuration will proxy "
2833 "unencrypted directory connections only.\n");
2834 tor_free(msg);
2835
2836 free_options_test_data(tdata);
2837 tdata = get_options_test_data("");
2838 tdata->opt->Socks5ProxyUsername = tor_strdup("");
2839 ret = options_validate(NULL, tdata->opt, &msg);
2840 tt_int_op(ret, OP_EQ, -1);
2841 tt_str_op(msg, OP_EQ,
2842 "Socks5ProxyUsername must be between 1 and 255 characters.");
2843 tor_free(msg);
2844
2845 free_options_test_data(tdata);
2846 tdata = get_options_test_data("");
2847 tdata->opt->Socks5ProxyUsername =
2848 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2849 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2850 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2851 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2852 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2853 ret = options_validate(NULL, tdata->opt, &msg);
2854 tt_int_op(ret, OP_EQ, -1);
2855 tt_str_op(msg, OP_EQ,
2856 "Socks5ProxyUsername must be between 1 and 255 characters.");
2857 tor_free(msg);
2858
2859 free_options_test_data(tdata);
2860 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2861 ret = options_validate(NULL, tdata->opt, &msg);
2862 tt_int_op(ret, OP_EQ, -1);
2863 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
2864 "Socks5ProxyUsername.");
2865 tor_free(msg);
2866
2867 free_options_test_data(tdata);
2868 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2869 tdata->opt->Socks5ProxyPassword = tor_strdup("");
2870 ret = options_validate(NULL, tdata->opt, &msg);
2871 tt_int_op(ret, OP_EQ, -1);
2872 tt_str_op(msg, OP_EQ,
2873 "Socks5ProxyPassword must be between 1 and 255 characters.");
2874 tor_free(msg);
2875
2876 free_options_test_data(tdata);
2877 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n");
2878 tdata->opt->Socks5ProxyPassword =
2879 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2880 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2881 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2882 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2883 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2884 ret = options_validate(NULL, tdata->opt, &msg);
2885 tt_int_op(ret, OP_EQ, -1);
2886 tt_str_op(msg, OP_EQ,
2887 "Socks5ProxyPassword must be between 1 and 255 characters.");
2888 tor_free(msg);
2889
2890 free_options_test_data(tdata);
2891 tdata = get_options_test_data("Socks5ProxyUsername hello_world\n"
2892 "Socks5ProxyPassword world_hello\n");
2893 ret = options_validate(NULL, tdata->opt, &msg);
2894 tt_int_op(ret, OP_EQ, 0);
2895 tor_free(msg);
2896
2897 free_options_test_data(tdata);
2898 tdata = get_options_test_data("Socks5ProxyPassword hello_world\n");
2899 ret = options_validate(NULL, tdata->opt, &msg);
2900 tt_int_op(ret, OP_EQ, -1);
2901 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
2902 "Socks5ProxyUsername.");
2903 tor_free(msg);
2904
2905 done:
2906 teardown_capture_of_logs();
2907 free_options_test_data(tdata);
2908 policies_free_all();
2909 // sandbox_free_getaddrinfo_cache();
2910 tor_free(msg);
2911 UNMOCK(tor_addr_lookup);
2912 }
2913
2914 static void
test_options_validate__control(void * ignored)2915 test_options_validate__control(void *ignored)
2916 {
2917 (void)ignored;
2918 int ret;
2919 char *msg;
2920 options_test_data_t *tdata = NULL;
2921 setup_capture_of_logs(LOG_WARN);
2922
2923 free_options_test_data(tdata);
2924 tdata = get_options_test_data(
2925 "HashedControlPassword something_incorrect\n");
2926 ret = options_validate(NULL, tdata->opt, &msg);
2927 tt_int_op(ret, OP_EQ, -1);
2928 tt_str_op(msg, OP_EQ,
2929 "Bad HashedControlPassword: wrong length or bad encoding");
2930 tor_free(msg);
2931
2932 free_options_test_data(tdata);
2933 tdata = get_options_test_data("HashedControlPassword 16:872860B76453A77D60CA"
2934 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2935 );
2936 ret = options_validate(NULL, tdata->opt, &msg);
2937 tt_int_op(ret, OP_EQ, 0);
2938 tor_free(msg);
2939
2940 free_options_test_data(tdata);
2941 tdata = get_options_test_data(
2942 "__HashedControlSessionPassword something_incorrect\n"
2943 );
2944 ret = options_validate(NULL, tdata->opt, &msg);
2945 tt_int_op(ret, OP_EQ, -1);
2946 tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or "
2947 "bad encoding");
2948 tor_free(msg);
2949
2950 free_options_test_data(tdata);
2951 tdata = get_options_test_data("__HashedControlSessionPassword 16:872860B7645"
2952 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
2953 "4C\n"
2954 );
2955 ret = options_validate(NULL, tdata->opt, &msg);
2956 tt_int_op(ret, OP_EQ, 0);
2957 tor_free(msg);
2958
2959 free_options_test_data(tdata);
2960 tdata = get_options_test_data(
2961 "__OwningControllerProcess something_incorrect\n"
2962 );
2963 ret = options_validate(NULL, tdata->opt, &msg);
2964 tt_int_op(ret, OP_EQ, -1);
2965 tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID");
2966 tor_free(msg);
2967
2968 free_options_test_data(tdata);
2969 tdata = get_options_test_data("__OwningControllerProcess 123\n"
2970 );
2971 ret = options_validate(NULL, tdata->opt, &msg);
2972 tt_int_op(ret, OP_EQ, 0);
2973 tor_free(msg);
2974
2975 free_options_test_data(tdata);
2976 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
2977 );
2978 mock_clean_saved_logs();
2979 ret = options_validate(NULL, tdata->opt, &msg);
2980 tt_int_op(ret, OP_EQ, 0);
2981 expect_log_msg(
2982 "ControlPort is open, but no authentication method has been "
2983 "configured. This means that any program on your computer can "
2984 "reconfigure your Tor. That's bad! You should upgrade your Tor"
2985 " controller as soon as possible.\n");
2986 tor_free(msg);
2987
2988 free_options_test_data(tdata);
2989 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
2990 "HashedControlPassword 16:872860B76453A77D60CA"
2991 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2992 );
2993 mock_clean_saved_logs();
2994 ret = options_validate(NULL, tdata->opt, &msg);
2995 tt_int_op(ret, OP_EQ, 0);
2996 expect_no_log_msg(
2997 "ControlPort is open, but no authentication method has been "
2998 "configured. This means that any program on your computer can "
2999 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3000 "controller as soon as possible.\n");
3001 tor_free(msg);
3002
3003 free_options_test_data(tdata);
3004 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
3005 "__HashedControlSessionPassword 16:872860B7645"
3006 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3007 "4C\n"
3008 );
3009 mock_clean_saved_logs();
3010 ret = options_validate(NULL, tdata->opt, &msg);
3011 tt_int_op(ret, OP_EQ, 0);
3012 expect_no_log_msg(
3013 "ControlPort is open, but no authentication method has been "
3014 "configured. This means that any program on your computer can "
3015 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3016 "controller as soon as possible.\n");
3017 tor_free(msg);
3018
3019 free_options_test_data(tdata);
3020 tdata = get_options_test_data("ControlPort 127.0.0.1:1234\n"
3021 "CookieAuthentication 1\n"
3022 );
3023 mock_clean_saved_logs();
3024 ret = options_validate(NULL, tdata->opt, &msg);
3025 tt_int_op(ret, OP_EQ, 0);
3026 expect_no_log_msg(
3027 "ControlPort is open, but no authentication method has been "
3028 "configured. This means that any program on your computer can "
3029 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3030 "controller as soon as possible.\n");
3031 tor_free(msg);
3032
3033 #ifdef HAVE_SYS_UN_H
3034 free_options_test_data(tdata);
3035 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n");
3036 mock_clean_saved_logs();
3037 ret = options_validate(NULL, tdata->opt, &msg);
3038 tt_int_op(ret, OP_EQ, 0);
3039 expect_log_msg(
3040 "ControlSocket is world writable, but no authentication method has"
3041 " been configured. This means that any program on your computer "
3042 "can reconfigure your Tor. That's bad! You should upgrade your "
3043 "Tor controller as soon as possible.\n");
3044 tor_free(msg);
3045
3046 free_options_test_data(tdata);
3047 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3048 "HashedControlPassword 16:872860B76453A77D60CA"
3049 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3050 );
3051 mock_clean_saved_logs();
3052 ret = options_validate(NULL, tdata->opt, &msg);
3053 tt_int_op(ret, OP_EQ, 0);
3054 expect_no_log_msg(
3055 "ControlSocket is world writable, but no authentication method has"
3056 " been configured. This means that any program on your computer "
3057 "can reconfigure your Tor. That's bad! You should upgrade your "
3058 "Tor controller as soon as possible.\n");
3059 tor_free(msg);
3060
3061 free_options_test_data(tdata);
3062 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3063 "__HashedControlSessionPassword 16:872860B7645"
3064 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3065 "4C\n"
3066 );
3067 mock_clean_saved_logs();
3068 ret = options_validate(NULL, tdata->opt, &msg);
3069 tt_int_op(ret, OP_EQ, 0);
3070 expect_no_log_msg(
3071 "ControlSocket is world writable, but no authentication method has"
3072 " been configured. This means that any program on your computer "
3073 "can reconfigure your Tor. That's bad! You should upgrade your "
3074 "Tor controller as soon as possible.\n");
3075 tor_free(msg);
3076
3077 free_options_test_data(tdata);
3078 tdata = get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3079 "CookieAuthentication 1\n"
3080 );
3081 mock_clean_saved_logs();
3082 ret = options_validate(NULL, tdata->opt, &msg);
3083 tt_int_op(ret, OP_EQ, 0);
3084 expect_no_log_msg(
3085 "ControlSocket is world writable, but no authentication method has"
3086 " been configured. This means that any program on your computer "
3087 "can reconfigure your Tor. That's bad! You should upgrade your "
3088 "Tor controller as soon as possible.\n");
3089 tor_free(msg);
3090 #endif /* defined(HAVE_SYS_UN_H) */
3091
3092 free_options_test_data(tdata);
3093 tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n"
3094 );
3095 mock_clean_saved_logs();
3096 ret = options_validate(NULL, tdata->opt, &msg);
3097 tt_int_op(ret, OP_EQ, 0);
3098 expect_log_msg(
3099 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3100 "must specify an explicit CookieAuthFile to have it "
3101 "group-readable.\n");
3102 tor_free(msg);
3103
3104 free_options_test_data(tdata);
3105 tdata = get_options_test_data("CookieAuthFileGroupReadable 1\n"
3106 "CookieAuthFile /tmp/somewhere\n"
3107 );
3108 mock_clean_saved_logs();
3109 ret = options_validate(NULL, tdata->opt, &msg);
3110 tt_int_op(ret, OP_EQ, 0);
3111 expect_no_log_msg(
3112 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3113 "must specify an explicit CookieAuthFile to have it "
3114 "group-readable.\n");
3115 tor_free(msg);
3116
3117 done:
3118 teardown_capture_of_logs();
3119 policies_free_all();
3120 free_options_test_data(tdata);
3121 tor_free(msg);
3122 }
3123
3124 static void
test_options_validate__families(void * ignored)3125 test_options_validate__families(void *ignored)
3126 {
3127 (void)ignored;
3128 int ret;
3129 char *msg;
3130 options_test_data_t *tdata = NULL;
3131 setup_capture_of_logs(LOG_WARN);
3132
3133 free_options_test_data(tdata);
3134 tdata = get_options_test_data("MyFamily home\n"
3135 "BridgeRelay 1\n"
3136 "ORPort 127.0.0.1:5555\n"
3137 "BandwidthRate 51300\n"
3138 "BandwidthBurst 51300\n"
3139 "MaxAdvertisedBandwidth 25700\n"
3140 "DirCache 1\n"
3141 );
3142 mock_clean_saved_logs();
3143 ret = options_validate(NULL, tdata->opt, &msg);
3144 tt_int_op(ret, OP_EQ, 0);
3145 expect_log_msg(
3146 "Listing a family for a bridge relay is not supported: it can "
3147 "reveal bridge fingerprints to censors. You should also make sure "
3148 "you aren't listing this bridge's fingerprint in any other "
3149 "MyFamily.\n");
3150 tor_free(msg);
3151
3152 free_options_test_data(tdata);
3153 tdata = get_options_test_data("MyFamily home\n");
3154 mock_clean_saved_logs();
3155 ret = options_validate(NULL, tdata->opt, &msg);
3156 tt_int_op(ret, OP_EQ, 0);
3157 expect_no_log_msg(
3158 "Listing a family for a bridge relay is not supported: it can "
3159 "reveal bridge fingerprints to censors. You should also make sure "
3160 "you aren't listing this bridge's fingerprint in any other "
3161 "MyFamily.\n");
3162 tor_free(msg);
3163
3164 free_options_test_data(tdata);
3165 tdata = get_options_test_data("MyFamily !\n");
3166 mock_clean_saved_logs();
3167 ret = options_validate(NULL, tdata->opt, &msg);
3168 tt_int_op(ret, OP_EQ, -1);
3169 tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line");
3170 tor_free(msg);
3171
3172 free_options_test_data(tdata);
3173 tdata = get_options_test_data("NodeFamily foo\n"
3174 "NodeFamily !\n");
3175 mock_clean_saved_logs();
3176 ret = options_validate(NULL, tdata->opt, &msg);
3177 tt_int_op(ret, OP_EQ, -1);
3178 tt_assert(!msg);
3179 tor_free(msg);
3180
3181 done:
3182 teardown_capture_of_logs();
3183 policies_free_all();
3184 free_options_test_data(tdata);
3185 tor_free(msg);
3186 }
3187
3188 static void
test_options_validate__addr_policies(void * ignored)3189 test_options_validate__addr_policies(void *ignored)
3190 {
3191 (void)ignored;
3192 int ret;
3193 char *msg;
3194 options_test_data_t *tdata = NULL;
3195
3196 free_options_test_data(tdata);
3197 tdata = get_options_test_data("ExitPolicy !!!\n"
3198 "ExitRelay 1\n"
3199 );
3200 ret = options_validate(NULL, tdata->opt, &msg);
3201 tt_int_op(ret, OP_EQ, -1);
3202 tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry.");
3203 tor_free(msg);
3204
3205 done:
3206 policies_free_all();
3207 free_options_test_data(tdata);
3208 tor_free(msg);
3209 }
3210
3211 static void
test_options_validate__dir_auth(void * ignored)3212 test_options_validate__dir_auth(void *ignored)
3213 {
3214 (void)ignored;
3215 int ret;
3216 char *msg;
3217 options_test_data_t *tdata = NULL;
3218 setup_capture_of_logs(LOG_WARN);
3219
3220 free_options_test_data(tdata);
3221 tdata = get_options_test_data(VALID_DIR_AUTH
3222 VALID_ALT_DIR_AUTH
3223 );
3224 mock_clean_saved_logs();
3225 ret = options_validate(NULL, tdata->opt, &msg);
3226 tt_int_op(ret, OP_EQ, -1);
3227 tt_str_op(msg, OP_EQ,
3228 "Directory authority/fallback line did not parse. See logs for "
3229 "details.");
3230 expect_log_msg(
3231 "You cannot set both DirAuthority and Alternate*Authority.\n");
3232 tor_free(msg);
3233
3234 free_options_test_data(tdata);
3235 tdata = get_options_test_data("TestingTorNetwork 1\n");
3236 ret = options_validate(NULL, tdata->opt, &msg);
3237 tt_int_op(ret, OP_EQ, -1);
3238 tt_str_op(msg, OP_EQ,
3239 "TestingTorNetwork may only be configured in combination with a "
3240 "non-default set of DirAuthority or both of AlternateDirAuthority "
3241 "and AlternateBridgeAuthority configured.");
3242 tor_free(msg);
3243
3244 free_options_test_data(tdata);
3245 tdata = get_options_test_data(VALID_DIR_AUTH
3246 "TestingTorNetwork 1\n"
3247 );
3248 ret = options_validate(NULL, tdata->opt, &msg);
3249 tt_int_op(ret, OP_EQ, 0);
3250 tor_free(msg);
3251
3252 free_options_test_data(tdata);
3253 tdata = get_options_test_data("TestingTorNetwork 1\n"
3254 VALID_ALT_DIR_AUTH
3255 );
3256 ret = options_validate(NULL, tdata->opt, &msg);
3257 tt_int_op(ret, OP_EQ, -1);
3258 tt_str_op(msg, OP_EQ,
3259 "TestingTorNetwork may only be configured in combination with a "
3260 "non-default set of DirAuthority or both of AlternateDirAuthority "
3261 "and AlternateBridgeAuthority configured.");
3262 tor_free(msg);
3263
3264 free_options_test_data(tdata);
3265 tdata = get_options_test_data("TestingTorNetwork 1\n"
3266 VALID_ALT_BRIDGE_AUTH
3267 );
3268 ret = options_validate(NULL, tdata->opt, &msg);
3269 tt_int_op(ret, OP_EQ, -1);
3270 tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in "
3271 "combination with a non-default set of DirAuthority or both of "
3272 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3273 tor_free(msg);
3274
3275 free_options_test_data(tdata);
3276 tdata = get_options_test_data(VALID_ALT_DIR_AUTH
3277 VALID_ALT_BRIDGE_AUTH
3278 "TestingTorNetwork 1\n"
3279 );
3280 ret = options_validate(NULL, tdata->opt, &msg);
3281 tt_int_op(ret, OP_EQ, 0);
3282 tor_free(msg);
3283
3284 done:
3285 policies_free_all();
3286 teardown_capture_of_logs();
3287 free_options_test_data(tdata);
3288 tor_free(msg);
3289 }
3290
3291 static void
test_options_validate__transport(void * ignored)3292 test_options_validate__transport(void *ignored)
3293 {
3294 (void)ignored;
3295 int ret;
3296 char *msg;
3297 options_test_data_t *tdata = NULL;
3298 setup_capture_of_logs(LOG_NOTICE);
3299
3300 free_options_test_data(tdata);
3301 tdata = get_options_test_data("ClientTransportPlugin !!\n"
3302 );
3303 mock_clean_saved_logs();
3304 ret = options_validate(NULL, tdata->opt, &msg);
3305 tt_int_op(ret, OP_EQ, -1);
3306 tt_str_op(msg, OP_EQ,
3307 "Invalid client transport line. See logs for details.");
3308 expect_log_msg(
3309 "Too few arguments on ClientTransportPlugin line.\n");
3310 tor_free(msg);
3311
3312 free_options_test_data(tdata);
3313 tdata = get_options_test_data("ClientTransportPlugin foo exec bar\n"
3314 );
3315 mock_clean_saved_logs();
3316 ret = options_validate(NULL, tdata->opt, &msg);
3317 tt_int_op(ret, OP_EQ, 0);
3318 tor_free(msg);
3319
3320 free_options_test_data(tdata);
3321 tdata = get_options_test_data("ServerTransportPlugin !!\n");
3322 mock_clean_saved_logs();
3323 ret = options_validate(NULL, tdata->opt, &msg);
3324 tt_int_op(ret, OP_EQ, -1);
3325 tt_str_op(msg, OP_EQ,
3326 "Invalid server transport line. See logs for details.");
3327 expect_log_msg(
3328 "Too few arguments on ServerTransportPlugin line.\n");
3329 tor_free(msg);
3330
3331 free_options_test_data(tdata);
3332 tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n");
3333 mock_clean_saved_logs();
3334 ret = options_validate(NULL, tdata->opt, &msg);
3335 tt_int_op(ret, OP_EQ, 0);
3336 expect_log_msg(
3337 "Tor is not configured as a relay but you specified a "
3338 "ServerTransportPlugin line (\"foo exec bar\"). The "
3339 "ServerTransportPlugin line will be ignored.\n");
3340 tor_free(msg);
3341
3342 free_options_test_data(tdata);
3343 tdata = get_options_test_data("ServerTransportPlugin foo exec bar\n"
3344 "ORPort 127.0.0.1:5555\n"
3345 "BandwidthRate 76900\n"
3346 "BandwidthBurst 76900\n"
3347 "MaxAdvertisedBandwidth 38500\n"
3348 );
3349 mock_clean_saved_logs();
3350 ret = options_validate(NULL, tdata->opt, &msg);
3351 tt_int_op(ret, OP_EQ, 0);
3352 expect_no_log_msg(
3353 "Tor is not configured as a relay but you specified a "
3354 "ServerTransportPlugin line (\"foo exec bar\"). The "
3355 "ServerTransportPlugin line will be ignored.\n");
3356 tor_free(msg);
3357
3358 free_options_test_data(tdata);
3359 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3360 "ServerTransportListenAddr !\n");
3361 ret = options_validate(NULL, tdata->opt, &msg);
3362 tt_int_op(ret, OP_EQ, -1);
3363 tt_str_op(msg, OP_EQ,
3364 "ServerTransportListenAddr did not parse. See logs for details.");
3365 tor_free(msg);
3366
3367 free_options_test_data(tdata);
3368 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3369 );
3370 mock_clean_saved_logs();
3371 ret = options_validate(NULL, tdata->opt, &msg);
3372 tt_int_op(ret, OP_EQ, 0);
3373 expect_log_msg(
3374 "You need at least a single managed-proxy to specify a transport "
3375 "listen address. The ServerTransportListenAddr line will be "
3376 "ignored.\n");
3377 tor_free(msg);
3378
3379 free_options_test_data(tdata);
3380 tdata = get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3381 "ServerTransportPlugin foo exec bar\n"
3382 "ORPort 127.0.0.1:5555\n"
3383 "BandwidthRate 76900\n"
3384 "BandwidthBurst 76900\n"
3385 "MaxAdvertisedBandwidth 38500\n"
3386 );
3387 mock_clean_saved_logs();
3388 ret = options_validate(NULL, tdata->opt, &msg);
3389 tt_int_op(ret, OP_EQ, 0);
3390 expect_no_log_msg(
3391 "You need at least a single managed-proxy to specify a transport "
3392 "listen address. The ServerTransportListenAddr line will be "
3393 "ignored.\n");
3394
3395 done:
3396 escaped(NULL); // This will free the leaking memory from the previous escaped
3397 policies_free_all();
3398 teardown_capture_of_logs();
3399 free_options_test_data(tdata);
3400 tor_free(msg);
3401 }
3402
3403 static void
test_options_validate__constrained_sockets(void * ignored)3404 test_options_validate__constrained_sockets(void *ignored)
3405 {
3406 (void)ignored;
3407 int ret;
3408 char *msg;
3409 options_test_data_t *tdata = NULL;
3410 setup_capture_of_logs(LOG_WARN);
3411
3412 free_options_test_data(tdata);
3413 tdata = get_options_test_data("ConstrainedSockets 1\n"
3414 "ConstrainedSockSize 0\n"
3415 );
3416 mock_clean_saved_logs();
3417 ret = options_validate(NULL, tdata->opt, &msg);
3418 tt_int_op(ret, OP_EQ, -1);
3419 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3420 "between 2048 and 262144 in 1024 byte increments.");
3421 tor_free(msg);
3422
3423 free_options_test_data(tdata);
3424 tdata = get_options_test_data("ConstrainedSockets 1\n"
3425 "ConstrainedSockSize 263168\n"
3426 );
3427 mock_clean_saved_logs();
3428 ret = options_validate(NULL, tdata->opt, &msg);
3429 tt_int_op(ret, OP_EQ, -1);
3430 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3431 "between 2048 and 262144 in 1024 byte increments.");
3432 tor_free(msg);
3433
3434 free_options_test_data(tdata);
3435 tdata = get_options_test_data("ConstrainedSockets 1\n"
3436 "ConstrainedSockSize 2047\n"
3437 );
3438 mock_clean_saved_logs();
3439 ret = options_validate(NULL, tdata->opt, &msg);
3440 tt_int_op(ret, OP_EQ, -1);
3441 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3442 "between 2048 and 262144 in 1024 byte increments.");
3443 tor_free(msg);
3444
3445 done:
3446 policies_free_all();
3447 teardown_capture_of_logs();
3448 free_options_test_data(tdata);
3449 tor_free(msg);
3450 }
3451
3452 static void
test_options_validate__v3_auth(void * ignored)3453 test_options_validate__v3_auth(void *ignored)
3454 {
3455 (void)ignored;
3456 int ret;
3457 char *msg;
3458 options_test_data_t *tdata = NULL;
3459 setup_capture_of_logs(LOG_WARN);
3460
3461 free_options_test_data(tdata);
3462 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3463 "V3AuthVoteDelay 1000\n"
3464 "V3AuthDistDelay 1000\n"
3465 "V3AuthVotingInterval 1000\n"
3466 );
3467 ret = options_validate(NULL, tdata->opt, &msg);
3468 tt_int_op(ret, OP_EQ, -1);
3469 tt_str_op(msg, OP_EQ,
3470 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3471 "V3AuthVotingInterval");
3472 tor_free(msg);
3473
3474 free_options_test_data(tdata);
3475 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3476 "V3AuthVoteDelay 1\n");
3477 ret = options_validate(NULL, tdata->opt, &msg);
3478 tt_int_op(ret, OP_EQ, -1);
3479 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3480 tor_free(msg);
3481
3482 free_options_test_data(tdata);
3483 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3484 "V3AuthVoteDelay 1\n"
3485 "TestingTorNetwork 1\n");
3486 ret = options_validate(NULL, tdata->opt, &msg);
3487 tt_int_op(ret, OP_EQ, -1);
3488 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3489 tor_free(msg);
3490
3491 // TODO: we can't reach the case of v3authvotedelay lower
3492 // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
3493 // since they are the same
3494
3495 free_options_test_data(tdata);
3496 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3497 "V3AuthDistDelay 1\n");
3498 ret = options_validate(NULL, tdata->opt, &msg);
3499 tt_int_op(ret, OP_EQ, -1);
3500 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3501 tor_free(msg);
3502
3503 free_options_test_data(tdata);
3504 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3505 "V3AuthDistDelay 1\n"
3506 "TestingTorNetwork 1\n"
3507 );
3508 ret = options_validate(NULL, tdata->opt, &msg);
3509 tt_int_op(ret, OP_EQ, -1);
3510 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3511 tor_free(msg);
3512
3513 // We can't reach the case of v3authdistdelay lower than
3514 // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
3515 // since they are the same
3516
3517 free_options_test_data(tdata);
3518 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3519 "V3AuthNIntervalsValid 1\n"
3520 );
3521 ret = options_validate(NULL, tdata->opt, &msg);
3522 tt_int_op(ret, OP_EQ, -1);
3523 tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2.");
3524 tor_free(msg);
3525
3526 free_options_test_data(tdata);
3527 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3528 "V3AuthVoteDelay 49\n"
3529 "V3AuthDistDelay 49\n"
3530 "V3AuthVotingInterval 200\n"
3531 );
3532 ret = options_validate(NULL, tdata->opt, &msg);
3533 tt_int_op(ret, OP_EQ, -1);
3534 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low.");
3535 tor_free(msg);
3536
3537 free_options_test_data(tdata);
3538 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3539 VALID_DIR_AUTH
3540 "TestingTorNetwork 1\n"
3541 "V3AuthVoteDelay 49\n"
3542 "V3AuthDistDelay 49\n"
3543 "V3AuthVotingInterval 200\n"
3544 );
3545 ret = options_validate(NULL, tdata->opt, &msg);
3546 tt_int_op(ret, OP_EQ, 0);
3547 tt_ptr_op(msg, OP_EQ, NULL);
3548 tor_free(msg);
3549
3550 free_options_test_data(tdata);
3551 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3552 VALID_DIR_AUTH
3553 "TestingTorNetwork 1\n"
3554 "V3AuthVoteDelay 2\n"
3555 "V3AuthDistDelay 2\n"
3556 "V3AuthVotingInterval 9\n"
3557 );
3558 ret = options_validate(NULL, tdata->opt, &msg);
3559 tt_int_op(ret, OP_EQ, -1);
3560 tt_str_op(msg, OP_EQ,
3561 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3562 "V3AuthVotingInterval");
3563 tor_free(msg);
3564
3565 free_options_test_data(tdata);
3566 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3567 VALID_DIR_AUTH
3568 "TestingTorNetwork 1\n"
3569 "V3AuthVoteDelay 2\n"
3570 "V3AuthDistDelay 2\n"
3571 "V3AuthVotingInterval 10\n"
3572 );
3573 ret = options_validate(NULL, tdata->opt, &msg);
3574 tt_int_op(ret, OP_EQ, 0);
3575 tt_ptr_op(msg, OP_EQ, NULL);
3576 tor_free(msg);
3577
3578 free_options_test_data(tdata);
3579 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3580 "V3AuthVoteDelay 49\n"
3581 "V3AuthDistDelay 49\n"
3582 "V3AuthVotingInterval 200000\n"
3583 );
3584 ret = options_validate(NULL, tdata->opt, &msg);
3585 tt_int_op(ret, OP_EQ, -1);
3586 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high.");
3587 tor_free(msg);
3588
3589 free_options_test_data(tdata);
3590 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3591 "V3AuthVoteDelay 49\n"
3592 "V3AuthDistDelay 49\n"
3593 "V3AuthVotingInterval 1441\n"
3594 );
3595 mock_clean_saved_logs();
3596 ret = options_validate(NULL, tdata->opt, &msg);
3597 tt_int_op(ret, OP_EQ, 0);
3598 expect_log_msg("V3AuthVotingInterval does not divide"
3599 " evenly into 24 hours.\n");
3600 tor_free(msg);
3601
3602 free_options_test_data(tdata);
3603 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3604 "V3AuthVoteDelay 49\n"
3605 "V3AuthDistDelay 49\n"
3606 "V3AuthVotingInterval 1440\n"
3607 );
3608 mock_clean_saved_logs();
3609 ret = options_validate(NULL, tdata->opt, &msg);
3610 tt_int_op(ret, OP_EQ, 0);
3611 expect_no_log_msg("V3AuthVotingInterval does not divide"
3612 " evenly into 24 hours.\n");
3613 tor_free(msg);
3614
3615 free_options_test_data(tdata);
3616 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3617 "V3AuthVoteDelay 49\n"
3618 "V3AuthDistDelay 49\n"
3619 "V3AuthVotingInterval 299\n"
3620 VALID_DIR_AUTH
3621 "TestingTorNetwork 1\n"
3622 );
3623 mock_clean_saved_logs();
3624 ret = options_validate(NULL, tdata->opt, &msg);
3625 tt_int_op(ret, OP_EQ, 0);
3626 expect_log_msg("V3AuthVotingInterval is very low. "
3627 "This may lead to failure to synchronise for a consensus.\n");
3628 tor_free(msg);
3629
3630 free_options_test_data(tdata);
3631 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3632 "V3AuthVoteDelay 1\n"
3633 "V3AuthDistDelay 1\n"
3634 "V3AuthVotingInterval 9\n"
3635 VALID_DIR_AUTH
3636 "TestingTorNetwork 1\n"
3637 );
3638 /* We have to call the dirauth-specific function to reach this case */
3639 ret = options_validate_dirauth_schedule(NULL, tdata->opt, &msg);
3640 tt_int_op(ret, OP_EQ, -1);
3641 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3642 tor_free(msg);
3643
3644 free_options_test_data(tdata);
3645 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3646 "TestingV3AuthInitialVoteDelay 1\n"
3647 VALID_DIR_AUTH
3648 "TestingTorNetwork 1\n"
3649 );
3650 ret = options_validate(NULL, tdata->opt, &msg);
3651 tt_int_op(ret, OP_EQ, -1);
3652 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low.");
3653 tor_free(msg);
3654
3655 free_options_test_data(tdata);
3656 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3657 "TestingV3AuthInitialDistDelay 1\n"
3658 VALID_DIR_AUTH
3659 "TestingTorNetwork 1\n"
3660 );
3661 ret = options_validate(NULL, tdata->opt, &msg);
3662 tt_int_op(ret, OP_EQ, -1);
3663 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low.");
3664 tor_free(msg);
3665
3666 free_options_test_data(tdata);
3667 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3668 VALID_DIR_AUTH
3669 "TestingTorNetwork 1\n"
3670 );
3671 tdata->opt->TestingV3AuthVotingStartOffset = 100000;
3672 ret = options_validate(NULL, tdata->opt, &msg);
3673 tt_int_op(ret, OP_EQ, -1);
3674 tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the "
3675 "voting interval.");
3676 tor_free(msg);
3677
3678 free_options_test_data(tdata);
3679 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3680 VALID_DIR_AUTH
3681 "TestingTorNetwork 1\n"
3682 );
3683 tdata->opt->TestingV3AuthVotingStartOffset = -1;
3684 ret = options_validate(NULL, tdata->opt, &msg);
3685 tt_int_op(ret, OP_EQ, -1);
3686 tt_str_op(msg, OP_EQ,
3687 "TestingV3AuthVotingStartOffset must be non-negative.");
3688 tor_free(msg);
3689
3690 free_options_test_data(tdata);
3691 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3692 VALID_DIR_AUTH
3693 "TestingTorNetwork 1\n"
3694 "TestingV3AuthInitialVotingInterval 4\n"
3695 );
3696 ret = options_validate(NULL, tdata->opt, &msg);
3697 tt_int_op(ret, OP_EQ, -1);
3698 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low.");
3699 tor_free(msg);
3700
3701 free_options_test_data(tdata);
3702 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3703 VALID_DIR_AUTH
3704 "TestingTorNetwork 1\n"
3705 "TestingV3AuthInitialVoteDelay 2\n"
3706 "TestingV3AuthInitialDistDelay 2\n"
3707 "TestingV3AuthInitialVotingInterval 5\n"
3708 );
3709 ret = options_validate(NULL, tdata->opt, &msg);
3710 tt_int_op(ret, OP_EQ, 0);
3711 tt_ptr_op(msg, OP_EQ, NULL);
3712 tor_free(msg);
3713
3714 free_options_test_data(tdata);
3715 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3716 VALID_DIR_AUTH
3717 "TestingTorNetwork 1\n"
3718 "TestingV3AuthInitialVotingInterval 7\n"
3719 );
3720 ret = options_validate(NULL, tdata->opt, &msg);
3721 tt_int_op(ret, OP_EQ, -1);
3722 tt_str_op(msg, OP_EQ,
3723 "TestingV3AuthInitialVotingInterval does not divide evenly into "
3724 "30 minutes.");
3725 tor_free(msg);
3726
3727 free_options_test_data(tdata);
3728 tdata = get_options_test_data(ENABLE_AUTHORITY_V3
3729 VALID_DIR_AUTH
3730 "TestingTorNetwork 1\n"
3731 "TestingV3AuthInitialVoteDelay 3\n"
3732 "TestingV3AuthInitialDistDelay 3\n"
3733 "TestingV3AuthInitialVotingInterval 5\n"
3734 );
3735 ret = options_validate(NULL, tdata->opt, &msg);
3736 tt_int_op(ret, OP_EQ, -1);
3737 tt_str_op(msg, OP_EQ,
3738 "TestingV3AuthInitialVoteDelay plus "
3739 "TestingV3AuthInitialDistDelay must be less than "
3740 "TestingV3AuthInitialVotingInterval");
3741 tor_free(msg);
3742
3743 done:
3744 policies_free_all();
3745 teardown_capture_of_logs();
3746 free_options_test_data(tdata);
3747 tor_free(msg);
3748 }
3749
3750 static void
test_options_validate__virtual_addr(void * ignored)3751 test_options_validate__virtual_addr(void *ignored)
3752 {
3753 (void)ignored;
3754 int ret;
3755 char *msg;
3756 options_test_data_t *tdata = NULL;
3757
3758 free_options_test_data(tdata);
3759 tdata = get_options_test_data("VirtualAddrNetworkIPv4 !!");
3760 ret = options_validate(NULL, tdata->opt, &msg);
3761 tt_int_op(ret, OP_EQ, -1);
3762 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!");
3763 tor_free(msg);
3764
3765 free_options_test_data(tdata);
3766 tdata = get_options_test_data("VirtualAddrNetworkIPv6 !!"
3767 );
3768 ret = options_validate(NULL, tdata->opt, &msg);
3769 tt_int_op(ret, OP_EQ, -1);
3770 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!");
3771 tor_free(msg);
3772
3773 done:
3774 escaped(NULL); // This will free the leaking memory from the previous escaped
3775 policies_free_all();
3776 free_options_test_data(tdata);
3777 tor_free(msg);
3778 }
3779
3780 static void
test_options_validate__testing_options(void * ignored)3781 test_options_validate__testing_options(void *ignored)
3782 {
3783 (void)ignored;
3784 int ret;
3785 char *msg;
3786 options_test_data_t *tdata = NULL;
3787 setup_capture_of_logs(LOG_WARN);
3788
3789 #define TEST_TESTING_OPTION(name, accessor, \
3790 low_val, high_val, err_low, EXTRA_OPT_STR) \
3791 STMT_BEGIN \
3792 free_options_test_data(tdata); \
3793 tdata = get_options_test_data(EXTRA_OPT_STR \
3794 VALID_DIR_AUTH \
3795 "TestingTorNetwork 1\n" \
3796 ); \
3797 accessor(tdata->opt)->name = low_val; \
3798 ret = options_validate(NULL, tdata->opt, &msg); \
3799 tt_int_op(ret, OP_EQ, -1); \
3800 tt_str_op(msg, OP_EQ, #name " " err_low); \
3801 tor_free(msg); \
3802 \
3803 free_options_test_data(tdata); \
3804 tdata = get_options_test_data(EXTRA_OPT_STR \
3805 VALID_DIR_AUTH \
3806 "TestingTorNetwork 1\n" \
3807 ); \
3808 accessor(tdata->opt)->name = high_val; \
3809 mock_clean_saved_logs(); \
3810 ret = options_validate(NULL, tdata->opt, &msg); \
3811 tt_int_op(ret, OP_EQ, 0); \
3812 tt_ptr_op(msg, OP_EQ, NULL); \
3813 expect_log_msg( #name " is insanely high.\n"); \
3814 tor_free(msg); \
3815 STMT_END
3816
3817 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3818 "is way too low.", "");
3819 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3820 "is way too low.", "");
3821
3822 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3823 "is way too low.", ENABLE_AUTHORITY_V3);
3824 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3825 "is way too low.", ENABLE_AUTHORITY_V3);
3826
3827 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,
3828 "is way too low.", ENABLE_AUTHORITY_BRIDGE);
3829 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601,
3830 "is way too low.", ENABLE_AUTHORITY_BRIDGE);
3831
3832 free_options_test_data(tdata);
3833 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n");
3834 ret = options_validate(NULL, tdata->opt, &msg);
3835 tt_int_op(ret, OP_EQ, -1);
3836 tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in "
3837 "testing Tor networks!");
3838 tor_free(msg);
3839
3840 free_options_test_data(tdata);
3841 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n"
3842 VALID_DIR_AUTH
3843 "TestingTorNetwork 1\n"
3844 "___UsingTestNetworkDefaults 0\n"
3845 );
3846
3847 ret = options_validate(NULL, tdata->opt, &msg);
3848 tt_int_op(ret, OP_EQ, 0);
3849 tt_assert(!msg);
3850 tor_free(msg);
3851
3852 free_options_test_data(tdata);
3853 tdata = get_options_test_data("TestingEnableConnBwEvent 1\n"
3854 VALID_DIR_AUTH
3855 "TestingTorNetwork 0\n"
3856 "___UsingTestNetworkDefaults 1\n"
3857 );
3858
3859 ret = options_validate(NULL, tdata->opt, &msg);
3860 tt_int_op(ret, OP_EQ, 0);
3861 tt_assert(!msg);
3862 tor_free(msg);
3863
3864 free_options_test_data(tdata);
3865 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n");
3866 ret = options_validate(NULL, tdata->opt, &msg);
3867 tt_int_op(ret, OP_EQ, -1);
3868 tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in "
3869 "testing Tor networks!");
3870 tor_free(msg);
3871
3872 free_options_test_data(tdata);
3873 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n"
3874 VALID_DIR_AUTH
3875 "TestingTorNetwork 1\n"
3876 "___UsingTestNetworkDefaults 0\n"
3877 );
3878
3879 ret = options_validate(NULL, tdata->opt, &msg);
3880 tt_int_op(ret, OP_EQ, 0);
3881 tt_assert(!msg);
3882 tor_free(msg);
3883
3884 free_options_test_data(tdata);
3885 tdata = get_options_test_data("TestingEnableCellStatsEvent 1\n"
3886 VALID_DIR_AUTH
3887 "TestingTorNetwork 0\n"
3888 "___UsingTestNetworkDefaults 1\n"
3889 );
3890
3891 ret = options_validate(NULL, tdata->opt, &msg);
3892 tt_int_op(ret, OP_EQ, 0);
3893 tt_assert(!msg);
3894 tor_free(msg);
3895
3896 free_options_test_data(tdata);
3897 tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3898 VALID_DIR_AUTH
3899 "TestingTorNetwork 1\n"
3900 "___UsingTestNetworkDefaults 0\n"
3901 );
3902
3903 ret = options_validate(NULL, tdata->opt, &msg);
3904 tt_int_op(ret, OP_EQ, 0);
3905 tt_assert(!msg);
3906 tor_free(msg);
3907
3908 free_options_test_data(tdata);
3909 tdata = get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3910 VALID_DIR_AUTH
3911 "TestingTorNetwork 0\n"
3912 "___UsingTestNetworkDefaults 1\n"
3913 );
3914
3915 ret = options_validate(NULL, tdata->opt, &msg);
3916 tt_int_op(ret, OP_EQ, 0);
3917 tt_assert(!msg);
3918 tor_free(msg);
3919
3920 done:
3921 policies_free_all();
3922 teardown_capture_of_logs();
3923 free_options_test_data(tdata);
3924 tor_free(msg);
3925 }
3926
3927 static void
test_options_validate__accel(void * ignored)3928 test_options_validate__accel(void *ignored)
3929 {
3930 (void)ignored;
3931 int ret;
3932 char *msg;
3933 options_test_data_t *tdata = NULL;
3934
3935 free_options_test_data(tdata);
3936 tdata = get_options_test_data("AccelName foo\n");
3937 ret = options_validate(NULL, tdata->opt, &msg);
3938 tt_int_op(ret, OP_EQ, 0);
3939 tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 0);
3940 tor_free(msg);
3941
3942 free_options_test_data(tdata);
3943 tdata = get_options_test_data("AccelName foo\n");
3944 get_crypto_options(tdata->opt)->HardwareAccel = 2;
3945 ret = options_validate(NULL, tdata->opt, &msg);
3946 tt_int_op(ret, OP_EQ, 0);
3947 tt_int_op(get_crypto_options(tdata->opt)->HardwareAccel, OP_EQ, 2);
3948 tor_free(msg);
3949
3950 free_options_test_data(tdata);
3951 tdata = get_options_test_data("AccelDir 1\n");
3952 ret = options_validate(NULL, tdata->opt, &msg);
3953 tt_int_op(ret, OP_EQ, -1);
3954 tt_str_op(msg, OP_EQ,
3955 "Can't use hardware crypto accelerator dir without engine name.");
3956 tor_free(msg);
3957
3958 free_options_test_data(tdata);
3959 tdata = get_options_test_data("AccelDir 1\n"
3960 "AccelName something\n");
3961 ret = options_validate(NULL, tdata->opt, &msg);
3962 tt_int_op(ret, OP_EQ, 0);
3963 tor_free(msg);
3964
3965 done:
3966 policies_free_all();
3967 free_options_test_data(tdata);
3968 tor_free(msg);
3969 }
3970
3971 static int mocked_granularity;
3972
3973 static void
mock_set_log_time_granularity(int g)3974 mock_set_log_time_granularity(int g)
3975 {
3976 mocked_granularity = g;
3977 }
3978
3979 static void
test_options_init_logs_granularity(void * arg)3980 test_options_init_logs_granularity(void *arg)
3981 {
3982 options_test_data_t *tdata = get_options_test_data("");
3983 int rv;
3984 (void) arg;
3985
3986 MOCK(set_log_time_granularity, mock_set_log_time_granularity);
3987
3988 /* Reasonable value. */
3989 tdata->opt->LogTimeGranularity = 100;
3990 mocked_granularity = -1;
3991 rv = options_init_logs(NULL, tdata->opt, 0);
3992 tt_int_op(rv, OP_EQ, 0);
3993 tt_int_op(mocked_granularity, OP_EQ, 100);
3994
3995 /* Doesn't divide 1000. */
3996 tdata->opt->LogTimeGranularity = 249;
3997 mocked_granularity = -1;
3998 rv = options_init_logs(NULL, tdata->opt, 0);
3999 tt_int_op(rv, OP_EQ, 0);
4000 tt_int_op(mocked_granularity, OP_EQ, 250);
4001
4002 /* Doesn't divide 1000. */
4003 tdata->opt->LogTimeGranularity = 3;
4004 mocked_granularity = -1;
4005 rv = options_init_logs(NULL, tdata->opt, 0);
4006 tt_int_op(rv, OP_EQ, 0);
4007 tt_int_op(mocked_granularity, OP_EQ, 4);
4008
4009 /* Not a multiple of 1000. */
4010 tdata->opt->LogTimeGranularity = 1500;
4011 mocked_granularity = -1;
4012 rv = options_init_logs(NULL, tdata->opt, 0);
4013 tt_int_op(rv, OP_EQ, 0);
4014 tt_int_op(mocked_granularity, OP_EQ, 2000);
4015
4016 /* Reasonable value. */
4017 tdata->opt->LogTimeGranularity = 3000;
4018 mocked_granularity = -1;
4019 rv = options_init_logs(NULL, tdata->opt, 0);
4020 tt_int_op(rv, OP_EQ, 0);
4021 tt_int_op(mocked_granularity, OP_EQ, 3000);
4022
4023 /* Negative. (Shouldn't be allowed by rest of config parsing.) */
4024 tdata->opt->LogTimeGranularity = -1;
4025 mocked_granularity = -1;
4026 rv = options_init_logs(NULL, tdata->opt, 0);
4027 tt_int_op(rv, OP_EQ, -1);
4028
4029 /* Very big */
4030 tdata->opt->LogTimeGranularity = 3600 * 1000;
4031 mocked_granularity = -1;
4032 rv = options_init_logs(NULL, tdata->opt, 0);
4033 tt_int_op(rv, OP_EQ, 0);
4034 tt_int_op(mocked_granularity, OP_EQ, 3600 * 1000);
4035
4036 done:
4037 free_options_test_data(tdata);
4038 UNMOCK(set_log_time_granularity);
4039 }
4040
4041 typedef struct {
4042 char *name;
4043 log_severity_list_t sev;
4044 int fd;
4045 bool stream;
4046 } added_log_t;
4047
4048 static smartlist_t *added_logs = NULL;
4049
4050 static void
mock_add_stream_log_impl(const log_severity_list_t * sev,const char * name,int fd)4051 mock_add_stream_log_impl(const log_severity_list_t *sev, const char *name,
4052 int fd)
4053 {
4054 added_log_t *a = tor_malloc_zero(sizeof(added_log_t));
4055 a->name = tor_strdup(name);
4056 memcpy(&a->sev, sev, sizeof(log_severity_list_t));
4057 a->fd = fd;
4058 a->stream = true;
4059 smartlist_add(added_logs, a);
4060 }
4061
4062 static int
mock_add_file_log(const log_severity_list_t * sev,const char * name,int fd)4063 mock_add_file_log(const log_severity_list_t *sev, const char *name, int fd)
4064 {
4065 added_log_t *a = tor_malloc_zero(sizeof(added_log_t));
4066 a->name = tor_strdup(name);
4067 memcpy(&a->sev, sev, sizeof(log_severity_list_t));
4068 a->fd = fd;
4069 smartlist_add(added_logs, a);
4070 return 0;
4071 }
4072
4073 static void
clear_added_logs(void)4074 clear_added_logs(void)
4075 {
4076 SMARTLIST_FOREACH(added_logs, added_log_t *, a,
4077 { tor_free(a->name); tor_free(a); });
4078 smartlist_clear(added_logs);
4079 }
4080
4081 static void
test_options_init_logs_quiet(void * arg)4082 test_options_init_logs_quiet(void *arg)
4083 {
4084 (void)arg;
4085 char *cfg = NULL;
4086 options_test_data_t *tdata = get_options_test_data("");
4087 char *fn1 = tor_strdup(get_fname_rnd("log"));
4088 const added_log_t *a;
4089 int rv;
4090 tdata->opt->RunAsDaemon = 0;
4091
4092 added_logs = smartlist_new();
4093 MOCK(add_stream_log_impl, mock_add_stream_log_impl);
4094 MOCK(add_file_log, mock_add_file_log);
4095
4096 tt_ptr_op(tdata->opt->Logs, OP_EQ, NULL);
4097
4098 /* First, try with no configured logs, and make sure that our configured
4099 logs match the quiet level. */
4100 quiet_level = QUIET_SILENT;
4101 rv = options_init_logs(NULL, tdata->opt, 0);
4102 tt_int_op(rv, OP_EQ, 0);
4103 tt_int_op(smartlist_len(added_logs), OP_EQ, 0);
4104
4105 quiet_level = QUIET_HUSH;
4106 rv = options_init_logs(NULL, tdata->opt, 0);
4107 tt_int_op(rv, OP_EQ, 0);
4108 tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4109 a = smartlist_get(added_logs, 0);
4110 tt_assert(a);
4111 tt_assert(a->stream);
4112 tt_int_op(a->fd, OP_EQ, fileno(stdout));
4113 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0);
4114 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ, 0);
4115 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4116 clear_added_logs();
4117
4118 quiet_level = QUIET_NONE;
4119 rv = options_init_logs(NULL, tdata->opt, 0);
4120 tt_int_op(rv, OP_EQ, 0);
4121 tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4122 a = smartlist_get(added_logs, 0);
4123 tt_assert(a);
4124 tt_assert(a->stream);
4125 tt_int_op(a->fd, OP_EQ, fileno(stdout));
4126 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, 0);
4127 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ,
4128 LD_ALL_DOMAINS);
4129 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4130 clear_added_logs();
4131
4132 /* Make sure that adding a configured log makes the default logs go away. */
4133 tor_asprintf(&cfg, "Log info file %s\n", fn1);
4134 free_options_test_data(tdata);
4135 tdata = get_options_test_data(cfg);
4136 rv = options_init_logs(NULL, tdata->opt, 0);
4137 tt_int_op(rv, OP_EQ, 0);
4138 tt_int_op(smartlist_len(added_logs), OP_EQ, 1);
4139 a = smartlist_get(added_logs, 0);
4140 tt_assert(a);
4141 tt_assert(! a->stream);
4142 tt_int_op(a->fd, OP_NE, fileno(stdout));
4143 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_INFO)], OP_EQ, LD_ALL_DOMAINS);
4144 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_NOTICE)], OP_EQ,
4145 LD_ALL_DOMAINS);
4146 tt_u64_op(a->sev.masks[SEVERITY_MASK_IDX(LOG_WARN)], OP_EQ, LD_ALL_DOMAINS);
4147
4148 done:
4149 free_options_test_data(tdata);
4150 tor_free(fn1);
4151 tor_free(cfg);
4152 clear_added_logs();
4153 smartlist_free(added_logs);
4154 UNMOCK(add_stream_log_impl);
4155 UNMOCK(add_file_log);
4156 }
4157
4158 static int mock_options_act_status = 0;
4159 static int
mock_options_act(const or_options_t * old_options)4160 mock_options_act(const or_options_t *old_options)
4161 {
4162 (void)old_options;
4163 return mock_options_act_status;
4164 }
4165 static int
mock_options_act_reversible(const or_options_t * old_options,char ** msg_out)4166 mock_options_act_reversible(const or_options_t *old_options, char **msg_out)
4167 {
4168 (void)old_options;
4169 (void)msg_out;
4170 return 0;
4171 }
4172
4173 static void
test_options_trial_assign(void * arg)4174 test_options_trial_assign(void *arg)
4175 {
4176 (void)arg;
4177 setopt_err_t v;
4178 config_line_t *lines = NULL;
4179 char *msg = NULL;
4180 int r;
4181
4182 // replace options_act*() so that we don't actually launch tor here.
4183 MOCK(options_act, mock_options_act);
4184 MOCK(options_act_reversible, mock_options_act_reversible);
4185
4186 // Try assigning nothing; that should work.
4187 v = options_trial_assign(lines, 0, &msg);
4188 if (msg)
4189 puts(msg);
4190 tt_ptr_op(msg, OP_EQ, NULL);
4191 tt_int_op(v, OP_EQ, SETOPT_OK);
4192
4193 // Assigning a nickname is okay
4194 r = config_get_lines("Nickname Hemiramphinae", &lines, 0);
4195 tt_int_op(r, OP_EQ, 0);
4196 v = options_trial_assign(lines, 0, &msg);
4197 tt_ptr_op(msg, OP_EQ, NULL);
4198 tt_int_op(v, OP_EQ, SETOPT_OK);
4199 tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae");
4200 config_free_lines(lines);
4201
4202 // We can't change the User; that's a transition error.
4203 r = config_get_lines("User Heraclitus", &lines, 0);
4204 tt_int_op(r, OP_EQ, 0);
4205 v = options_trial_assign(lines, 0, &msg);
4206 tt_int_op(v, OP_EQ, SETOPT_ERR_TRANSITION);
4207 tt_str_op(msg, OP_EQ, "While Tor is running, changing User is not allowed");
4208 tor_free(msg);
4209 config_free_lines(lines);
4210
4211 // We can't set the ORPort to nonsense: that's a validation error.
4212 r = config_get_lines("ORPort fractabling planished", &lines, 0);
4213 tt_int_op(r, OP_EQ, 0);
4214 v = options_trial_assign(lines, 0, &msg);
4215 tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE); // (same error code for now)
4216 tt_str_op(msg, OP_EQ, "Invalid ORPort configuration");
4217 tor_free(msg);
4218 config_free_lines(lines);
4219
4220 // We can't set UseBridges to a non-boolean: that's a parse error.
4221 r = config_get_lines("UseBridges ambidextrous", &lines, 0);
4222 tt_int_op(r, OP_EQ, 0);
4223 v = options_trial_assign(lines, 0, &msg);
4224 tt_int_op(v, OP_EQ, SETOPT_ERR_PARSE);
4225 tt_str_op(msg, OP_EQ,
4226 "Could not parse UseBridges: Unrecognized value ambidextrous. "
4227 "Allowed values are 0 and 1.");
4228 tor_free(msg);
4229 config_free_lines(lines);
4230
4231 // this didn't change.
4232 tt_str_op(get_options()->Nickname, OP_EQ, "Hemiramphinae");
4233
4234 done:
4235 config_free_lines(lines);
4236 tor_free(msg);
4237 UNMOCK(options_act);
4238 UNMOCK(options_act_reversible);
4239 }
4240
4241 #ifndef COCCI
4242 #define LOCAL_VALIDATE_TEST(name) \
4243 { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
4244 #endif
4245
4246 struct testcase_t options_tests[] = {
4247 { "validate", test_options_validate, TT_FORK, NULL, NULL },
4248 { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL },
4249 LOCAL_VALIDATE_TEST(uname_for_server),
4250 LOCAL_VALIDATE_TEST(outbound_addresses),
4251 LOCAL_VALIDATE_TEST(data_directory),
4252 LOCAL_VALIDATE_TEST(nickname),
4253 LOCAL_VALIDATE_TEST(contactinfo),
4254 LOCAL_VALIDATE_TEST(logs),
4255 LOCAL_VALIDATE_TEST(authdir),
4256 LOCAL_VALIDATE_TEST(relay_with_hidden_services),
4257 LOCAL_VALIDATE_TEST(listen_ports),
4258 LOCAL_VALIDATE_TEST(transproxy),
4259 LOCAL_VALIDATE_TEST(exclude_nodes),
4260 LOCAL_VALIDATE_TEST(node_families),
4261 LOCAL_VALIDATE_TEST(token_bucket),
4262 LOCAL_VALIDATE_TEST(fetch_dir),
4263 LOCAL_VALIDATE_TEST(conn_limit),
4264 LOCAL_VALIDATE_TEST(paths_needed),
4265 LOCAL_VALIDATE_TEST(max_client_circuits),
4266 LOCAL_VALIDATE_TEST(ports),
4267 LOCAL_VALIDATE_TEST(reachable_addresses),
4268 LOCAL_VALIDATE_TEST(use_bridges),
4269 LOCAL_VALIDATE_TEST(entry_nodes),
4270 LOCAL_VALIDATE_TEST(safe_logging),
4271 LOCAL_VALIDATE_TEST(publish_server_descriptor),
4272 LOCAL_VALIDATE_TEST(testing),
4273 LOCAL_VALIDATE_TEST(hidserv),
4274 LOCAL_VALIDATE_TEST(path_bias),
4275 LOCAL_VALIDATE_TEST(bandwidth),
4276 LOCAL_VALIDATE_TEST(circuits),
4277 LOCAL_VALIDATE_TEST(rend),
4278 LOCAL_VALIDATE_TEST(single_onion),
4279 LOCAL_VALIDATE_TEST(accounting),
4280 LOCAL_VALIDATE_TEST(proxy),
4281 LOCAL_VALIDATE_TEST(control),
4282 LOCAL_VALIDATE_TEST(families),
4283 LOCAL_VALIDATE_TEST(addr_policies),
4284 LOCAL_VALIDATE_TEST(dir_auth),
4285 LOCAL_VALIDATE_TEST(transport),
4286 LOCAL_VALIDATE_TEST(constrained_sockets),
4287 LOCAL_VALIDATE_TEST(v3_auth),
4288 LOCAL_VALIDATE_TEST(virtual_addr),
4289 LOCAL_VALIDATE_TEST(testing_options),
4290 LOCAL_VALIDATE_TEST(accel),
4291 { "init_logs/granularity", test_options_init_logs_granularity, TT_FORK,
4292 NULL, NULL },
4293 { "init_logs/quiet", test_options_init_logs_quiet, TT_FORK,
4294 NULL, NULL },
4295 { "trial_assign", test_options_trial_assign, TT_FORK, NULL, NULL },
4296 END_OF_TESTCASES /* */
4297 };
4298