search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dirvote: Handling adding vote and signature if module is disabled
[tor.git] / src / test / test_options.c
blob9974ed25759f38e919749bcd1455c07e122ba311
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2017, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define CONFIG_PRIVATE
7 #include "or.h"
8 #include "confparse.h"
9 #include "config.h"
10 #include "test.h"
11 #include "geoip.h"
12
13 #define ROUTERSET_PRIVATE
14 #include "routerset.h"
15 #include "main.h"
16 #include "log_test_helpers.h"
17
18 #include "sandbox.h"
19 #include "memarea.h"
20 #include "policies.h"
21 #include "test_helpers.h"
22
23 #define NS_MODULE test_options
24
25 typedef struct {
26 int severity;
27 uint32_t domain;
28 char *msg;
29 } logmsg_t;
30
31 static smartlist_t *messages = NULL;
32
33 static void
34 log_cback(int severity, uint32_t domain, const char *msg)
35 {
36 logmsg_t *x = tor_malloc(sizeof(*x));
37 x->severity = severity;
38 x->domain = domain;
39 x->msg = tor_strdup(msg);
40 if (!messages)
41 messages = smartlist_new();
42 smartlist_add(messages, x);
43 }
44
45 static void
46 setup_log_callback(void)
47 {
48 log_severity_list_t lst;
49 memset(&lst, 0, sizeof(lst));
50 lst.masks[LOG_ERR - LOG_ERR] = ~0;
51 lst.masks[LOG_WARN - LOG_ERR] = ~0;
52 lst.masks[LOG_NOTICE - LOG_ERR] = ~0;
53 add_callback_log(&lst, log_cback);
54 mark_logs_temp();
55 }
56
57 static char *
58 dump_logs(void)
59 {
60 smartlist_t *msgs;
61 char *out;
62 if (! messages)
63 return tor_strdup("");
64 msgs = smartlist_new();
65 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, x) {
66 smartlist_add_asprintf(msgs, "[%s] %s",
67 log_level_to_string(x->severity), x->msg);
68 } SMARTLIST_FOREACH_END(x);
69 out = smartlist_join_strings(msgs, "", 0, NULL);
70 SMARTLIST_FOREACH(msgs, char *, cp, tor_free(cp));
71 smartlist_free(msgs);
72 return out;
73 }
74
75 static void
76 clear_log_messages(void)
77 {
78 if (!messages)
79 return;
80 SMARTLIST_FOREACH(messages, logmsg_t *, m,
81 { tor_free(m->msg); tor_free(m); });
82 smartlist_free(messages);
83 messages = NULL;
84 }
85
86 #define setup_options(opt,dflt) \
87 do { \
88 opt = options_new(); \
89 opt->command = CMD_RUN_TOR; \
90 options_init(opt); \
91 \
92 dflt = config_dup(&options_format, opt); \
93 clear_log_messages(); \
94 } while (0)
95
96 #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \
97 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
98 " 083C 538F 4403 8BBF A077 587D D755\n"
99 #define VALID_ALT_BRIDGE_AUTH \
100 "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \
101 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
102 " 083C 538F 4403 8BBF A077 587D D755\n"
103 #define VALID_ALT_DIR_AUTH \
104 "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \
105 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
106 " 083C 538F 4403 8BBF A077 587D D755\n"
107
108 static int
109 test_options_checklog(const char *configuration, int expect_log_severity,
110 const char *expect_log)
111 {
112 int found = 0, ret = -1;
113 char *actual_log = NULL;
114
115 if (messages) {
116 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, m) {
117 if (m->severity == expect_log_severity &&
118 strstr(m->msg, expect_log)) {
119 found = 1;
120 break;
121 }
122 } SMARTLIST_FOREACH_END(m);
123 }
124 if (!found) {
125 actual_log = dump_logs();
126 TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.",
127 log_level_to_string(expect_log_severity), expect_log,
128 configuration, actual_log));
129 }
130 ret = 0;
131
132 done:
133 tor_free(actual_log);
134 return ret;
135 }
136
137 static int
138 test_options_checkmsgs(const char *configuration,
139 const char *expect_errmsg,
140 int expect_log_severity,
141 const char *expect_log,
142 char *msg)
143 {
144 if (expect_errmsg && !msg) {
145 TT_DIE(("Expected error message <%s> from <%s>, but got none.",
146 expect_errmsg, configuration));
147 } else if (expect_errmsg && !strstr(msg, expect_errmsg)) {
148 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
149 expect_errmsg, configuration, msg));
150 } else if (!expect_errmsg && msg) {
151 TT_DIE(("Expected no error message from <%s> but got <%s>.",
152 configuration, msg));
153 }
154 if (expect_log) {
155 return test_options_checklog(configuration, expect_log_severity,
156 expect_log);
157 }
158 return 0;
159
160 done:
161 return -1;
162 }
163
164 /* Which phases of config parsing/validation to check for messages/logs */
165 enum { PH_GETLINES, PH_ASSIGN, PH_VALIDATE };
166
167 static void
168 test_options_validate_impl(const char *configuration,
169 const char *expect_errmsg,
170 int expect_log_severity,
171 const char *expect_log,
172 int phase)
173 {
174 or_options_t *opt=NULL;
175 or_options_t *dflt;
176 config_line_t *cl=NULL;
177 char *msg=NULL;
178 int r;
179
180 setup_options(opt, dflt);
181
182 r = config_get_lines(configuration, &cl, 1);
183 if (phase == PH_GETLINES) {
184 if (test_options_checkmsgs(configuration, expect_errmsg,
185 expect_log_severity,
186 expect_log, msg))
187 goto done;
188 }
189 if (r)
190 goto done;
191
192 r = config_assign(&options_format, opt, cl, 0, &msg);
193 if (phase == PH_ASSIGN) {
194 if (test_options_checkmsgs(configuration, expect_errmsg,
195 expect_log_severity,
196 expect_log, msg))
197 goto done;
198 }
199 tt_int_op((r == 0), OP_EQ, (msg == NULL));
200 if (r)
201 goto done;
202
203 r = options_validate(NULL, opt, dflt, 0, &msg);
204 if (phase == PH_VALIDATE) {
205 if (test_options_checkmsgs(configuration, expect_errmsg,
206 expect_log_severity,
207 expect_log, msg))
208 goto done;
209 }
210 tt_int_op((r == 0), OP_EQ, (msg == NULL));
211
212 done:
213 escaped(NULL);
214 policies_free_all();
215 config_free_lines(cl);
216 or_options_free(opt);
217 or_options_free(dflt);
218 tor_free(msg);
219 clear_log_messages();
220 }
221
222 #define WANT_ERR(config, msg, ph) \
223 test_options_validate_impl((config), (msg), 0, NULL, (ph))
224 #define WANT_LOG(config, severity, msg, ph) \
225 test_options_validate_impl((config), NULL, (severity), (msg), (ph))
226 #define WANT_ERR_LOG(config, msg, severity, logmsg, ph) \
227 test_options_validate_impl((config), (msg), (severity), (logmsg), (ph))
228 #define OK(config, ph) \
229 test_options_validate_impl((config), NULL, 0, NULL, (ph))
230
231 static void
232 test_options_validate(void *arg)
233 {
234 (void)arg;
235 setup_log_callback();
236 sandbox_disable_getaddrinfo_cache();
237
238 WANT_ERR("ExtORPort 500000", "Invalid ExtORPort", PH_VALIDATE);
239
240 WANT_ERR_LOG("ServerTransportOptions trebuchet",
241 "ServerTransportOptions did not parse",
242 LOG_WARN, "Too few arguments", PH_VALIDATE);
243 OK("ServerTransportOptions trebuchet sling=snappy", PH_VALIDATE);
244 OK("ServerTransportOptions trebuchet sling=", PH_VALIDATE);
245 WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy",
246 "ServerTransportOptions did not parse",
247 LOG_WARN, "\"slingsnappy\" is not a k=v", PH_VALIDATE);
248
249 WANT_ERR("DirPort 8080\nDirCache 0",
250 "DirPort configured but DirCache disabled.", PH_VALIDATE);
251 WANT_ERR("BridgeRelay 1\nDirCache 0",
252 "We're a bridge but DirCache is disabled.", PH_VALIDATE);
253
254 WANT_ERR_LOG("HeartbeatPeriod 21 snarks",
255 "Interval 'HeartbeatPeriod 21 snarks' is malformed or"
256 " out of bounds.", LOG_WARN, "Unknown unit 'snarks'.",
257 PH_ASSIGN);
258 WANT_ERR_LOG("LogTimeGranularity 21 snarks",
259 "Msec interval 'LogTimeGranularity 21 snarks' is malformed or"
260 " out of bounds.", LOG_WARN, "Unknown unit 'snarks'.",
261 PH_ASSIGN);
262 OK("HeartbeatPeriod 1 hour", PH_VALIDATE);
263 OK("LogTimeGranularity 100 milliseconds", PH_VALIDATE);
264
265 WANT_LOG("ControlSocket \"string with trailing garbage\" bogus", LOG_WARN,
266 "Error while parsing configuration: "
267 "Excess data after quoted string", PH_GETLINES);
268 WANT_LOG("ControlSocket \"bogus escape \\@\"", LOG_WARN,
269 "Error while parsing configuration: "
270 "Invalid escape sequence in quoted string", PH_GETLINES);
271
272 close_temp_logs();
273 clear_log_messages();
274 return;
275 }
276
277 #define MEGABYTEIFY(mb) (U64_LITERAL(mb) << 20)
278 static void
279 test_have_enough_mem_for_dircache(void *arg)
280 {
281 (void)arg;
282 or_options_t *opt=NULL;
283 or_options_t *dflt=NULL;
284 config_line_t *cl=NULL;
285 char *msg=NULL;
286 int r;
287 const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg;
288
289 setup_options(opt, dflt);
290 setup_log_callback();
291 (void)dflt;
292
293 r = config_get_lines(configuration, &cl, 1);
294 tt_int_op(r, OP_EQ, 0);
295
296 r = config_assign(&options_format, opt, cl, 0, &msg);
297 tt_int_op(r, OP_EQ, 0);
298
299 /* 300 MB RAM available, DirCache enabled */
300 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
301 tt_int_op(r, OP_EQ, 0);
302 tt_ptr_op(msg, OP_EQ, NULL);
303
304 /* 200 MB RAM available, DirCache enabled */
305 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
306 tt_int_op(r, OP_EQ, -1);
307 expect_errmsg = "Being a directory cache (default) with less than ";
308 if (!strstr(msg, expect_errmsg)) {
309 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
310 expect_errmsg, configuration, msg));
311 }
312 tor_free(msg);
313
314 config_free_lines(cl); cl = NULL;
315 configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1";
316 r = config_get_lines(configuration, &cl, 1);
317 tt_int_op(r, OP_EQ, 0);
318
319 r = config_assign(&options_format, opt, cl, 0, &msg);
320 tt_int_op(r, OP_EQ, 0);
321
322 /* 300 MB RAM available, DirCache enabled, Bridge */
323 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
324 tt_int_op(r, OP_EQ, 0);
325 tt_ptr_op(msg, OP_EQ, NULL);
326
327 /* 200 MB RAM available, DirCache enabled, Bridge */
328 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
329 tt_int_op(r, OP_EQ, -1);
330 expect_errmsg = "Running a Bridge with less than ";
331 if (!strstr(msg, expect_errmsg)) {
332 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
333 expect_errmsg, configuration, msg));
334 }
335 tor_free(msg);
336
337 config_free_lines(cl); cl = NULL;
338 configuration = "ORPort 8080\nDirCache 0";
339 r = config_get_lines(configuration, &cl, 1);
340 tt_int_op(r, OP_EQ, 0);
341
342 r = config_assign(&options_format, opt, cl, 0, &msg);
343 tt_int_op(r, OP_EQ, 0);
344
345 /* 200 MB RAM available, DirCache disabled */
346 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
347 tt_int_op(r, OP_EQ, 0);
348 tt_ptr_op(msg, OP_EQ, NULL);
349
350 /* 300 MB RAM available, DirCache disabled */
351 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
352 tt_int_op(r, OP_EQ, -1);
353 expect_errmsg = "DirCache is disabled and we are configured as a ";
354 if (!strstr(msg, expect_errmsg)) {
355 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
356 expect_errmsg, configuration, msg));
357 }
358 tor_free(msg);
359
360 clear_log_messages();
361
362 done:
363 if (msg)
364 tor_free(msg);
365 or_options_free(dflt);
366 or_options_free(opt);
367 config_free_lines(cl);
368 return;
369 }
370
371 static const char *fixed_get_uname_result = NULL;
372
373 static const char *
374 fixed_get_uname(void)
375 {
376 return fixed_get_uname_result;
377 }
378
379 #define TEST_OPTIONS_OLD_VALUES "TestingV3AuthInitialVotingInterval 1800\n" \
380 "ClientBootstrapConsensusMaxInProgressTries 3\n" \
381 "TestingV3AuthInitialVoteDelay 300\n" \
382 "TestingV3AuthInitialDistDelay 300\n" \
383 "TestingClientMaxIntervalWithoutRequest 600\n" \
384 "TestingDirConnectionMaxStall 600\n" \
385
386 #define TEST_OPTIONS_DEFAULT_VALUES TEST_OPTIONS_OLD_VALUES \
387 "MaxClientCircuitsPending 1\n" \
388 "RendPostPeriod 1000\n" \
389 "KeepAlivePeriod 1\n" \
390 "ConnLimit 1\n" \
391 "V3AuthVotingInterval 300\n" \
392 "V3AuthVoteDelay 20\n" \
393 "V3AuthDistDelay 20\n" \
394 "V3AuthNIntervalsValid 3\n" \
395 "ClientUseIPv4 1\n" \
396 "VirtualAddrNetworkIPv4 127.192.0.0/10\n" \
397 "VirtualAddrNetworkIPv6 [FE80::]/10\n" \
398 "UseEntryGuards 1\n" \
399 "Schedulers Vanilla\n" \
400 "ClientDNSRejectInternalAddresses 1\n"
401
402 typedef struct {
403 or_options_t *old_opt;
404 or_options_t *opt;
405 or_options_t *def_opt;
406 } options_test_data_t;
407
408 static void free_options_test_data(options_test_data_t *td);
409
410 static options_test_data_t *
411 get_options_test_data(const char *conf)
412 {
413 int rv = -1;
414 char *msg = NULL;
415 config_line_t *cl=NULL;
416 options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
417 result->opt = options_new();
418 result->old_opt = options_new();
419 result->def_opt = options_new();
420
421 // XXX: Really, all of these options should be set to defaults
422 // with options_init(), but about a dozen tests break when I do that.
423 // Being kinda lame and just fixing the immedate breakage for now..
424 result->opt->ConnectionPadding = -1; // default must be "auto"
425
426 rv = config_get_lines(conf, &cl, 1);
427 tt_int_op(rv, OP_EQ, 0);
428 rv = config_assign(&options_format, result->opt, cl, 0, &msg);
429 if (msg) {
430 /* Display the parse error message by comparing it with an empty string */
431 tt_str_op(msg, OP_EQ, "");
432 }
433 tt_int_op(rv, OP_EQ, 0);
434 config_free_lines(cl);
435 result->opt->LogTimeGranularity = 1;
436 result->opt->TokenBucketRefillInterval = 1;
437 rv = config_get_lines(TEST_OPTIONS_OLD_VALUES, &cl, 1);
438 tt_int_op(rv, OP_EQ, 0);
439 rv = config_assign(&options_format, result->def_opt, cl, 0, &msg);
440 if (msg) {
441 /* Display the parse error message by comparing it with an empty string */
442 tt_str_op(msg, OP_EQ, "");
443 }
444 tt_int_op(rv, OP_EQ, 0);
445
446 done:
447 config_free_lines(cl);
448 if (rv != 0) {
449 free_options_test_data(result);
450 result = NULL;
451 /* Callers expect a non-NULL result, so just die if we can't provide one.
452 */
453 tor_assert(0);
454 }
455 return result;
456 }
457
458 static void
459 free_options_test_data(options_test_data_t *td)
460 {
461 if (!td) return;
462 or_options_free(td->old_opt);
463 or_options_free(td->opt);
464 or_options_free(td->def_opt);
465 tor_free(td);
466 }
467
468 static void
469 test_options_validate__uname_for_server(void *ignored)
470 {
471 (void)ignored;
472 char *msg;
473 options_test_data_t *tdata = get_options_test_data(
474 "ORPort 127.0.0.1:5555");
475 setup_capture_of_logs(LOG_WARN);
476
477 MOCK(get_uname, fixed_get_uname);
478 fixed_get_uname_result = "Windows 95";
479 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
480 expect_log_msg("Tor is running as a server, but you"
481 " are running Windows 95; this probably won't work. See https://www"
482 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
483 tor_free(msg);
484
485 fixed_get_uname_result = "Windows 98";
486 mock_clean_saved_logs();
487 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
488 expect_log_msg("Tor is running as a server, but you"
489 " are running Windows 98; this probably won't work. See https://www"
490 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
491 tor_free(msg);
492
493 fixed_get_uname_result = "Windows Me";
494 mock_clean_saved_logs();
495 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
496 expect_log_msg("Tor is running as a server, but you"
497 " are running Windows Me; this probably won't work. See https://www"
498 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
499 tor_free(msg);
500
501 fixed_get_uname_result = "Windows 2000";
502 mock_clean_saved_logs();
503 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
504 expect_no_log_entry();
505 tor_free(msg);
506
507 done:
508 UNMOCK(get_uname);
509 free_options_test_data(tdata);
510 tor_free(msg);
511 teardown_capture_of_logs();
512 }
513
514 static void
515 test_options_validate__outbound_addresses(void *ignored)
516 {
517 (void)ignored;
518 int ret;
519 char *msg;
520 options_test_data_t *tdata = get_options_test_data(
521 "OutboundBindAddress xxyy!!!sdfaf");
522
523 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
524 tt_int_op(ret, OP_EQ, -1);
525 tt_str_op(msg, OP_EQ, "Multiple outbound bind addresses configured: "
526 "xxyy!!!sdfaf");
527
528 done:
529 free_options_test_data(tdata);
530 tor_free(msg);
531 }
532
533 static void
534 test_options_validate__data_directory(void *ignored)
535 {
536 (void)ignored;
537 int ret;
538 char *msg;
539 options_test_data_t *tdata = get_options_test_data(
540 "DataDirectory longreallyl"
541 "ongLONGLONGlongreallylong"
542 "LONGLONGlongreallylongLON"
543 "GLONGlongreallylongLONGLO"
544 "NGlongreallylongLONGLONGl"
545 "ongreallylongLONGLONGlong"
546 "reallylongLONGLONGlongrea"
547 "llylongLONGLONGlongreally"
548 "longLONGLONGlongreallylon"
549 "gLONGLONGlongreallylongLO"
550 "NGLONGlongreallylongLONGL"
551 "ONGlongreallylongLONGLONG"
552 "longreallylongLONGLONGlon"
553 "greallylongLONGLONGlongre"
554 "allylongLONGLONGlongreall"
555 "ylongLONGLONGlongreallylo"
556 "ngLONGLONGlongreallylongL"
557 "ONGLONGlongreallylongLONG"
558 "LONG"); // 440 characters
559
560 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
561 tt_int_op(ret, OP_EQ, -1);
562 tt_str_op(msg, OP_EQ, "Invalid DataDirectory");
563
564 done:
565 free_options_test_data(tdata);
566 tor_free(msg);
567 }
568
569 static void
570 test_options_validate__nickname(void *ignored)
571 {
572 (void)ignored;
573 int ret;
574 char *msg;
575 options_test_data_t *tdata = get_options_test_data(
576 "Nickname ThisNickNameIsABitTooLong");
577
578 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
579 tt_int_op(ret, OP_EQ, -1);
580 tt_str_op(msg, OP_EQ,
581 "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between "
582 "1 and 19 characters inclusive, and must contain only the "
583 "characters [a-zA-Z0-9].");
584 tor_free(msg);
585
586 free_options_test_data(tdata);
587 tdata = get_options_test_data("Nickname AMoreValidNick");
588 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
589 tt_int_op(ret, OP_EQ, -1);
590 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
591 tor_free(msg);
592
593 free_options_test_data(tdata);
594 tdata = get_options_test_data("DataDirectory /tmp/somewhere");
595 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
596 tt_int_op(ret, OP_EQ, -1);
597 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
598
599 done:
600 free_options_test_data(tdata);
601 tor_free(msg);
602 }
603
604 static void
605 test_options_validate__contactinfo(void *ignored)
606 {
607 (void)ignored;
608 int ret;
609 char *msg;
610 options_test_data_t *tdata = get_options_test_data(
611 "ORPort 127.0.0.1:5555");
612 setup_capture_of_logs(LOG_DEBUG);
613 tdata->opt->ContactInfo = NULL;
614
615 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
616 tt_int_op(ret, OP_EQ, -1);
617 expect_log_msg(
618 "Your ContactInfo config option is not"
619 " set. Please consider setting it, so we can contact you if your"
620 " server is misconfigured or something else goes wrong.\n");
621 tor_free(msg);
622
623 free_options_test_data(tdata);
624 tdata = get_options_test_data("ORPort 127.0.0.1:5555\n"
625 "ContactInfo hella@example.org");
626 mock_clean_saved_logs();
627 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
628 tt_int_op(ret, OP_EQ, -1);
629 expect_no_log_msg(
630 "Your ContactInfo config option is not"
631 " set. Please consider setting it, so we can contact you if your"
632 " server is misconfigured or something else goes wrong.\n");
633 tor_free(msg);
634
635 done:
636 teardown_capture_of_logs();
637 free_options_test_data(tdata);
638 tor_free(msg);
639 }
640
641 static void
642 test_options_validate__logs(void *ignored)
643 {
644 (void)ignored;
645 int ret;
646 (void)ret;
647 char *msg;
648 int orig_quiet_level = quiet_level;
649 options_test_data_t *tdata = get_options_test_data("");
650 tdata->opt->Logs = NULL;
651 tdata->opt->RunAsDaemon = 0;
652
653 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
654 tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
655 tt_str_op(tdata->opt->Logs->value, OP_EQ, "notice stdout");
656 tor_free(msg);
657 tt_int_op(ret, OP_EQ, -1);
658
659 free_options_test_data(tdata);
660 tdata = get_options_test_data("");
661 tdata->opt->Logs = NULL;
662 tdata->opt->RunAsDaemon = 0;
663 quiet_level = 1;
664 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
665 tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
666 tt_str_op(tdata->opt->Logs->value, OP_EQ, "warn stdout");
667 tor_free(msg);
668 tt_int_op(ret, OP_EQ, -1);
669
670 free_options_test_data(tdata);
671 tdata = get_options_test_data("");
672 tdata->opt->Logs = NULL;
673 tdata->opt->RunAsDaemon = 0;
674 quiet_level = 2;
675 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
676 tt_assert(!tdata->opt->Logs);
677 tor_free(msg);
678 tt_int_op(ret, OP_EQ, -1);
679
680 free_options_test_data(tdata);
681 tdata = get_options_test_data("");
682 tdata->opt->Logs = NULL;
683 tdata->opt->RunAsDaemon = 0;
684 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 1, &msg);
685 tt_assert(!tdata->opt->Logs);
686 tor_free(msg);
687 tt_int_op(ret, OP_EQ, -1);
688
689 free_options_test_data(tdata);
690 tdata = get_options_test_data("");
691 tdata->opt->Logs = NULL;
692 tdata->opt->RunAsDaemon = 1;
693 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
694 tt_assert(!tdata->opt->Logs);
695 tor_free(msg);
696 tt_int_op(ret, OP_EQ, -1);
697
698 free_options_test_data(tdata);
699 tdata = get_options_test_data("");
700 tdata->opt->RunAsDaemon = 0;
701 config_line_t *cl=NULL;
702 config_get_lines("Log foo", &cl, 1);
703 tdata->opt->Logs = cl;
704 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
705 tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl);
706 tt_int_op(ret, OP_EQ, -1);
707
708 done:
709 quiet_level = orig_quiet_level;
710 free_options_test_data(tdata);
711 tor_free(msg);
712 }
713
714 /* static config_line_t * */
715 /* mock_config_line(const char *key, const char *val) */
716 /* { */
717 /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
718 /* memset(config_line, 0, sizeof(config_line_t)); */
719 /* config_line->key = tor_strdup(key); */
720 /* config_line->value = tor_strdup(val); */
721 /* return config_line; */
722 /* } */
723
724 static void
725 test_options_validate__authdir(void *ignored)
726 {
727 (void)ignored;
728 int ret;
729 char *msg;
730 setup_capture_of_logs(LOG_INFO);
731 options_test_data_t *tdata = get_options_test_data(
732 "AuthoritativeDirectory 1\n"
733 "Address this.should.not!exist!.example.org");
734
735 sandbox_disable_getaddrinfo_cache();
736
737 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
738 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
739 UNMOCK(tor_addr_lookup);
740 tt_int_op(ret, OP_EQ, -1);
741 tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
742 " details.");
743 expect_log_msg("Could not resolve local Address "
744 "'this.should.not!exist!.example.org'. Failing.\n");
745 tor_free(msg);
746
747 free_options_test_data(tdata);
748 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
749 "Address 100.200.10.1");
750 mock_clean_saved_logs();
751 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
752 tt_int_op(ret, OP_EQ, -1);
753 tt_str_op(msg, OP_EQ, "Authoritative directory servers must set "
754 "ContactInfo");
755 tor_free(msg);
756
757 free_options_test_data(tdata);
758 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
759 "Address 100.200.10.1\n");
760 mock_clean_saved_logs();
761 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
762 tt_int_op(ret, OP_EQ, -1);
763 tt_str_op(msg, OP_EQ,
764 "Authoritative directory servers must set ContactInfo");
765 tor_free(msg);
766
767 free_options_test_data(tdata);
768 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
769 "Address 100.200.10.1\n"
770 "TestingTorNetwork 1\n");
771 mock_clean_saved_logs();
772 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
773 tt_int_op(ret, OP_EQ, -1);
774 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
775 "AuthoritativeDir is set.");
776 tor_free(msg);
777
778 free_options_test_data(tdata);
779 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
780 "Address 100.200.10.1\n"
781 "ContactInfo hello@hello.com\n");
782 mock_clean_saved_logs();
783 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
784 tt_int_op(ret, OP_EQ, -1);
785 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
786 "AuthoritativeDir is set.");
787 tor_free(msg);
788
789 free_options_test_data(tdata);
790 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
791 "Address 100.200.10.1\n"
792 "RecommendedVersions 1.2, 3.14\n"
793 "ContactInfo hello@hello.com\n");
794 mock_clean_saved_logs();
795 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
796 tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14");
797 tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14");
798 tor_free(msg);
799
800 free_options_test_data(tdata);
801 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
802 "Address 100.200.10.1\n"
803 "RecommendedVersions 1.2, 3.14\n"
804 "RecommendedClientVersions 25\n"
805 "RecommendedServerVersions 4.18\n"
806 "ContactInfo hello@hello.com\n");
807 mock_clean_saved_logs();
808 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
809 tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "25");
810 tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "4.18");
811 tor_free(msg);
812
813 free_options_test_data(tdata);
814 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
815 "Address 100.200.10.1\n"
816 "VersioningAuthoritativeDirectory 1\n"
817 "RecommendedVersions 1.2, 3.14\n"
818 "RecommendedClientVersions 25\n"
819 "RecommendedServerVersions 4.18\n"
820 "ContactInfo hello@hello.com\n");
821 mock_clean_saved_logs();
822 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
823 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
824 "AuthoritativeDir is set.");
825 tor_free(msg);
826
827 free_options_test_data(tdata);
828 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
829 "Address 100.200.10.1\n"
830 "VersioningAuthoritativeDirectory 1\n"
831 "RecommendedServerVersions 4.18\n"
832 "ContactInfo hello@hello.com\n");
833 mock_clean_saved_logs();
834 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
835 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
836 "Recommended*Versions.");
837 tor_free(msg);
838
839 free_options_test_data(tdata);
840 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
841 "Address 100.200.10.1\n"
842 "VersioningAuthoritativeDirectory 1\n"
843 "RecommendedClientVersions 4.18\n"
844 "ContactInfo hello@hello.com\n");
845 mock_clean_saved_logs();
846 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
847 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
848 "Recommended*Versions.");
849 tor_free(msg);
850
851 free_options_test_data(tdata);
852 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
853 "Address 100.200.10.1\n"
854 "UseEntryGuards 1\n"
855 "ContactInfo hello@hello.com\n");
856 mock_clean_saved_logs();
857 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
858 expect_log_msg("Authoritative directory servers "
859 "can't set UseEntryGuards. Disabling.\n");
860 tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0);
861 tor_free(msg);
862
863 free_options_test_data(tdata);
864 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
865 "Address 100.200.10.1\n"
866 "V3AuthoritativeDir 1\n"
867 "ContactInfo hello@hello.com\n");
868 mock_clean_saved_logs();
869 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
870 expect_log_msg("Authoritative directories always try"
871 " to download extra-info documents. Setting DownloadExtraInfo.\n");
872 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
873 tor_free(msg);
874
875 free_options_test_data(tdata);
876 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
877 "Address 100.200.10.1\n"
878 "DownloadExtraInfo 1\n"
879 "V3AuthoritativeDir 1\n"
880 "ContactInfo hello@hello.com\n");
881 mock_clean_saved_logs();
882 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
883 expect_no_log_msg("Authoritative directories always try"
884 " to download extra-info documents. Setting DownloadExtraInfo.\n");
885 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
886 tor_free(msg);
887
888 free_options_test_data(tdata);
889 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
890 "Address 100.200.10.1\n"
891 "ContactInfo hello@hello.com\n");
892 mock_clean_saved_logs();
893 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
894 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
895 "AuthoritativeDir is set.");
896 tor_free(msg);
897
898 free_options_test_data(tdata);
899 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
900 "Address 100.200.10.1\n"
901 "BridgeAuthoritativeDir 1\n"
902 "ContactInfo hello@hello.com\n"
903 "V3BandwidthsFile non-existent-file\n");
904 mock_clean_saved_logs();
905 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
906 tt_str_op(msg, OP_EQ,
907 "Running as authoritative directory, but no DirPort set.");
908 tor_free(msg);
909
910 free_options_test_data(tdata);
911 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
912 "Address 100.200.10.1\n"
913 "BridgeAuthoritativeDir 1\n"
914 "ContactInfo hello@hello.com\n"
915 "V3BandwidthsFile non-existent-file\n");
916 mock_clean_saved_logs();
917 options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
918 tt_str_op(msg, OP_EQ,
919 "Running as authoritative directory, but no DirPort set.");
920 tor_free(msg);
921
922 free_options_test_data(tdata);
923 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
924 "Address 100.200.10.1\n"
925 "BridgeAuthoritativeDir 1\n"
926 "ContactInfo hello@hello.com\n"
927 "GuardfractionFile non-existent-file\n");
928 mock_clean_saved_logs();
929 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
930 tt_str_op(msg, OP_EQ,
931 "Running as authoritative directory, but no DirPort set.");
932 tor_free(msg);
933
934 free_options_test_data(tdata);
935 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
936 "Address 100.200.10.1\n"
937 "BridgeAuthoritativeDir 1\n"
938 "ContactInfo hello@hello.com\n"
939 "GuardfractionFile non-existent-file\n");
940 mock_clean_saved_logs();
941 options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
942 tt_str_op(msg, OP_EQ,
943 "Running as authoritative directory, but no DirPort set.");
944 tor_free(msg);
945
946 free_options_test_data(tdata);
947 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
948 "Address 100.200.10.1\n"
949 "BridgeAuthoritativeDir 1\n"
950 "ContactInfo hello@hello.com\n");
951 mock_clean_saved_logs();
952 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
953 tt_int_op(ret, OP_EQ, -1);
954 tt_str_op(msg, OP_EQ,
955 "Running as authoritative directory, but no DirPort set.");
956 tor_free(msg);
957
958 free_options_test_data(tdata);
959 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
960 "Address 100.200.10.1\n"
961 "DirPort 999\n"
962 "BridgeAuthoritativeDir 1\n"
963 "ContactInfo hello@hello.com\n");
964 mock_clean_saved_logs();
965 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
966 tt_int_op(ret, OP_EQ, -1);
967 tt_str_op(msg, OP_EQ,
968 "Running as authoritative directory, but no ORPort set.");
969 tor_free(msg);
970
971 // TODO: This case can't be reached, since clientonly is used to
972 // check when parsing port lines as well.
973 /* free_options_test_data(tdata); */
974 /* tdata = get_options_test_data("AuthoritativeDirectory 1\n" */
975 /* "Address 100.200.10.1\n" */
976 /* "DirPort 999\n" */
977 /* "ORPort 888\n" */
978 /* "ClientOnly 1\n" */
979 /* "BridgeAuthoritativeDir 1\n" */
980 /* "ContactInfo hello@hello.com\n" ); */
981 /* mock_clean_saved_logs(); */
982 /* ret = options_validate(tdata->old_opt, tdata->opt, */
983 /* tdata->def_opt, 0, &msg); */
984 /* tt_int_op(ret, OP_EQ, -1); */
985 /* tt_str_op(msg, OP_EQ, "Running as authoritative directory, " */
986 /* "but ClientOnly also set."); */
987
988 done:
989 teardown_capture_of_logs();
990 // sandbox_free_getaddrinfo_cache();
991 free_options_test_data(tdata);
992 tor_free(msg);
993 }
994
995 static void
996 test_options_validate__relay_with_hidden_services(void *ignored)
997 {
998 (void)ignored;
999 char *msg;
1000 setup_capture_of_logs(LOG_DEBUG);
1001 options_test_data_t *tdata = get_options_test_data(
1002 "ORPort 127.0.0.1:5555\n"
1003 "HiddenServiceDir "
1004 "/Library/Tor/var/lib/tor/hidden_service/\n"
1005 "HiddenServicePort 80 127.0.0.1:8080\n"
1006 );
1007
1008 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1009 expect_log_msg(
1010 "Tor is currently configured as a relay and a hidden service. "
1011 "That's not very secure: you should probably run your hidden servi"
1012 "ce in a separate Tor process, at least -- see "
1013 "https://trac.torproject.org/8742\n");
1014
1015 done:
1016 teardown_capture_of_logs();
1017 free_options_test_data(tdata);
1018 tor_free(msg);
1019 }
1020
1021 // TODO: it doesn't seem possible to hit the case of having no port lines at
1022 // all, since there will be a default created for SocksPort
1023 /* static void */
1024 /* test_options_validate__ports(void *ignored) */
1025 /* { */
1026 /* (void)ignored; */
1027 /* int ret; */
1028 /* char *msg; */
1029 /* setup_capture_of_logs(LOG_WARN); */
1030 /* options_test_data_t *tdata = get_options_test_data(""); */
1031 /* ret = options_validate(tdata->old_opt, tdata->opt, */
1032 /* tdata->def_opt, 0, &msg); */
1033 /* expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort " */
1034 /* "are all undefined, and there aren't any hidden services " */
1035 /* "configured. " */
1036 /* " Tor will still run, but probably won't do anything.\n"); */
1037 /* done: */
1038 /* teardown_capture_of_logs(); */
1039 /* free_options_test_data(tdata); */
1040 /* tor_free(msg); */
1041 /* } */
1042
1043 static void
1044 test_options_validate__transproxy(void *ignored)
1045 {
1046 (void)ignored;
1047 int ret;
1048 char *msg;
1049 options_test_data_t *tdata;
1050
1051 #ifdef USE_TRANSPARENT
1052 // Test default trans proxy
1053 tdata = get_options_test_data("TransProxyType default\n");
1054
1055 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1056 tt_int_op(ret, OP_EQ, -1);
1057 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT);
1058 tor_free(msg);
1059
1060 // Test pf-divert trans proxy
1061 free_options_test_data(tdata);
1062 tdata = get_options_test_data("TransProxyType pf-divert\n");
1063 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1064 tt_int_op(ret, OP_EQ, -1);
1065
1066 #if !defined(OpenBSD) && !defined( DARWIN )
1067 tt_str_op(msg, OP_EQ,
1068 "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
1069 #else
1070 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT);
1071 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without "
1072 "any valid TransPort.");
1073 #endif /* !defined(OpenBSD) && !defined( DARWIN ) */
1074 tor_free(msg);
1075
1076 // Test tproxy trans proxy
1077 free_options_test_data(tdata);
1078 tdata = get_options_test_data("TransProxyType tproxy\n");
1079 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1080 tt_int_op(ret, OP_EQ, -1);
1081
1082 #if !defined(__linux__)
1083 tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature.");
1084 #else
1085 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY);
1086 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1087 "TransPort.");
1088 #endif /* !defined(__linux__) */
1089 tor_free(msg);
1090
1091 // Test ipfw trans proxy
1092 free_options_test_data(tdata);
1093 tdata = get_options_test_data("TransProxyType ipfw\n");
1094 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1095 tt_int_op(ret, OP_EQ, -1);
1096
1097 #ifndef KERNEL_MAY_SUPPORT_IPFW
1098 tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specific and OS X/Darwin-specific "
1099 "feature.");
1100 #else
1101 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW);
1102 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1103 "TransPort.");
1104 #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */
1105 tor_free(msg);
1106
1107 // Test unknown trans proxy
1108 free_options_test_data(tdata);
1109 tdata = get_options_test_data("TransProxyType non-existent\n");
1110 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1111 tt_int_op(ret, OP_EQ, -1);
1112 tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType");
1113 tor_free(msg);
1114
1115 // Test trans proxy success
1116 free_options_test_data(tdata);
1117 tdata = NULL;
1118
1119 #if defined(__linux__)
1120 tdata = get_options_test_data("TransProxyType tproxy\n"
1121 "TransPort 127.0.0.1:123\n");
1122 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1123 tt_int_op(ret, OP_EQ, -1);
1124 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1125 #elif defined(KERNEL_MAY_SUPPORT_IPFW)
1126 tdata = get_options_test_data("TransProxyType ipfw\n"
1127 "TransPort 127.0.0.1:123\n");
1128 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1129 tt_int_op(ret, OP_EQ, -1);
1130 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1131 tor_free(msg);
1132 #elif defined(OpenBSD)
1133 tdata = get_options_test_data("TransProxyType pf-divert\n"
1134 "TransPort 127.0.0.1:123\n");
1135 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1136 tt_int_op(ret, OP_EQ, -1);
1137 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1138 tor_free(msg);
1139 #elif defined(__NetBSD__)
1140 tdata = get_options_test_data("TransProxyType default\n"
1141 "TransPort 127.0.0.1:123\n");
1142 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1143 tt_int_op(ret, OP_EQ, -1);
1144 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1145 tor_free(msg);
1146 #endif /* defined(__linux__) || ... */
1147
1148 // Assert that a test has run for some TransProxyType
1149 tt_assert(tdata);
1150
1151 #else /* !(defined(USE_TRANSPARENT)) */
1152 tdata = get_options_test_data("TransPort 127.0.0.1:555\n");
1153
1154 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1155 tt_int_op(ret, OP_EQ, -1);
1156 tt_str_op(msg, OP_EQ, "TransPort is disabled in this build.");
1157 tor_free(msg);
1158 #endif /* defined(USE_TRANSPARENT) */
1159
1160 done:
1161 free_options_test_data(tdata);
1162 tor_free(msg);
1163 }
1164
1165 NS_DECL(country_t, geoip_get_country, (const char *country));
1166
1167 static country_t
1168 NS(geoip_get_country)(const char *countrycode)
1169 {
1170 (void)countrycode;
1171 CALLED(geoip_get_country)++;
1172
1173 return 1;
1174 }
1175
1176 static void
1177 test_options_validate__exclude_nodes(void *ignored)
1178 {
1179 (void)ignored;
1180
1181 NS_MOCK(geoip_get_country);
1182
1183 int ret;
1184 char *msg;
1185 setup_capture_of_logs(LOG_WARN);
1186 options_test_data_t *tdata = get_options_test_data(
1187 "ExcludeExitNodes {us}\n");
1188
1189 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1190 tt_int_op(ret, OP_EQ, -1);
1191 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1192 tt_str_op((char *)
1193 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1194 OP_EQ, "{us}");
1195 tor_free(msg);
1196
1197 free_options_test_data(tdata);
1198 tdata = get_options_test_data("ExcludeNodes {cn}\n");
1199 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1200 tt_int_op(ret, OP_EQ, -1);
1201 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1202 tt_str_op((char *)
1203 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1204 OP_EQ, "{cn}");
1205 tor_free(msg);
1206
1207 free_options_test_data(tdata);
1208 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1209 "ExcludeExitNodes {us} {cn}\n");
1210 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1211 tt_int_op(ret, OP_EQ, -1);
1212 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2);
1213 tt_str_op((char *)
1214 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1215 OP_EQ, "{us} {cn}");
1216 tt_str_op((char *)
1217 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)),
1218 OP_EQ, "{cn}");
1219 tor_free(msg);
1220
1221 free_options_test_data(tdata);
1222 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1223 "StrictNodes 1\n");
1224 mock_clean_saved_logs();
1225 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1226 tt_int_op(ret, OP_EQ, -1);
1227 expect_log_msg(
1228 "You have asked to exclude certain relays from all positions "
1229 "in your circuits. Expect hidden services and other Tor "
1230 "features to be broken in unpredictable ways.\n");
1231 tor_free(msg);
1232
1233 free_options_test_data(tdata);
1234 tdata = get_options_test_data("ExcludeNodes {cn}\n");
1235 mock_clean_saved_logs();
1236 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1237 tt_int_op(ret, OP_EQ, -1);
1238 expect_no_log_msg(
1239 "You have asked to exclude certain relays from all positions "
1240 "in your circuits. Expect hidden services and other Tor "
1241 "features to be broken in unpredictable ways.\n");
1242 tor_free(msg);
1243
1244 done:
1245 NS_UNMOCK(geoip_get_country);
1246 teardown_capture_of_logs();
1247 free_options_test_data(tdata);
1248 tor_free(msg);
1249 }
1250
1251 static void
1252 test_options_validate__node_families(void *ignored)
1253 {
1254 (void)ignored;
1255 int ret;
1256 char *msg;
1257 options_test_data_t *tdata = get_options_test_data(
1258 "NodeFamily flux, flax\n"
1259 "NodeFamily somewhere\n");
1260
1261 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1262 tt_int_op(ret, OP_EQ, -1);
1263 tt_assert(tdata->opt->NodeFamilySets);
1264 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2);
1265 tt_str_op((char *)(smartlist_get(
1266 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)),
1267 OP_EQ, "flux");
1268 tt_str_op((char *)(smartlist_get(
1269 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)),
1270 OP_EQ, "flax");
1271 tt_str_op((char *)(smartlist_get(
1272 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)),
1273 OP_EQ, "somewhere");
1274 tor_free(msg);
1275
1276 free_options_test_data(tdata);
1277 tdata = get_options_test_data("");
1278
1279 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1280 tt_int_op(ret, OP_EQ, -1);
1281 tt_assert(!tdata->opt->NodeFamilySets);
1282 tor_free(msg);
1283
1284 free_options_test_data(tdata);
1285 tdata = get_options_test_data("NodeFamily !flux\n");
1286
1287 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1288 tt_int_op(ret, OP_EQ, -1);
1289 tt_assert(tdata->opt->NodeFamilySets);
1290 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0);
1291 tor_free(msg);
1292
1293 done:
1294 free_options_test_data(tdata);
1295 tor_free(msg);
1296 }
1297
1298 static void
1299 test_options_validate__token_bucket(void *ignored)
1300 {
1301 (void)ignored;
1302 int ret;
1303 char *msg;
1304 options_test_data_t *tdata = get_options_test_data("");
1305
1306 tdata->opt->TokenBucketRefillInterval = 0;
1307 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1308 tt_int_op(ret, OP_EQ, -1);
1309 tt_str_op(msg, OP_EQ,
1310 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1311 tor_free(msg);
1312
1313 tdata->opt->TokenBucketRefillInterval = 1001;
1314 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1315 tt_int_op(ret, OP_EQ, -1);
1316 tt_str_op(msg, OP_EQ,
1317 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1318 tor_free(msg);
1319
1320 done:
1321 free_options_test_data(tdata);
1322 tor_free(msg);
1323 }
1324
1325 static void
1326 test_options_validate__recommended_packages(void *ignored)
1327 {
1328 (void)ignored;
1329 int ret;
1330 char *msg;
1331 setup_capture_of_logs(LOG_WARN);
1332 options_test_data_t *tdata = get_options_test_data(
1333 "RecommendedPackages foo 1.2 http://foo.com sha1=123123123123\n"
1334 "RecommendedPackages invalid-package-line\n");
1335
1336 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1337 tt_int_op(ret, OP_EQ, -1);
1338 expect_no_log_msg("Invalid RecommendedPackage line "
1339 "invalid-package-line will be ignored\n");
1340
1341 done:
1342 escaped(NULL); // This will free the leaking memory from the previous escaped
1343 teardown_capture_of_logs();
1344 free_options_test_data(tdata);
1345 tor_free(msg);
1346 }
1347
1348 static void
1349 test_options_validate__fetch_dir(void *ignored)
1350 {
1351 (void)ignored;
1352 int ret;
1353 char *msg;
1354 options_test_data_t *tdata = get_options_test_data(
1355 "FetchDirInfoExtraEarly 1\n"
1356 "FetchDirInfoEarly 0\n");
1357
1358 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1359 tt_int_op(ret, OP_EQ, -1);
1360 tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you"
1361 " also set FetchDirInfoEarly");
1362 tor_free(msg);
1363
1364 free_options_test_data(tdata);
1365 tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n"
1366 "FetchDirInfoEarly 1\n");
1367
1368 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1369 tt_int_op(ret, OP_EQ, -1);
1370 tt_str_op(msg, OP_NE, "FetchDirInfoExtraEarly requires that you"
1371 " also set FetchDirInfoEarly");
1372 tor_free(msg);
1373
1374 done:
1375 free_options_test_data(tdata);
1376 tor_free(msg);
1377 }
1378
1379 static void
1380 test_options_validate__conn_limit(void *ignored)
1381 {
1382 (void)ignored;
1383 int ret;
1384 char *msg;
1385 options_test_data_t *tdata = get_options_test_data(
1386 "ConnLimit 0\n");
1387
1388 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1389 tt_int_op(ret, OP_EQ, -1);
1390 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1391 tor_free(msg);
1392
1393 free_options_test_data(tdata);
1394 tdata = get_options_test_data("ConnLimit 1\n");
1395
1396 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1397 tt_int_op(ret, OP_EQ, -1);
1398 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024, "
1399 "but was set to 0");
1400 tor_free(msg);
1401
1402 done:
1403 free_options_test_data(tdata);
1404 tor_free(msg);
1405 }
1406
1407 static void
1408 test_options_validate__paths_needed(void *ignored)
1409 {
1410 (void)ignored;
1411 int ret;
1412 char *msg;
1413 setup_capture_of_logs(LOG_WARN);
1414 options_test_data_t *tdata = get_options_test_data(
1415 "PathsNeededToBuildCircuits 0.1\n"
1416 "ConnLimit 1\n");
1417
1418 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1419 tt_int_op(ret, OP_EQ, -1);
1420 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 &&
1421 tdata->opt->PathsNeededToBuildCircuits < 0.26);
1422 expect_log_msg("PathsNeededToBuildCircuits is too low. "
1423 "Increasing to 0.25\n");
1424 tor_free(msg);
1425
1426 free_options_test_data(tdata);
1427 mock_clean_saved_logs();
1428 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n"
1429 "ConnLimit 1\n");
1430
1431 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1432 tt_int_op(ret, OP_EQ, -1);
1433 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 &&
1434 tdata->opt->PathsNeededToBuildCircuits < 0.96);
1435 expect_log_msg("PathsNeededToBuildCircuits is "
1436 "too high. Decreasing to 0.95\n");
1437 tor_free(msg);
1438
1439 free_options_test_data(tdata);
1440 mock_clean_saved_logs();
1441 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n"
1442 "ConnLimit 1\n");
1443
1444 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1445 tt_int_op(ret, OP_EQ, -1);
1446 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 &&
1447 tdata->opt->PathsNeededToBuildCircuits < 0.92);
1448 expect_no_log_entry();
1449 tor_free(msg);
1450
1451 done:
1452 teardown_capture_of_logs();
1453 free_options_test_data(tdata);
1454 tor_free(msg);
1455 }
1456
1457 static void
1458 test_options_validate__max_client_circuits(void *ignored)
1459 {
1460 (void)ignored;
1461 int ret;
1462 char *msg;
1463 options_test_data_t *tdata = get_options_test_data(
1464 "MaxClientCircuitsPending 0\n"
1465 "ConnLimit 1\n");
1466
1467 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1468 tt_int_op(ret, OP_EQ, -1);
1469 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1470 " but was set to 0");
1471 tor_free(msg);
1472
1473 free_options_test_data(tdata);
1474 tdata = get_options_test_data("MaxClientCircuitsPending 1025\n"
1475 "ConnLimit 1\n");
1476
1477 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1478 tt_int_op(ret, OP_EQ, -1);
1479 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1480 " but was set to 1025");
1481 tor_free(msg);
1482
1483 free_options_test_data(tdata);
1484 tdata = get_options_test_data("MaxClientCircuitsPending 1\n"
1485 "ConnLimit 1\n");
1486
1487 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1488 tt_int_op(ret, OP_EQ, -1);
1489 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1490 tor_free(msg);
1491
1492 done:
1493 free_options_test_data(tdata);
1494 tor_free(msg);
1495 }
1496
1497 static void
1498 test_options_validate__ports(void *ignored)
1499 {
1500 (void)ignored;
1501 int ret;
1502 char *msg;
1503 options_test_data_t *tdata = get_options_test_data(
1504 "FirewallPorts 65537\n"
1505 "MaxClientCircuitsPending 1\n"
1506 "ConnLimit 1\n");
1507
1508 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1509 tt_int_op(ret, OP_EQ, -1);
1510 tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts");
1511 tor_free(msg);
1512
1513 free_options_test_data(tdata);
1514 tdata = get_options_test_data("FirewallPorts 1\n"
1515 "LongLivedPorts 124444\n"
1516 "MaxClientCircuitsPending 1\n"
1517 "ConnLimit 1\n");
1518
1519 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1520 tt_int_op(ret, OP_EQ, -1);
1521 tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts");
1522 tor_free(msg);
1523
1524 free_options_test_data(tdata);
1525 tdata = get_options_test_data("FirewallPorts 1\n"
1526 "LongLivedPorts 2\n"
1527 "RejectPlaintextPorts 112233\n"
1528 "MaxClientCircuitsPending 1\n"
1529 "ConnLimit 1\n");
1530
1531 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1532 tt_int_op(ret, OP_EQ, -1);
1533 tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts");
1534 tor_free(msg);
1535
1536 free_options_test_data(tdata);
1537 tdata = get_options_test_data("FirewallPorts 1\n"
1538 "LongLivedPorts 2\n"
1539 "RejectPlaintextPorts 3\n"
1540 "WarnPlaintextPorts 65536\n"
1541 "MaxClientCircuitsPending 1\n"
1542 "ConnLimit 1\n");
1543
1544 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1545 tt_int_op(ret, OP_EQ, -1);
1546 tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts");
1547 tor_free(msg);
1548
1549 free_options_test_data(tdata);
1550 tdata = get_options_test_data("FirewallPorts 1\n"
1551 "LongLivedPorts 2\n"
1552 "RejectPlaintextPorts 3\n"
1553 "WarnPlaintextPorts 4\n"
1554 "MaxClientCircuitsPending 1\n"
1555 "ConnLimit 1\n");
1556
1557 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1558 tt_int_op(ret, OP_EQ, -1);
1559 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1560 tor_free(msg);
1561
1562 done:
1563 free_options_test_data(tdata);
1564 tor_free(msg);
1565 }
1566
1567 static void
1568 test_options_validate__reachable_addresses(void *ignored)
1569 {
1570 (void)ignored;
1571 int ret;
1572 char *msg;
1573 setup_capture_of_logs(LOG_NOTICE);
1574 options_test_data_t *tdata = get_options_test_data(
1575 "FascistFirewall 1\n"
1576 "MaxClientCircuitsPending 1\n"
1577 "ConnLimit 1\n");
1578
1579 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1580 tt_int_op(ret, OP_EQ, -1);
1581 expect_log_msg("Converting FascistFirewall config "
1582 "option to new format: \"ReachableDirAddresses *:80\"\n");
1583 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80");
1584 expect_log_msg("Converting FascistFirewall config "
1585 "option to new format: \"ReachableORAddresses *:443\"\n");
1586 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443");
1587 tor_free(msg);
1588
1589 free_options_test_data(tdata);
1590 mock_clean_saved_logs();
1591 tdata = get_options_test_data("FascistFirewall 1\n"
1592 "ReachableDirAddresses *:81\n"
1593 "ReachableORAddresses *:444\n"
1594 "MaxClientCircuitsPending 1\n"
1595 "ConnLimit 1\n");
1596 tdata->opt->FirewallPorts = smartlist_new();
1597 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1598 tt_int_op(ret, OP_EQ, -1);
1599 expect_log_entry();
1600 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81");
1601 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444");
1602 tor_free(msg);
1603
1604 free_options_test_data(tdata);
1605 mock_clean_saved_logs();
1606 tdata = get_options_test_data("FascistFirewall 1\n"
1607 "FirewallPort 123\n"
1608 "MaxClientCircuitsPending 1\n"
1609 "ConnLimit 1\n");
1610
1611 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1612 tt_int_op(ret, OP_EQ, -1);
1613 expect_log_msg("Converting FascistFirewall and "
1614 "FirewallPorts config options to new format: "
1615 "\"ReachableAddresses *:123\"\n");
1616 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123");
1617 tor_free(msg);
1618
1619 free_options_test_data(tdata);
1620 mock_clean_saved_logs();
1621 tdata = get_options_test_data("FascistFirewall 1\n"
1622 "ReachableAddresses *:82\n"
1623 "ReachableAddresses *:83\n"
1624 "ReachableAddresses reject *:*\n"
1625 "MaxClientCircuitsPending 1\n"
1626 "ConnLimit 1\n");
1627
1628 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1629 tt_int_op(ret, OP_EQ, -1);
1630 expect_log_entry();
1631 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
1632 tor_free(msg);
1633
1634 #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
1635 " the rest of the Internet, so they must not set Reachable*Addresses or" \
1636 " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
1637
1638 free_options_test_data(tdata);
1639 tdata = get_options_test_data("ReachableAddresses *:82\n"
1640 "ORPort 127.0.0.1:5555\n"
1641 "MaxClientCircuitsPending 1\n"
1642 "ConnLimit 1\n");
1643
1644 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1645 tt_int_op(ret, OP_EQ, -1);
1646 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1647 tor_free(msg);
1648
1649 free_options_test_data(tdata);
1650 tdata = get_options_test_data("ReachableORAddresses *:82\n"
1651 "ORPort 127.0.0.1:5555\n"
1652 "MaxClientCircuitsPending 1\n"
1653 "ConnLimit 1\n");
1654
1655 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1656 tt_int_op(ret, OP_EQ, -1);
1657 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1658 tor_free(msg);
1659
1660 free_options_test_data(tdata);
1661 tdata = get_options_test_data("ReachableDirAddresses *:82\n"
1662 "ORPort 127.0.0.1:5555\n"
1663 "MaxClientCircuitsPending 1\n"
1664 "ConnLimit 1\n");
1665
1666 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1667 tt_int_op(ret, OP_EQ, -1);
1668 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1669 tor_free(msg);
1670
1671 free_options_test_data(tdata);
1672 tdata = get_options_test_data("ClientUseIPv4 0\n"
1673 "ORPort 127.0.0.1:5555\n"
1674 "MaxClientCircuitsPending 1\n"
1675 "ConnLimit 1\n");
1676
1677 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1678 tt_int_op(ret, OP_EQ, -1);
1679 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1680 tor_free(msg);
1681
1682 /* Test IPv4-only clients setting IPv6 preferences */
1683
1684 free_options_test_data(tdata);
1685 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1686 "ClientUseIPv4 1\n"
1687 "ClientUseIPv6 0\n"
1688 "UseBridges 0\n"
1689 "ClientPreferIPv6ORPort 1\n");
1690
1691 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1692 tt_int_op(ret, OP_EQ, 0);
1693 tor_free(msg);
1694
1695 free_options_test_data(tdata);
1696 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1697 "ClientUseIPv4 1\n"
1698 "ClientUseIPv6 0\n"
1699 "UseBridges 0\n"
1700 "ClientPreferIPv6DirPort 1\n");
1701
1702 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1703 tt_int_op(ret, OP_EQ, 0);
1704 tor_free(msg);
1705
1706 /* Now test an IPv4/IPv6 client setting IPv6 preferences */
1707
1708 free_options_test_data(tdata);
1709 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1710 "ClientUseIPv4 1\n"
1711 "ClientUseIPv6 1\n"
1712 "ClientPreferIPv6ORPort 1\n"
1713 "ClientPreferIPv6DirPort 1\n");
1714
1715 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1716 tt_int_op(ret, OP_EQ, 0);
1717 tt_ptr_op(msg, OP_EQ, NULL);
1718
1719 /* Now test an IPv6 client setting IPv6 preferences */
1720
1721 free_options_test_data(tdata);
1722 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1723 "ClientUseIPv6 1\n"
1724 "ClientPreferIPv6ORPort 1\n"
1725 "ClientPreferIPv6DirPort 1\n");
1726
1727 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1728 tt_int_op(ret, OP_EQ, 0);
1729 tt_ptr_op(msg, OP_EQ, NULL);
1730
1731 /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
1732
1733 free_options_test_data(tdata);
1734 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1735 "ClientUseIPv4 0\n"
1736 "ClientPreferIPv6ORPort 1\n"
1737 "ClientPreferIPv6DirPort 1\n");
1738
1739 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1740 tt_int_op(ret, OP_EQ, 0);
1741 tt_ptr_op(msg, OP_EQ, NULL);
1742
1743 /* And an implicit (bridge) client setting IPv6 preferences */
1744
1745 free_options_test_data(tdata);
1746 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1747 "UseBridges 1\n"
1748 "Bridge 127.0.0.1:12345\n"
1749 "ClientPreferIPv6ORPort 1\n"
1750 "ClientPreferIPv6DirPort 1\n");
1751
1752 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1753 tt_int_op(ret, OP_EQ, 0);
1754 tt_ptr_op(msg, OP_EQ, NULL);
1755
1756 done:
1757 teardown_capture_of_logs();
1758 free_options_test_data(tdata);
1759 tor_free(msg);
1760 }
1761
1762 static void
1763 test_options_validate__use_bridges(void *ignored)
1764 {
1765 (void)ignored;
1766 int ret;
1767 char *msg;
1768 options_test_data_t *tdata = get_options_test_data(
1769 "UseBridges 1\n"
1770 "ClientUseIPv4 1\n"
1771 "ORPort 127.0.0.1:5555\n"
1772 "MaxClientCircuitsPending 1\n"
1773 "ConnLimit 1\n");
1774
1775 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1776 tt_int_op(ret, OP_EQ, -1);
1777 tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
1778 " the Internet, so they must not set UseBridges.");
1779 tor_free(msg);
1780
1781 free_options_test_data(tdata);
1782 tdata = get_options_test_data("UseBridges 1\n"
1783 "MaxClientCircuitsPending 1\n"
1784 "ConnLimit 1\n");
1785
1786 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1787 tt_int_op(ret, OP_EQ, -1);
1788 tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of"
1789 " the Internet, so they must not set UseBridges.");
1790 tor_free(msg);
1791
1792 NS_MOCK(geoip_get_country);
1793 free_options_test_data(tdata);
1794 tdata = get_options_test_data("UseBridges 1\n"
1795 "EntryNodes {cn}\n"
1796 "MaxClientCircuitsPending 1\n"
1797 "ConnLimit 1\n");
1798
1799 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1800 tt_int_op(ret, OP_EQ, -1);
1801 tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes.");
1802 tor_free(msg);
1803
1804 free_options_test_data(tdata);
1805 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1806 "UseBridges 1\n");
1807
1808 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1809 tt_int_op(ret, OP_EQ, -1);
1810 tt_str_op(msg, OP_EQ,
1811 "If you set UseBridges, you must specify at least one bridge.");
1812 tor_free(msg);
1813
1814 free_options_test_data(tdata);
1815 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1816 "UseBridges 1\n"
1817 "Bridge 10.0.0.1\n"
1818 "UseEntryGuards 0\n"
1819 );
1820
1821 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1822 tt_int_op(ret, OP_EQ, -1);
1823 tt_str_op(msg, OP_EQ,
1824 "Setting UseBridges requires also setting UseEntryGuards.");
1825 tor_free(msg);
1826
1827 free_options_test_data(tdata);
1828 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1829 "UseBridges 1\n"
1830 "Bridge 10.0.0.1\n"
1831 "Bridge !!!\n"
1832 );
1833
1834 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1835 tt_int_op(ret, OP_EQ, -1);
1836 tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details.");
1837 tor_free(msg);
1838
1839 done:
1840 NS_UNMOCK(geoip_get_country);
1841 policies_free_all();
1842 free_options_test_data(tdata);
1843 tor_free(msg);
1844 }
1845
1846 static void
1847 test_options_validate__entry_nodes(void *ignored)
1848 {
1849 (void)ignored;
1850 int ret;
1851 char *msg;
1852 NS_MOCK(geoip_get_country);
1853 options_test_data_t *tdata = get_options_test_data(
1854 "EntryNodes {cn}\n"
1855 "UseEntryGuards 0\n"
1856 "MaxClientCircuitsPending 1\n"
1857 "ConnLimit 1\n");
1858
1859 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1860 tt_int_op(ret, OP_EQ, -1);
1861 tt_str_op(msg, OP_EQ,
1862 "If EntryNodes is set, UseEntryGuards must be enabled.");
1863 tor_free(msg);
1864
1865 free_options_test_data(tdata);
1866 tdata = get_options_test_data("EntryNodes {cn}\n"
1867 "UseEntryGuards 1\n"
1868 "MaxClientCircuitsPending 1\n"
1869 "ConnLimit 1\n");
1870
1871 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1872 tt_int_op(ret, OP_EQ, -1);
1873 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1874 tor_free(msg);
1875
1876 done:
1877 NS_UNMOCK(geoip_get_country);
1878 free_options_test_data(tdata);
1879 tor_free(msg);
1880 }
1881
1882 static void
1883 test_options_validate__safe_logging(void *ignored)
1884 {
1885 (void)ignored;
1886 int ret;
1887 char *msg;
1888 options_test_data_t *tdata = get_options_test_data(
1889 "MaxClientCircuitsPending 1\n"
1890 "ConnLimit 1\n");
1891
1892 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1893 tt_int_op(ret, OP_EQ, -1);
1894 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1895 tor_free(msg);
1896
1897 free_options_test_data(tdata);
1898 tdata = get_options_test_data("SafeLogging 0\n"
1899 "MaxClientCircuitsPending 1\n"
1900 "ConnLimit 1\n");
1901
1902 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1903 tt_int_op(ret, OP_EQ, -1);
1904 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
1905 tor_free(msg);
1906
1907 free_options_test_data(tdata);
1908 tdata = get_options_test_data("SafeLogging Relay\n"
1909 "MaxClientCircuitsPending 1\n"
1910 "ConnLimit 1\n");
1911
1912 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1913 tt_int_op(ret, OP_EQ, -1);
1914 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY);
1915 tor_free(msg);
1916
1917 free_options_test_data(tdata);
1918 tdata = get_options_test_data("SafeLogging 1\n"
1919 "MaxClientCircuitsPending 1\n"
1920 "ConnLimit 1\n");
1921
1922 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1923 tt_int_op(ret, OP_EQ, -1);
1924 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL);
1925 tor_free(msg);
1926
1927 free_options_test_data(tdata);
1928 tdata = get_options_test_data("SafeLogging stuffy\n"
1929 "MaxClientCircuitsPending 1\n"
1930 "ConnLimit 1\n");
1931
1932 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1933 tt_int_op(ret, OP_EQ, -1);
1934 tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging");
1935 tor_free(msg);
1936
1937 done:
1938 escaped(NULL); // This will free the leaking memory from the previous escaped
1939 free_options_test_data(tdata);
1940 tor_free(msg);
1941 }
1942
1943 static void
1944 test_options_validate__publish_server_descriptor(void *ignored)
1945 {
1946 (void)ignored;
1947 int ret;
1948 char *msg;
1949 setup_capture_of_logs(LOG_WARN);
1950 options_test_data_t *tdata = get_options_test_data(
1951 "PublishServerDescriptor bridge\n" TEST_OPTIONS_DEFAULT_VALUES
1952 );
1953
1954 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1955 tt_int_op(ret, OP_EQ, 0);
1956 tt_assert(!msg);
1957
1958 free_options_test_data(tdata);
1959 tdata = get_options_test_data("PublishServerDescriptor humma\n"
1960 TEST_OPTIONS_DEFAULT_VALUES);
1961
1962 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1963 tt_int_op(ret, OP_EQ, -1);
1964 tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor");
1965 tor_free(msg);
1966
1967 free_options_test_data(tdata);
1968 tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n"
1969 TEST_OPTIONS_DEFAULT_VALUES);
1970
1971 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1972 tt_int_op(ret, OP_EQ, -1);
1973 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1974 "descriptors to the directory authorities. Please correct your "
1975 "PublishServerDescriptor line.");
1976 tor_free(msg);
1977
1978 free_options_test_data(tdata);
1979 tdata = get_options_test_data("BridgeRelay 1\n"
1980 "PublishServerDescriptor v3\n"
1981 TEST_OPTIONS_DEFAULT_VALUES);
1982
1983 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1984 tt_int_op(ret, OP_EQ, -1);
1985 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
1986 "descriptors to the directory authorities. Please correct your "
1987 "PublishServerDescriptor line.");
1988 tor_free(msg);
1989
1990 free_options_test_data(tdata);
1991 tdata = get_options_test_data("BridgeRelay 1\n" TEST_OPTIONS_DEFAULT_VALUES);
1992
1993 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1994 tt_int_op(ret, OP_EQ, -1);
1995 tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router "
1996 "descriptors to the directory authorities. Please correct your "
1997 "PublishServerDescriptor line.");
1998 tor_free(msg);
1999
2000 free_options_test_data(tdata);
2001 tdata = get_options_test_data("BridgeRelay 1\n"
2002 "DirPort 999\n" TEST_OPTIONS_DEFAULT_VALUES);
2003
2004 mock_clean_saved_logs();
2005 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2006 tt_int_op(ret, OP_EQ, -1);
2007 expect_log_msg("Can't set a DirPort on a bridge "
2008 "relay; disabling DirPort\n");
2009 tt_assert(!tdata->opt->DirPort_lines);
2010 tt_assert(!tdata->opt->DirPort_set);
2011
2012 done:
2013 teardown_capture_of_logs();
2014 policies_free_all();
2015 free_options_test_data(tdata);
2016 tor_free(msg);
2017 }
2018
2019 static void
2020 test_options_validate__testing(void *ignored)
2021 {
2022 (void)ignored;
2023 int ret;
2024 char *msg;
2025 options_test_data_t *tdata = NULL;
2026
2027 #define ENSURE_DEFAULT(varname, varval) \
2028 STMT_BEGIN \
2029 free_options_test_data(tdata); \
2030 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2031 #varname " " #varval "\n"); \
2032 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2033 tt_str_op(msg, OP_EQ, \
2034 #varname " may only be changed in testing Tor networks!"); \
2035 tt_int_op(ret, OP_EQ, -1); \
2036 tor_free(msg); \
2037 \
2038 free_options_test_data(tdata); \
2039 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2040 #varname " " #varval "\n" \
2041 VALID_DIR_AUTH \
2042 "TestingTorNetwork 1\n"); \
2043 \
2044 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2045 if (msg) { \
2046 tt_str_op(msg, OP_NE, \
2047 #varname " may only be changed in testing Tor networks!"); \
2048 tor_free(msg); \
2049 } \
2050 \
2051 free_options_test_data(tdata); \
2052 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2053 #varname " " #varval "\n" \
2054 "___UsingTestNetworkDefaults 1\n"); \
2055 \
2056 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2057 if (msg) { \
2058 tt_str_op(msg, OP_NE, \
2059 #varname " may only be changed in testing Tor networks!"); \
2060 tor_free(msg); \
2061 } \
2062 STMT_END
2063
2064 ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600);
2065 ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000);
2066 ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000);
2067 ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000);
2068 ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000);
2069 ENSURE_DEFAULT(TestingEstimatedDescriptorPropagationTime, 3000);
2070 ENSURE_DEFAULT(TestingServerDownloadSchedule, 3000);
2071 ENSURE_DEFAULT(TestingClientDownloadSchedule, 3000);
2072 ENSURE_DEFAULT(TestingServerConsensusDownloadSchedule, 3000);
2073 ENSURE_DEFAULT(TestingClientConsensusDownloadSchedule, 3000);
2074 ENSURE_DEFAULT(TestingBridgeDownloadSchedule, 3000);
2075 ENSURE_DEFAULT(TestingBridgeBootstrapDownloadSchedule, 3000);
2076 ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
2077 ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
2078 ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000);
2079 ENSURE_DEFAULT(TestingLinkCertLifetime, 3000);
2080 ENSURE_DEFAULT(TestingSigningKeySlop, 3000);
2081 ENSURE_DEFAULT(TestingAuthKeySlop, 3000);
2082 ENSURE_DEFAULT(TestingLinkKeySlop, 3000);
2083
2084 done:
2085 escaped(NULL); // This will free the leaking memory from the previous escaped
2086 policies_free_all();
2087 free_options_test_data(tdata);
2088 tor_free(msg);
2089 }
2090
2091 static void
2092 test_options_validate__hidserv(void *ignored)
2093 {
2094 (void)ignored;
2095 int ret;
2096 char *msg;
2097 setup_capture_of_logs(LOG_WARN);
2098
2099 options_test_data_t *tdata = get_options_test_data(
2100 TEST_OPTIONS_DEFAULT_VALUES);
2101 tdata->opt->MinUptimeHidServDirectoryV2 = -1;
2102 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2103 tt_int_op(ret, OP_EQ, 0);
2104 expect_log_msg("MinUptimeHidServDirectoryV2 "
2105 "option must be at least 0 seconds. Changing to 0.\n");
2106 tt_int_op(tdata->opt->MinUptimeHidServDirectoryV2, OP_EQ, 0);
2107 tor_free(msg);
2108
2109 free_options_test_data(tdata);
2110 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2111 "RendPostPeriod 1\n" );
2112 mock_clean_saved_logs();
2113 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2114 tt_int_op(ret, OP_EQ, 0);
2115 expect_log_msg("RendPostPeriod option is too short;"
2116 " raising to 600 seconds.\n");
2117 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
2118 tor_free(msg);
2119
2120 free_options_test_data(tdata);
2121 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2122 "RendPostPeriod 302401\n" );
2123 mock_clean_saved_logs();
2124 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2125 tt_int_op(ret, OP_EQ, 0);
2126 expect_log_msg("RendPostPeriod is too large; "
2127 "clipping to 302400s.\n");
2128 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
2129 tor_free(msg);
2130
2131 done:
2132 teardown_capture_of_logs();
2133 policies_free_all();
2134 free_options_test_data(tdata);
2135 tor_free(msg);
2136 }
2137
2138 static void
2139 test_options_validate__path_bias(void *ignored)
2140 {
2141 (void)ignored;
2142 int ret;
2143 char *msg;
2144
2145 options_test_data_t *tdata = get_options_test_data(
2146 TEST_OPTIONS_DEFAULT_VALUES
2147 "PathBiasNoticeRate 1.1\n");
2148 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2149 tt_int_op(ret, OP_EQ, -1);
2150 tt_str_op(msg, OP_EQ,
2151 "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
2152 tor_free(msg);
2153
2154 free_options_test_data(tdata);
2155 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2156 "PathBiasWarnRate 1.1\n");
2157 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2158 tt_int_op(ret, OP_EQ, -1);
2159 tt_str_op(msg, OP_EQ,
2160 "PathBiasWarnRate is too high. It must be between 0 and 1.0");
2161 tor_free(msg);
2162
2163 free_options_test_data(tdata);
2164 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2165 "PathBiasExtremeRate 1.1\n");
2166 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2167 tt_int_op(ret, OP_EQ, -1);
2168 tt_str_op(msg, OP_EQ,
2169 "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
2170 tor_free(msg);
2171
2172 free_options_test_data(tdata);
2173 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2174 "PathBiasNoticeUseRate 1.1\n");
2175 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2176 tt_int_op(ret, OP_EQ, -1);
2177 tt_str_op(msg, OP_EQ,
2178 "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
2179 tor_free(msg);
2180
2181 free_options_test_data(tdata);
2182 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2183 "PathBiasExtremeUseRate 1.1\n");
2184 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2185 tt_int_op(ret, OP_EQ, -1);
2186 tt_str_op(msg, OP_EQ,
2187 "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
2188 tor_free(msg);
2189
2190 done:
2191 free_options_test_data(tdata);
2192 tor_free(msg);
2193 }
2194
2195 static void
2196 test_options_validate__bandwidth(void *ignored)
2197 {
2198 (void)ignored;
2199 int ret;
2200 char *msg;
2201 options_test_data_t *tdata = NULL;
2202
2203 #define ENSURE_BANDWIDTH_PARAM(p) \
2204 STMT_BEGIN \
2205 free_options_test_data(tdata); \
2206 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES #p " 3Gb\n"); \
2207 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2208 tt_int_op(ret, OP_EQ, -1); \
2209 tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
2210 tor_free(msg); \
2211 STMT_END
2212
2213 ENSURE_BANDWIDTH_PARAM(BandwidthRate);
2214 ENSURE_BANDWIDTH_PARAM(BandwidthBurst);
2215 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth);
2216 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate);
2217 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst);
2218 ENSURE_BANDWIDTH_PARAM(PerConnBWRate);
2219 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst);
2220 ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee);
2221 ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee);
2222
2223 free_options_test_data(tdata);
2224 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2225 "RelayBandwidthRate 1000\n");
2226 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2227 tt_int_op(ret, OP_EQ, 0);
2228 tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000);
2229 tor_free(msg);
2230
2231 free_options_test_data(tdata);
2232 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2233 "RelayBandwidthBurst 1001\n");
2234 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2235 tt_int_op(ret, OP_EQ, 0);
2236 tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001);
2237 tor_free(msg);
2238
2239 free_options_test_data(tdata);
2240 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2241 "RelayBandwidthRate 1001\n"
2242 "RelayBandwidthBurst 1000\n");
2243 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2244 tt_int_op(ret, OP_EQ, -1);
2245 tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to "
2246 "RelayBandwidthRate.");
2247 tor_free(msg);
2248
2249 free_options_test_data(tdata);
2250 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2251 "BandwidthRate 1001\n"
2252 "BandwidthBurst 1000\n");
2253 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2254 tt_int_op(ret, OP_EQ, -1);
2255 tt_str_op(msg, OP_EQ,
2256 "BandwidthBurst must be at least equal to BandwidthRate.");
2257 tor_free(msg);
2258
2259 free_options_test_data(tdata);
2260 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2261 "RelayBandwidthRate 1001\n"
2262 "BandwidthRate 1000\n"
2263 "BandwidthBurst 1000\n"
2264 );
2265 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2266 tt_int_op(ret, OP_EQ, 0);
2267 tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001);
2268 tor_free(msg);
2269
2270 free_options_test_data(tdata);
2271 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2272 "RelayBandwidthRate 1001\n"
2273 "BandwidthRate 1000\n"
2274 "RelayBandwidthBurst 1001\n"
2275 "BandwidthBurst 1000\n"
2276 );
2277 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2278 tt_int_op(ret, OP_EQ, 0);
2279 tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001);
2280 tor_free(msg);
2281
2282 free_options_test_data(tdata);
2283 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2284 "ORPort 127.0.0.1:5555\n"
2285 "BandwidthRate 1\n"
2286 );
2287 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2288 tt_int_op(ret, OP_EQ, -1);
2289 tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers,"
2290 " it must be at least 76800.");
2291 tor_free(msg);
2292
2293 free_options_test_data(tdata);
2294 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2295 "ORPort 127.0.0.1:5555\n"
2296 "BandwidthRate 76800\n"
2297 "MaxAdvertisedBandwidth 30000\n"
2298 );
2299 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2300 tt_int_op(ret, OP_EQ, -1);
2301 tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
2302 " For servers, it must be at least 38400.");
2303 tor_free(msg);
2304
2305 free_options_test_data(tdata);
2306 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2307 "ORPort 127.0.0.1:5555\n"
2308 "BandwidthRate 76800\n"
2309 "RelayBandwidthRate 1\n"
2310 "MaxAdvertisedBandwidth 38400\n"
2311 );
2312 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2313 tt_int_op(ret, OP_EQ, -1);
2314 tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For "
2315 "servers, it must be at least 76800.");
2316 tor_free(msg);
2317
2318 free_options_test_data(tdata);
2319 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2320 "ORPort 127.0.0.1:5555\n"
2321 "BandwidthRate 76800\n"
2322 "BandwidthBurst 76800\n"
2323 "RelayBandwidthRate 76800\n"
2324 "MaxAdvertisedBandwidth 38400\n"
2325 );
2326 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2327 tt_int_op(ret, OP_EQ, 0);
2328 tor_free(msg);
2329
2330 done:
2331 policies_free_all();
2332 free_options_test_data(tdata);
2333 tor_free(msg);
2334 }
2335
2336 static void
2337 test_options_validate__circuits(void *ignored)
2338 {
2339 (void)ignored;
2340 char *msg;
2341 options_test_data_t *tdata = NULL;
2342 setup_capture_of_logs(LOG_WARN);
2343
2344 free_options_test_data(tdata);
2345 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2346 "MaxCircuitDirtiness 2592001\n");
2347 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2348 expect_log_msg("MaxCircuitDirtiness option is too "
2349 "high; setting to 30 days.\n");
2350 tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000);
2351 tor_free(msg);
2352
2353 free_options_test_data(tdata);
2354 mock_clean_saved_logs();
2355 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2356 "CircuitStreamTimeout 1\n");
2357 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2358 expect_log_msg("CircuitStreamTimeout option is too"
2359 " short; raising to 10 seconds.\n");
2360 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10);
2361 tor_free(msg);
2362
2363 free_options_test_data(tdata);
2364 mock_clean_saved_logs();
2365 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2366 "CircuitStreamTimeout 111\n");
2367 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2368 expect_no_log_msg("CircuitStreamTimeout option is too"
2369 " short; raising to 10 seconds.\n");
2370 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111);
2371 tor_free(msg);
2372
2373 free_options_test_data(tdata);
2374 mock_clean_saved_logs();
2375 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2376 "HeartbeatPeriod 1\n");
2377 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2378 expect_log_msg("HeartbeatPeriod option is too short;"
2379 " raising to 1800 seconds.\n");
2380 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800);
2381 tor_free(msg);
2382
2383 free_options_test_data(tdata);
2384 mock_clean_saved_logs();
2385 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2386 "HeartbeatPeriod 1982\n");
2387 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2388 expect_no_log_msg("HeartbeatPeriod option is too short;"
2389 " raising to 1800 seconds.\n");
2390 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982);
2391 tor_free(msg);
2392
2393 free_options_test_data(tdata);
2394 mock_clean_saved_logs();
2395 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2396 "CircuitBuildTimeout 1\n"
2397 );
2398 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2399 expect_log_msg("CircuitBuildTimeout is shorter (1"
2400 " seconds) than the recommended minimum (10 seconds), and "
2401 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2402 "raise this value or enable LearnCircuitBuildTimeout.\n");
2403 tor_free(msg);
2404
2405 free_options_test_data(tdata);
2406 mock_clean_saved_logs();
2407 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2408 "CircuitBuildTimeout 11\n"
2409 );
2410 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2411 expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
2412 "seconds) than the recommended minimum (10 seconds), and "
2413 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2414 "raise this value or enable LearnCircuitBuildTimeout.\n");
2415 tor_free(msg);
2416
2417 done:
2418 policies_free_all();
2419 teardown_capture_of_logs();
2420 free_options_test_data(tdata);
2421 tor_free(msg);
2422 }
2423
2424 static void
2425 test_options_validate__tor2web(void *ignored)
2426 {
2427 (void)ignored;
2428 int ret;
2429 char *msg;
2430 options_test_data_t *tdata = NULL;
2431
2432 free_options_test_data(tdata);
2433 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2434 "Tor2webRendezvousPoints 1\n");
2435 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2436 tt_int_op(ret, OP_EQ, -1);
2437 tt_str_op(msg, OP_EQ,
2438 "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
2439 tor_free(msg);
2440
2441 free_options_test_data(tdata);
2442 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2443 "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
2444 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2445 tt_int_op(ret, OP_EQ, 0);
2446 tor_free(msg);
2447
2448 done:
2449 policies_free_all();
2450 free_options_test_data(tdata);
2451 tor_free(msg);
2452 }
2453
2454 static void
2455 test_options_validate__rend(void *ignored)
2456 {
2457 (void)ignored;
2458 int ret;
2459 char *msg;
2460 options_test_data_t *tdata = NULL;
2461 setup_capture_of_logs(LOG_WARN);
2462
2463 free_options_test_data(tdata);
2464 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2465 "UseEntryGuards 0\n"
2466 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2467 "HiddenServicePort 80 127.0.0.1:8080\n"
2468 );
2469 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2470 tt_int_op(ret, OP_EQ, 0);
2471 expect_log_msg("UseEntryGuards is disabled, but you"
2472 " have configured one or more hidden services on this Tor "
2473 "instance. Your hidden services will be very easy to locate using"
2474 " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
2475 "attack06 for details.\n");
2476 tor_free(msg);
2477
2478 free_options_test_data(tdata);
2479 tdata = get_options_test_data(
2480 TEST_OPTIONS_DEFAULT_VALUES
2481 "UseEntryGuards 1\n"
2482 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2483 "HiddenServicePort 80 127.0.0.1:8080\n"
2484 );
2485 mock_clean_saved_logs();
2486 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2487 tt_int_op(ret, OP_EQ, 0);
2488 expect_no_log_msg("UseEntryGuards is disabled, but you"
2489 " have configured one or more hidden services on this Tor "
2490 "instance. Your hidden services will be very easy to locate using"
2491 " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
2492 "attack06 for details.\n");
2493
2494 free_options_test_data(tdata);
2495 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2496 "HiddenServicePort 80 127.0.0.1:8080\n"
2497 );
2498 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2499 tt_int_op(ret, OP_EQ, -1);
2500 tt_str_op(msg, OP_EQ,
2501 "Failed to configure rendezvous options. See logs for details.");
2502 tor_free(msg);
2503
2504 free_options_test_data(tdata);
2505 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2506 "HidServAuth failed\n"
2507 );
2508 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2509 tt_int_op(ret, OP_EQ, -1);
2510 tt_str_op(msg, OP_EQ, "Failed to configure client authorization for hidden "
2511 "services. See logs for details.");
2512 tor_free(msg);
2513
2514 done:
2515 policies_free_all();
2516 teardown_capture_of_logs();
2517 free_options_test_data(tdata);
2518 tor_free(msg);
2519 }
2520
2521 static void
2522 test_options_validate__single_onion(void *ignored)
2523 {
2524 (void)ignored;
2525 int ret;
2526 char *msg;
2527 options_test_data_t *tdata = NULL;
2528 setup_capture_of_logs(LOG_WARN);
2529
2530 /* Test that HiddenServiceSingleHopMode must come with
2531 * HiddenServiceNonAnonymousMode */
2532 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2533 "SOCKSPort 0\n"
2534 "HiddenServiceSingleHopMode 1\n"
2535 );
2536 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2537 tt_int_op(ret, OP_EQ, -1);
2538 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2539 "server anonymity. It must be used with "
2540 "HiddenServiceNonAnonymousMode set to 1.");
2541 tor_free(msg);
2542 free_options_test_data(tdata);
2543
2544 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2545 "SOCKSPort 0\n"
2546 "HiddenServiceSingleHopMode 1\n"
2547 "HiddenServiceNonAnonymousMode 0\n"
2548 );
2549 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2550 tt_int_op(ret, OP_EQ, -1);
2551 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2552 "server anonymity. It must be used with "
2553 "HiddenServiceNonAnonymousMode set to 1.");
2554 tor_free(msg);
2555 free_options_test_data(tdata);
2556
2557 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2558 "SOCKSPort 0\n"
2559 "HiddenServiceSingleHopMode 1\n"
2560 "HiddenServiceNonAnonymousMode 1\n"
2561 );
2562 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2563 tt_int_op(ret, OP_EQ, 0);
2564 tt_ptr_op(msg, OP_EQ, NULL);
2565 free_options_test_data(tdata);
2566
2567 /* Test that SOCKSPort must come with Tor2webMode if
2568 * HiddenServiceSingleHopMode is 1 */
2569 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2570 "SOCKSPort 5000\n"
2571 "HiddenServiceSingleHopMode 1\n"
2572 "HiddenServiceNonAnonymousMode 1\n"
2573 "Tor2webMode 0\n"
2574 );
2575 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2576 tt_int_op(ret, OP_EQ, -1);
2577 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with "
2578 "using Tor as an anonymous client. Please set "
2579 "Socks/Trans/NATD/DNSPort to 0, or revert "
2580 "HiddenServiceNonAnonymousMode to 0.");
2581 tor_free(msg);
2582 free_options_test_data(tdata);
2583
2584 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2585 "SOCKSPort 0\n"
2586 "HiddenServiceSingleHopMode 1\n"
2587 "HiddenServiceNonAnonymousMode 1\n"
2588 "Tor2webMode 0\n"
2589 );
2590 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2591 tt_int_op(ret, OP_EQ, 0);
2592 tt_ptr_op(msg, OP_EQ, NULL);
2593 free_options_test_data(tdata);
2594
2595 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2596 "SOCKSPort 5000\n"
2597 "HiddenServiceSingleHopMode 0\n"
2598 "Tor2webMode 0\n"
2599 );
2600 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2601 tt_int_op(ret, OP_EQ, 0);
2602 tt_ptr_op(msg, OP_EQ, NULL);
2603 free_options_test_data(tdata);
2604
2605 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2606 "SOCKSPort 5000\n"
2607 "HiddenServiceSingleHopMode 1\n"
2608 "HiddenServiceNonAnonymousMode 1\n"
2609 "Tor2webMode 1\n"
2610 );
2611 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2612 tt_int_op(ret, OP_EQ, 0);
2613 tt_ptr_op(msg, OP_EQ, NULL);
2614 free_options_test_data(tdata);
2615
2616 /* Test that a hidden service can't be run with Tor2web
2617 * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
2618 * Tor2webMode requires a compilation #define */
2619 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2620 "HiddenServiceNonAnonymousMode 1\n"
2621 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2622 "HiddenServicePort 80 127.0.0.1:8080\n"
2623 );
2624 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2625 tt_int_op(ret, OP_EQ, -1);
2626 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2627 "server anonymity. It must be used with "
2628 "HiddenServiceSingleHopMode set to 1.");
2629 tor_free(msg);
2630 free_options_test_data(tdata);
2631
2632 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2633 "HiddenServiceNonAnonymousMode 1\n"
2634 );
2635 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2636 tt_int_op(ret, OP_EQ, -1);
2637 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2638 "server anonymity. It must be used with "
2639 "HiddenServiceSingleHopMode set to 1.");
2640 tor_free(msg);
2641 free_options_test_data(tdata);
2642
2643 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2644 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2645 "HiddenServicePort 80 127.0.0.1:8080\n"
2646 );
2647 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2648 tt_int_op(ret, OP_EQ, 0);
2649 tt_ptr_op(msg, OP_EQ, NULL);
2650 free_options_test_data(tdata);
2651
2652 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2653 "HiddenServiceNonAnonymousMode 1\n"
2654 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2655 "HiddenServicePort 80 127.0.0.1:8080\n"
2656 "HiddenServiceSingleHopMode 1\n"
2657 "SOCKSPort 0\n"
2658 );
2659 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2660 tt_int_op(ret, OP_EQ, 0);
2661 tt_ptr_op(msg, OP_EQ, NULL);
2662
2663 done:
2664 policies_free_all();
2665 teardown_capture_of_logs();
2666 free_options_test_data(tdata);
2667 tor_free(msg);
2668 }
2669
2670 static void
2671 test_options_validate__accounting(void *ignored)
2672 {
2673 (void)ignored;
2674 int ret;
2675 char *msg;
2676 options_test_data_t *tdata = NULL;
2677 setup_capture_of_logs(LOG_WARN);
2678
2679 free_options_test_data(tdata);
2680 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2681 "AccountingRule something_bad\n"
2682 );
2683 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2684 tt_int_op(ret, OP_EQ, -1);
2685 tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
2686 tor_free(msg);
2687
2688 free_options_test_data(tdata);
2689 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2690 "AccountingRule sum\n"
2691 );
2692 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2693 tt_int_op(ret, OP_EQ, 0);
2694 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM);
2695 tor_free(msg);
2696
2697 free_options_test_data(tdata);
2698 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2699 "AccountingRule max\n"
2700 );
2701 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2702 tt_int_op(ret, OP_EQ, 0);
2703 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX);
2704 tor_free(msg);
2705
2706 free_options_test_data(tdata);
2707 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2708 "AccountingStart fail\n"
2709 );
2710 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2711 tt_int_op(ret, OP_EQ, -1);
2712 tt_str_op(msg, OP_EQ,
2713 "Failed to parse accounting options. See logs for details.");
2714 tor_free(msg);
2715
2716 free_options_test_data(tdata);
2717 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2718 "AccountingMax 10\n"
2719 );
2720 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2721 tt_int_op(ret, OP_EQ, 0);
2722 tor_free(msg);
2723
2724 free_options_test_data(tdata);
2725 tdata = get_options_test_data(
2726 TEST_OPTIONS_DEFAULT_VALUES
2727 "ORPort 127.0.0.1:5555\n"
2728 "BandwidthRate 76800\n"
2729 "BandwidthBurst 76800\n"
2730 "MaxAdvertisedBandwidth 38400\n"
2731 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2732 "HiddenServicePort 80 127.0.0.1:8080\n"
2733 "AccountingMax 10\n"
2734 );
2735 mock_clean_saved_logs();
2736 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2737 tt_int_op(ret, OP_EQ, 0);
2738 expect_log_msg("Using accounting with a hidden "
2739 "service and an ORPort is risky: your hidden service(s) and "
2740 "your public address will all turn off at the same time, "
2741 "which may alert observers that they are being run by the "
2742 "same party.\n");
2743 tor_free(msg);
2744
2745 free_options_test_data(tdata);
2746 tdata = get_options_test_data(
2747 TEST_OPTIONS_DEFAULT_VALUES
2748 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2749 "HiddenServicePort 80 127.0.0.1:8080\n"
2750 "AccountingMax 10\n"
2751 );
2752 mock_clean_saved_logs();
2753 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2754 tt_int_op(ret, OP_EQ, 0);
2755 expect_no_log_msg("Using accounting with a hidden "
2756 "service and an ORPort is risky: your hidden service(s) and "
2757 "your public address will all turn off at the same time, "
2758 "which may alert observers that they are being run by the "
2759 "same party.\n");
2760 tor_free(msg);
2761
2762 free_options_test_data(tdata);
2763 tdata = get_options_test_data(
2764 TEST_OPTIONS_DEFAULT_VALUES
2765 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2766 "HiddenServicePort 80 127.0.0.1:8080\n"
2767 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
2768 "HiddenServicePort 81 127.0.0.1:8081\n"
2769 "AccountingMax 10\n"
2770 );
2771 mock_clean_saved_logs();
2772 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2773 tt_int_op(ret, OP_EQ, 0);
2774 expect_log_msg("Using accounting with multiple "
2775 "hidden services is risky: they will all turn off at the same"
2776 " time, which may alert observers that they are being run by "
2777 "the same party.\n");
2778 tor_free(msg);
2779
2780 done:
2781 teardown_capture_of_logs();
2782 policies_free_all();
2783 free_options_test_data(tdata);
2784 tor_free(msg);
2785 }
2786
2787 static void
2788 test_options_validate__proxy(void *ignored)
2789 {
2790 (void)ignored;
2791 int ret;
2792 char *msg;
2793 options_test_data_t *tdata = NULL;
2794 sandbox_disable_getaddrinfo_cache();
2795 setup_capture_of_logs(LOG_WARN);
2796 MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
2797
2798 free_options_test_data(tdata);
2799 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2800 "HttpProxy 127.0.42.1\n"
2801 );
2802 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2803 tt_int_op(ret, OP_EQ, 0);
2804 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80);
2805 tor_free(msg);
2806
2807 free_options_test_data(tdata);
2808 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2809 "HttpProxy 127.0.42.1:444\n"
2810 );
2811 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2812 tt_int_op(ret, OP_EQ, 0);
2813 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444);
2814 tor_free(msg);
2815
2816 free_options_test_data(tdata);
2817
2818 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2819 "HttpProxy not_so_valid!\n"
2820 );
2821 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2822 tt_int_op(ret, OP_EQ, -1);
2823 tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix.");
2824 tor_free(msg);
2825
2826 free_options_test_data(tdata);
2827 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2828 "HttpProxyAuthenticator "
2829 "onetwothreonetwothreonetwothreonetwothreonetw"
2830 "othreonetwothreonetwothreonetwothreonetwothre"
2831 "onetwothreonetwothreonetwothreonetwothreonetw"
2832 "othreonetwothreonetwothreonetwothreonetwothre"
2833 "onetwothreonetwothreonetwothreonetwothreonetw"
2834 "othreonetwothreonetwothreonetwothreonetwothre"
2835 "onetwothreonetwothreonetwothreonetwothreonetw"
2836 "othreonetwothreonetwothreonetwothreonetwothre"
2837 "onetwothreonetwothreonetwothreonetwothreonetw"
2838 "othreonetwothreonetwothreonetwothreonetwothre"
2839 "onetwothreonetwothreonetwothreonetwothreonetw"
2840 "othreonetwothreeonetwothreeonetwothree"
2841
2842 );
2843 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2844 tt_int_op(ret, OP_EQ, -1);
2845 tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars).");
2846 tor_free(msg);
2847
2848 free_options_test_data(tdata);
2849 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2850 "HttpProxyAuthenticator validauth\n"
2851
2852 );
2853 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2854 tt_int_op(ret, OP_EQ, 0);
2855 tor_free(msg);
2856
2857 free_options_test_data(tdata);
2858 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2859 "HttpsProxy 127.0.42.1\n"
2860 );
2861 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2862 tt_int_op(ret, OP_EQ, 0);
2863 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443);
2864 tor_free(msg);
2865
2866 free_options_test_data(tdata);
2867 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2868 "HttpsProxy 127.0.42.1:444\n"
2869 );
2870 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2871 tt_int_op(ret, OP_EQ, 0);
2872 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444);
2873 tor_free(msg);
2874
2875 free_options_test_data(tdata);
2876 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2877 "HttpsProxy not_so_valid!\n"
2878 );
2879 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2880 tt_int_op(ret, OP_EQ, -1);
2881 tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix.");
2882 tor_free(msg);
2883
2884 free_options_test_data(tdata);
2885 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2886 "HttpsProxyAuthenticator "
2887 "onetwothreonetwothreonetwothreonetwothreonetw"
2888 "othreonetwothreonetwothreonetwothreonetwothre"
2889 "onetwothreonetwothreonetwothreonetwothreonetw"
2890 "othreonetwothreonetwothreonetwothreonetwothre"
2891 "onetwothreonetwothreonetwothreonetwothreonetw"
2892 "othreonetwothreonetwothreonetwothreonetwothre"
2893 "onetwothreonetwothreonetwothreonetwothreonetw"
2894 "othreonetwothreonetwothreonetwothreonetwothre"
2895 "onetwothreonetwothreonetwothreonetwothreonetw"
2896 "othreonetwothreonetwothreonetwothreonetwothre"
2897 "onetwothreonetwothreonetwothreonetwothreonetw"
2898 "othreonetwothreeonetwothreeonetwothree"
2899
2900 );
2901 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2902 tt_int_op(ret, OP_EQ, -1);
2903 tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
2904 tor_free(msg);
2905
2906 free_options_test_data(tdata);
2907 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2908 "HttpsProxyAuthenticator validauth\n"
2909 );
2910 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2911 tt_int_op(ret, OP_EQ, 0);
2912 tor_free(msg);
2913
2914 free_options_test_data(tdata);
2915 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2916 "Socks4Proxy 127.0.42.1\n"
2917 );
2918 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2919 tt_int_op(ret, OP_EQ, 0);
2920 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080);
2921 tor_free(msg);
2922
2923 free_options_test_data(tdata);
2924 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2925 "Socks4Proxy 127.0.42.1:444\n"
2926 );
2927 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2928 tt_int_op(ret, OP_EQ, 0);
2929 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444);
2930 tor_free(msg);
2931
2932 free_options_test_data(tdata);
2933 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2934 "Socks4Proxy not_so_valid!\n"
2935 );
2936 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2937 tt_int_op(ret, OP_EQ, -1);
2938 tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix.");
2939 tor_free(msg);
2940
2941 free_options_test_data(tdata);
2942 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2943 "Socks5Proxy 127.0.42.1\n"
2944 );
2945 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2946 tt_int_op(ret, OP_EQ, 0);
2947 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080);
2948 tor_free(msg);
2949
2950 free_options_test_data(tdata);
2951 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2952 "Socks5Proxy 127.0.42.1:444\n"
2953 );
2954 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2955 tt_int_op(ret, OP_EQ, 0);
2956 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444);
2957 tor_free(msg);
2958
2959 free_options_test_data(tdata);
2960 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2961 "Socks5Proxy not_so_valid!\n"
2962 );
2963 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2964 tt_int_op(ret, OP_EQ, -1);
2965 tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix.");
2966 tor_free(msg);
2967
2968 free_options_test_data(tdata);
2969 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2970 "Socks4Proxy 215.1.1.1\n"
2971 "Socks5Proxy 215.1.1.2\n"
2972 );
2973 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2974 tt_int_op(ret, OP_EQ, -1);
2975 tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
2976 "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
2977 tor_free(msg);
2978
2979 free_options_test_data(tdata);
2980 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2981 "HttpProxy 215.1.1.1\n"
2982 );
2983 mock_clean_saved_logs();
2984 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2985 tt_int_op(ret, OP_EQ, 0);
2986 expect_log_msg("HTTPProxy configured, but no SOCKS "
2987 "proxy or HTTPS proxy configured. Watch out: this configuration "
2988 "will proxy unencrypted directory connections only.\n");
2989 tor_free(msg);
2990
2991 free_options_test_data(tdata);
2992 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2993 "HttpProxy 215.1.1.1\n"
2994 "Socks4Proxy 215.1.1.1\n"
2995 );
2996 mock_clean_saved_logs();
2997 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2998 tt_int_op(ret, OP_EQ, 0);
2999 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
3000 "proxy or HTTPS proxy configured. Watch out: this configuration "
3001 "will proxy unencrypted directory connections only.\n");
3002 tor_free(msg);
3003
3004 free_options_test_data(tdata);
3005 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3006 "HttpProxy 215.1.1.1\n"
3007 "Socks5Proxy 215.1.1.1\n"
3008 );
3009 mock_clean_saved_logs();
3010 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3011 tt_int_op(ret, OP_EQ, 0);
3012 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
3013 "proxy or HTTPS proxy configured. Watch out: this configuration "
3014 "will proxy unencrypted directory connections only.\n");
3015 tor_free(msg);
3016
3017 free_options_test_data(tdata);
3018 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3019 "HttpProxy 215.1.1.1\n"
3020 "HttpsProxy 215.1.1.1\n"
3021 );
3022 mock_clean_saved_logs();
3023 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3024 tt_int_op(ret, OP_EQ, 0);
3025 expect_no_log_msg(
3026 "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
3027 "configured. Watch out: this configuration will proxy "
3028 "unencrypted directory connections only.\n");
3029 tor_free(msg);
3030
3031 free_options_test_data(tdata);
3032 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3033 );
3034 tdata->opt->Socks5ProxyUsername = tor_strdup("");
3035 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3036 tt_int_op(ret, OP_EQ, -1);
3037 tt_str_op(msg, OP_EQ,
3038 "Socks5ProxyUsername must be between 1 and 255 characters.");
3039 tor_free(msg);
3040
3041 free_options_test_data(tdata);
3042 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3043 );
3044 tdata->opt->Socks5ProxyUsername =
3045 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
3046 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
3047 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
3048 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
3049 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
3050 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3051 tt_int_op(ret, OP_EQ, -1);
3052 tt_str_op(msg, OP_EQ,
3053 "Socks5ProxyUsername must be between 1 and 255 characters.");
3054 tor_free(msg);
3055
3056 free_options_test_data(tdata);
3057 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3058 "Socks5ProxyUsername hello_world\n"
3059 );
3060 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3061 tt_int_op(ret, OP_EQ, -1);
3062 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
3063 "Socks5ProxyUsername.");
3064 tor_free(msg);
3065
3066 free_options_test_data(tdata);
3067 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3068 "Socks5ProxyUsername hello_world\n"
3069 );
3070 tdata->opt->Socks5ProxyPassword = tor_strdup("");
3071 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3072 tt_int_op(ret, OP_EQ, -1);
3073 tt_str_op(msg, OP_EQ,
3074 "Socks5ProxyPassword must be between 1 and 255 characters.");
3075 tor_free(msg);
3076
3077 free_options_test_data(tdata);
3078 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3079 "Socks5ProxyUsername hello_world\n"
3080 );
3081 tdata->opt->Socks5ProxyPassword =
3082 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
3083 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
3084 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
3085 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
3086 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
3087 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3088 tt_int_op(ret, OP_EQ, -1);
3089 tt_str_op(msg, OP_EQ,
3090 "Socks5ProxyPassword must be between 1 and 255 characters.");
3091 tor_free(msg);
3092
3093 free_options_test_data(tdata);
3094 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3095 "Socks5ProxyUsername hello_world\n"
3096 "Socks5ProxyPassword world_hello\n"
3097 );
3098 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3099 tt_int_op(ret, OP_EQ, 0);
3100 tor_free(msg);
3101
3102 free_options_test_data(tdata);
3103 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3104 "Socks5ProxyPassword hello_world\n"
3105 );
3106 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3107 tt_int_op(ret, OP_EQ, -1);
3108 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
3109 "Socks5ProxyUsername.");
3110 tor_free(msg);
3111
3112 done:
3113 teardown_capture_of_logs();
3114 free_options_test_data(tdata);
3115 policies_free_all();
3116 // sandbox_free_getaddrinfo_cache();
3117 tor_free(msg);
3118 UNMOCK(tor_addr_lookup);
3119 }
3120
3121 static void
3122 test_options_validate__control(void *ignored)
3123 {
3124 (void)ignored;
3125 int ret;
3126 char *msg;
3127 options_test_data_t *tdata = NULL;
3128 setup_capture_of_logs(LOG_WARN);
3129
3130 free_options_test_data(tdata);
3131 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3132 "HashedControlPassword something_incorrect\n"
3133 );
3134 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3135 tt_int_op(ret, OP_EQ, -1);
3136 tt_str_op(msg, OP_EQ,
3137 "Bad HashedControlPassword: wrong length or bad encoding");
3138 tor_free(msg);
3139
3140 free_options_test_data(tdata);
3141 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3142 "HashedControlPassword 16:872860B76453A77D60CA"
3143 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3144 );
3145 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3146 tt_int_op(ret, OP_EQ, 0);
3147 tor_free(msg);
3148
3149 free_options_test_data(tdata);
3150 tdata = get_options_test_data(
3151 TEST_OPTIONS_DEFAULT_VALUES
3152 "__HashedControlSessionPassword something_incorrect\n"
3153 );
3154 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3155 tt_int_op(ret, OP_EQ, -1);
3156 tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or "
3157 "bad encoding");
3158 tor_free(msg);
3159
3160 free_options_test_data(tdata);
3161 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3162 "__HashedControlSessionPassword 16:872860B7645"
3163 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3164 "4C\n"
3165 );
3166 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3167 tt_int_op(ret, OP_EQ, 0);
3168 tor_free(msg);
3169
3170 free_options_test_data(tdata);
3171 tdata = get_options_test_data(
3172 TEST_OPTIONS_DEFAULT_VALUES
3173 "__OwningControllerProcess something_incorrect\n"
3174 );
3175 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3176 tt_int_op(ret, OP_EQ, -1);
3177 tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID");
3178 tor_free(msg);
3179
3180 free_options_test_data(tdata);
3181 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3182 "__OwningControllerProcess 123\n"
3183 );
3184 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3185 tt_int_op(ret, OP_EQ, 0);
3186 tor_free(msg);
3187
3188 free_options_test_data(tdata);
3189 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3190 "ControlPort 127.0.0.1:1234\n"
3191 );
3192 mock_clean_saved_logs();
3193 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3194 tt_int_op(ret, OP_EQ, 0);
3195 expect_log_msg(
3196 "ControlPort is open, but no authentication method has been "
3197 "configured. This means that any program on your computer can "
3198 "reconfigure your Tor. That's bad! You should upgrade your Tor"
3199 " controller as soon as possible.\n");
3200 tor_free(msg);
3201
3202 free_options_test_data(tdata);
3203 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3204 "ControlPort 127.0.0.1:1234\n"
3205 "HashedControlPassword 16:872860B76453A77D60CA"
3206 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3207 );
3208 mock_clean_saved_logs();
3209 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3210 tt_int_op(ret, OP_EQ, 0);
3211 expect_no_log_msg(
3212 "ControlPort is open, but no authentication method has been "
3213 "configured. This means that any program on your computer can "
3214 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3215 "controller as soon as possible.\n");
3216 tor_free(msg);
3217
3218 free_options_test_data(tdata);
3219 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3220 "ControlPort 127.0.0.1:1234\n"
3221 "__HashedControlSessionPassword 16:872860B7645"
3222 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3223 "4C\n"
3224 );
3225 mock_clean_saved_logs();
3226 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3227 tt_int_op(ret, OP_EQ, 0);
3228 expect_no_log_msg(
3229 "ControlPort is open, but no authentication method has been "
3230 "configured. This means that any program on your computer can "
3231 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3232 "controller as soon as possible.\n");
3233 tor_free(msg);
3234
3235 free_options_test_data(tdata);
3236 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3237 "ControlPort 127.0.0.1:1234\n"
3238 "CookieAuthentication 1\n"
3239 );
3240 mock_clean_saved_logs();
3241 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3242 tt_int_op(ret, OP_EQ, 0);
3243 expect_no_log_msg(
3244 "ControlPort is open, but no authentication method has been "
3245 "configured. This means that any program on your computer can "
3246 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3247 "controller as soon as possible.\n");
3248 tor_free(msg);
3249
3250 #ifdef HAVE_SYS_UN_H
3251 free_options_test_data(tdata);
3252 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3253 "ControlSocket unix:/tmp WorldWritable\n"
3254 );
3255 mock_clean_saved_logs();
3256 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3257 tt_int_op(ret, OP_EQ, 0);
3258 expect_log_msg(
3259 "ControlSocket is world writable, but no authentication method has"
3260 " been configured. This means that any program on your computer "
3261 "can reconfigure your Tor. That's bad! You should upgrade your "
3262 "Tor controller as soon as possible.\n");
3263 tor_free(msg);
3264
3265 free_options_test_data(tdata);
3266 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3267 "ControlSocket unix:/tmp WorldWritable\n"
3268 "HashedControlPassword 16:872860B76453A77D60CA"
3269 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3270 );
3271 mock_clean_saved_logs();
3272 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3273 tt_int_op(ret, OP_EQ, 0);
3274 expect_no_log_msg(
3275 "ControlSocket is world writable, but no authentication method has"
3276 " been configured. This means that any program on your computer "
3277 "can reconfigure your Tor. That's bad! You should upgrade your "
3278 "Tor controller as soon as possible.\n");
3279 tor_free(msg);
3280
3281 free_options_test_data(tdata);
3282 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3283 "ControlSocket unix:/tmp WorldWritable\n"
3284 "__HashedControlSessionPassword 16:872860B7645"
3285 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3286 "4C\n"
3287 );
3288 mock_clean_saved_logs();
3289 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3290 tt_int_op(ret, OP_EQ, 0);
3291 expect_no_log_msg(
3292 "ControlSocket is world writable, but no authentication method has"
3293 " been configured. This means that any program on your computer "
3294 "can reconfigure your Tor. That's bad! You should upgrade your "
3295 "Tor controller as soon as possible.\n");
3296 tor_free(msg);
3297
3298 free_options_test_data(tdata);
3299 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3300 "ControlSocket unix:/tmp WorldWritable\n"
3301 "CookieAuthentication 1\n"
3302 );
3303 mock_clean_saved_logs();
3304 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3305 tt_int_op(ret, OP_EQ, 0);
3306 expect_no_log_msg(
3307 "ControlSocket is world writable, but no authentication method has"
3308 " been configured. This means that any program on your computer "
3309 "can reconfigure your Tor. That's bad! You should upgrade your "
3310 "Tor controller as soon as possible.\n");
3311 tor_free(msg);
3312 #endif /* defined(HAVE_SYS_UN_H) */
3313
3314 free_options_test_data(tdata);
3315 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3316 "CookieAuthFileGroupReadable 1\n"
3317 );
3318 mock_clean_saved_logs();
3319 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3320 tt_int_op(ret, OP_EQ, 0);
3321 expect_log_msg(
3322 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3323 "must specify an explicit CookieAuthFile to have it "
3324 "group-readable.\n");
3325 tor_free(msg);
3326
3327 free_options_test_data(tdata);
3328 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3329 "CookieAuthFileGroupReadable 1\n"
3330 "CookieAuthFile /tmp/somewhere\n"
3331 );
3332 mock_clean_saved_logs();
3333 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3334 tt_int_op(ret, OP_EQ, 0);
3335 expect_no_log_msg(
3336 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3337 "must specify an explicit CookieAuthFile to have it "
3338 "group-readable.\n");
3339 tor_free(msg);
3340
3341 done:
3342 teardown_capture_of_logs();
3343 policies_free_all();
3344 free_options_test_data(tdata);
3345 tor_free(msg);
3346 }
3347
3348 static void
3349 test_options_validate__families(void *ignored)
3350 {
3351 (void)ignored;
3352 int ret;
3353 char *msg;
3354 options_test_data_t *tdata = NULL;
3355 setup_capture_of_logs(LOG_WARN);
3356
3357 free_options_test_data(tdata);
3358 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3359 "MyFamily home\n"
3360 "BridgeRelay 1\n"
3361 "ORPort 127.0.0.1:5555\n"
3362 "BandwidthRate 51300\n"
3363 "BandwidthBurst 51300\n"
3364 "MaxAdvertisedBandwidth 25700\n"
3365 "DirCache 1\n"
3366 );
3367 mock_clean_saved_logs();
3368 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3369 tt_int_op(ret, OP_EQ, 0);
3370 expect_log_msg(
3371 "Listing a family for a bridge relay is not supported: it can "
3372 "reveal bridge fingerprints to censors. You should also make sure "
3373 "you aren't listing this bridge's fingerprint in any other "
3374 "MyFamily.\n");
3375 tor_free(msg);
3376
3377 free_options_test_data(tdata);
3378 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3379 "MyFamily home\n"
3380 );
3381 mock_clean_saved_logs();
3382 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3383 tt_int_op(ret, OP_EQ, 0);
3384 expect_no_log_msg(
3385 "Listing a family for a bridge relay is not supported: it can "
3386 "reveal bridge fingerprints to censors. You should also make sure "
3387 "you aren't listing this bridge's fingerprint in any other "
3388 "MyFamily.\n");
3389 tor_free(msg);
3390
3391 free_options_test_data(tdata);
3392 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3393 "MyFamily !\n"
3394 );
3395 mock_clean_saved_logs();
3396 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3397 tt_int_op(ret, OP_EQ, -1);
3398 tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line");
3399 tor_free(msg);
3400
3401 free_options_test_data(tdata);
3402 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3403 "NodeFamily foo\n"
3404 "NodeFamily !\n"
3405 );
3406 mock_clean_saved_logs();
3407 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3408 tt_int_op(ret, OP_EQ, -1);
3409 tt_assert(!msg);
3410 tor_free(msg);
3411
3412 done:
3413 teardown_capture_of_logs();
3414 policies_free_all();
3415 free_options_test_data(tdata);
3416 tor_free(msg);
3417 }
3418
3419 static void
3420 test_options_validate__addr_policies(void *ignored)
3421 {
3422 (void)ignored;
3423 int ret;
3424 char *msg;
3425 options_test_data_t *tdata = NULL;
3426
3427 free_options_test_data(tdata);
3428 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3429 "ExitPolicy !!!\n"
3430 "ExitRelay 1\n"
3431 );
3432 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3433 tt_int_op(ret, OP_EQ, -1);
3434 tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry.");
3435 tor_free(msg);
3436
3437 done:
3438 policies_free_all();
3439 free_options_test_data(tdata);
3440 tor_free(msg);
3441 }
3442
3443 static void
3444 test_options_validate__dir_auth(void *ignored)
3445 {
3446 (void)ignored;
3447 int ret;
3448 char *msg;
3449 options_test_data_t *tdata = NULL;
3450 setup_capture_of_logs(LOG_WARN);
3451
3452 free_options_test_data(tdata);
3453 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3454 VALID_DIR_AUTH
3455 VALID_ALT_DIR_AUTH
3456 );
3457 mock_clean_saved_logs();
3458 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3459 tt_int_op(ret, OP_EQ, -1);
3460 tt_str_op(msg, OP_EQ,
3461 "Directory authority/fallback line did not parse. See logs for "
3462 "details.");
3463 expect_log_msg(
3464 "You cannot set both DirAuthority and Alternate*Authority.\n");
3465 tor_free(msg);
3466
3467 free_options_test_data(tdata);
3468 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3469 "TestingTorNetwork 1\n"
3470 );
3471 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3472 tt_int_op(ret, OP_EQ, -1);
3473 tt_str_op(msg, OP_EQ,
3474 "TestingTorNetwork may only be configured in combination with a "
3475 "non-default set of DirAuthority or both of AlternateDirAuthority "
3476 "and AlternateBridgeAuthority configured.");
3477 tor_free(msg);
3478
3479 free_options_test_data(tdata);
3480 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3481 VALID_DIR_AUTH
3482 "TestingTorNetwork 1\n"
3483 );
3484 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3485 tt_int_op(ret, OP_EQ, 0);
3486 tor_free(msg);
3487
3488 free_options_test_data(tdata);
3489 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3490 "TestingTorNetwork 1\n"
3491 VALID_ALT_DIR_AUTH
3492 );
3493 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3494 tt_int_op(ret, OP_EQ, -1);
3495 tt_str_op(msg, OP_EQ,
3496 "TestingTorNetwork may only be configured in combination with a "
3497 "non-default set of DirAuthority or both of AlternateDirAuthority "
3498 "and AlternateBridgeAuthority configured.");
3499 tor_free(msg);
3500
3501 free_options_test_data(tdata);
3502 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3503 "TestingTorNetwork 1\n"
3504 VALID_ALT_BRIDGE_AUTH
3505 );
3506 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3507 tt_int_op(ret, OP_EQ, -1);
3508 tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in "
3509 "combination with a non-default set of DirAuthority or both of "
3510 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3511 tor_free(msg);
3512
3513 free_options_test_data(tdata);
3514 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3515 VALID_ALT_DIR_AUTH
3516 VALID_ALT_BRIDGE_AUTH
3517 "TestingTorNetwork 1\n"
3518 );
3519 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3520 tt_int_op(ret, OP_EQ, 0);
3521 tor_free(msg);
3522
3523 done:
3524 policies_free_all();
3525 teardown_capture_of_logs();
3526 free_options_test_data(tdata);
3527 tor_free(msg);
3528 }
3529
3530 static void
3531 test_options_validate__transport(void *ignored)
3532 {
3533 (void)ignored;
3534 int ret;
3535 char *msg;
3536 options_test_data_t *tdata = NULL;
3537 setup_capture_of_logs(LOG_NOTICE);
3538
3539 free_options_test_data(tdata);
3540 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3541 "ClientTransportPlugin !!\n"
3542 );
3543 mock_clean_saved_logs();
3544 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3545 tt_int_op(ret, OP_EQ, -1);
3546 tt_str_op(msg, OP_EQ,
3547 "Invalid client transport line. See logs for details.");
3548 expect_log_msg(
3549 "Too few arguments on ClientTransportPlugin line.\n");
3550 tor_free(msg);
3551
3552 free_options_test_data(tdata);
3553 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3554 "ClientTransportPlugin foo exec bar\n"
3555 );
3556 mock_clean_saved_logs();
3557 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3558 tt_int_op(ret, OP_EQ, 0);
3559 tor_free(msg);
3560
3561 free_options_test_data(tdata);
3562 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3563 "ServerTransportPlugin !!\n"
3564 );
3565 mock_clean_saved_logs();
3566 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3567 tt_int_op(ret, OP_EQ, -1);
3568 tt_str_op(msg, OP_EQ,
3569 "Invalid server transport line. See logs for details.");
3570 expect_log_msg(
3571 "Too few arguments on ServerTransportPlugin line.\n");
3572 tor_free(msg);
3573
3574 free_options_test_data(tdata);
3575 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3576 "ServerTransportPlugin foo exec bar\n"
3577 );
3578 mock_clean_saved_logs();
3579 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3580 tt_int_op(ret, OP_EQ, 0);
3581 expect_log_msg(
3582 "Tor is not configured as a relay but you specified a "
3583 "ServerTransportPlugin line (\"foo exec bar\"). The "
3584 "ServerTransportPlugin line will be ignored.\n");
3585 tor_free(msg);
3586
3587 free_options_test_data(tdata);
3588 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3589 "ServerTransportPlugin foo exec bar\n"
3590 "ORPort 127.0.0.1:5555\n"
3591 "BandwidthRate 76900\n"
3592 "BandwidthBurst 76900\n"
3593 "MaxAdvertisedBandwidth 38500\n"
3594 );
3595 mock_clean_saved_logs();
3596 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3597 tt_int_op(ret, OP_EQ, 0);
3598 expect_no_log_msg(
3599 "Tor is not configured as a relay but you specified a "
3600 "ServerTransportPlugin line (\"foo exec bar\"). The "
3601 "ServerTransportPlugin line will be ignored.\n");
3602 tor_free(msg);
3603
3604 free_options_test_data(tdata);
3605 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3606 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3607 "ServerTransportListenAddr !\n"
3608 );
3609 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3610 tt_int_op(ret, OP_EQ, -1);
3611 tt_str_op(msg, OP_EQ,
3612 "ServerTransportListenAddr did not parse. See logs for details.");
3613 tor_free(msg);
3614
3615 free_options_test_data(tdata);
3616 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3617 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3618 );
3619 mock_clean_saved_logs();
3620 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3621 tt_int_op(ret, OP_EQ, 0);
3622 expect_log_msg(
3623 "You need at least a single managed-proxy to specify a transport "
3624 "listen address. The ServerTransportListenAddr line will be "
3625 "ignored.\n");
3626 tor_free(msg);
3627
3628 free_options_test_data(tdata);
3629 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3630 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3631 "ServerTransportPlugin foo exec bar\n"
3632 "ORPort 127.0.0.1:5555\n"
3633 "BandwidthRate 76900\n"
3634 "BandwidthBurst 76900\n"
3635 "MaxAdvertisedBandwidth 38500\n"
3636 );
3637 mock_clean_saved_logs();
3638 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3639 tt_int_op(ret, OP_EQ, 0);
3640 expect_no_log_msg(
3641 "You need at least a single managed-proxy to specify a transport "
3642 "listen address. The ServerTransportListenAddr line will be "
3643 "ignored.\n");
3644
3645 done:
3646 escaped(NULL); // This will free the leaking memory from the previous escaped
3647 policies_free_all();
3648 teardown_capture_of_logs();
3649 free_options_test_data(tdata);
3650 tor_free(msg);
3651 }
3652
3653 static void
3654 test_options_validate__constrained_sockets(void *ignored)
3655 {
3656 (void)ignored;
3657 int ret;
3658 char *msg;
3659 options_test_data_t *tdata = NULL;
3660 setup_capture_of_logs(LOG_WARN);
3661
3662 free_options_test_data(tdata);
3663 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3664 "ConstrainedSockets 1\n"
3665 "ConstrainedSockSize 0\n"
3666 );
3667 mock_clean_saved_logs();
3668 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3669 tt_int_op(ret, OP_EQ, -1);
3670 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3671 "between 2048 and 262144 in 1024 byte increments.");
3672 tor_free(msg);
3673
3674 free_options_test_data(tdata);
3675 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3676 "ConstrainedSockets 1\n"
3677 "ConstrainedSockSize 263168\n"
3678 );
3679 mock_clean_saved_logs();
3680 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3681 tt_int_op(ret, OP_EQ, -1);
3682 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3683 "between 2048 and 262144 in 1024 byte increments.");
3684 tor_free(msg);
3685
3686 free_options_test_data(tdata);
3687 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3688 "ConstrainedSockets 1\n"
3689 "ConstrainedSockSize 2047\n"
3690 );
3691 mock_clean_saved_logs();
3692 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3693 tt_int_op(ret, OP_EQ, -1);
3694 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3695 "between 2048 and 262144 in 1024 byte increments.");
3696 tor_free(msg);
3697
3698 free_options_test_data(tdata);
3699 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3700 "ConstrainedSockets 1\n"
3701 "ConstrainedSockSize 2048\n"
3702 "DirPort 999\n"
3703 "DirCache 1\n"
3704 );
3705 mock_clean_saved_logs();
3706 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3707 tt_int_op(ret, OP_EQ, 0);
3708 expect_log_msg("You have requested constrained "
3709 "socket buffers while also serving directory entries via DirPort."
3710 " It is strongly suggested that you disable serving directory"
3711 " requests when system TCP buffer resources are scarce.\n");
3712 tor_free(msg);
3713
3714 free_options_test_data(tdata);
3715 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3716 "ConstrainedSockets 1\n"
3717 "ConstrainedSockSize 2048\n"
3718 );
3719 mock_clean_saved_logs();
3720 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3721 tt_int_op(ret, OP_EQ, 0);
3722 expect_no_log_msg(
3723 "You have requested constrained socket buffers while also serving"
3724 " directory entries via DirPort. It is strongly suggested that "
3725 "you disable serving directory requests when system TCP buffer "
3726 "resources are scarce.\n");
3727 tor_free(msg);
3728
3729 done:
3730 policies_free_all();
3731 teardown_capture_of_logs();
3732 free_options_test_data(tdata);
3733 tor_free(msg);
3734 }
3735
3736 static void
3737 test_options_validate__v3_auth(void *ignored)
3738 {
3739 (void)ignored;
3740 int ret;
3741 char *msg;
3742 options_test_data_t *tdata = NULL;
3743 setup_capture_of_logs(LOG_WARN);
3744
3745 free_options_test_data(tdata);
3746 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3747 "V3AuthVoteDelay 1000\n"
3748 "V3AuthDistDelay 1000\n"
3749 "V3AuthVotingInterval 1000\n"
3750 );
3751 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3752 tt_int_op(ret, OP_EQ, -1);
3753 tt_str_op(msg, OP_EQ,
3754 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3755 "V3AuthVotingInterval");
3756 tor_free(msg);
3757
3758 free_options_test_data(tdata);
3759 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3760 "V3AuthVoteDelay 1\n"
3761 );
3762 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3763 tt_int_op(ret, OP_EQ, -1);
3764 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3765 tor_free(msg);
3766
3767 free_options_test_data(tdata);
3768 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3769 "V3AuthVoteDelay 1\n"
3770 "TestingTorNetwork 1\n"
3771 );
3772 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3773 tt_int_op(ret, OP_EQ, -1);
3774 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
3775 tor_free(msg);
3776
3777 // TODO: we can't reach the case of v3authvotedelay lower
3778 // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
3779 // since they are the same
3780
3781 free_options_test_data(tdata);
3782 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3783 "V3AuthDistDelay 1\n"
3784 );
3785 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3786 tt_int_op(ret, OP_EQ, -1);
3787 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3788 tor_free(msg);
3789
3790 free_options_test_data(tdata);
3791 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3792 "V3AuthDistDelay 1\n"
3793 "TestingTorNetwork 1\n"
3794 );
3795 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3796 tt_int_op(ret, OP_EQ, -1);
3797 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
3798 tor_free(msg);
3799
3800 // TODO: we can't reach the case of v3authdistdelay lower than
3801 // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
3802 // since they are the same
3803
3804 free_options_test_data(tdata);
3805 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3806 "V3AuthNIntervalsValid 1\n"
3807 );
3808 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3809 tt_int_op(ret, OP_EQ, -1);
3810 tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2.");
3811 tor_free(msg);
3812
3813 free_options_test_data(tdata);
3814 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3815 "V3AuthVoteDelay 49\n"
3816 "V3AuthDistDelay 49\n"
3817 "V3AuthVotingInterval 200\n"
3818 );
3819 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3820 tt_int_op(ret, OP_EQ, -1);
3821 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low.");
3822 tor_free(msg);
3823
3824 free_options_test_data(tdata);
3825 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3826 "V3AuthVoteDelay 49\n"
3827 "V3AuthDistDelay 49\n"
3828 "V3AuthVotingInterval 200000\n"
3829 );
3830 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3831 tt_int_op(ret, OP_EQ, -1);
3832 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high.");
3833 tor_free(msg);
3834
3835 free_options_test_data(tdata);
3836 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3837 "V3AuthVoteDelay 49\n"
3838 "V3AuthDistDelay 49\n"
3839 "V3AuthVotingInterval 1441\n"
3840 );
3841 mock_clean_saved_logs();
3842 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3843 tt_int_op(ret, OP_EQ, 0);
3844 expect_log_msg("V3AuthVotingInterval does not divide"
3845 " evenly into 24 hours.\n");
3846 tor_free(msg);
3847
3848 free_options_test_data(tdata);
3849 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3850 "V3AuthVoteDelay 49\n"
3851 "V3AuthDistDelay 49\n"
3852 "V3AuthVotingInterval 1440\n"
3853 );
3854 mock_clean_saved_logs();
3855 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3856 tt_int_op(ret, OP_EQ, 0);
3857 expect_no_log_msg("V3AuthVotingInterval does not divide"
3858 " evenly into 24 hours.\n");
3859 tor_free(msg);
3860
3861 free_options_test_data(tdata);
3862 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3863 "V3AuthVoteDelay 49\n"
3864 "V3AuthDistDelay 49\n"
3865 "V3AuthVotingInterval 299\n"
3866 VALID_DIR_AUTH
3867 "TestingTorNetwork 1\n"
3868 );
3869 mock_clean_saved_logs();
3870 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3871 tt_int_op(ret, OP_EQ, 0);
3872 expect_log_msg("V3AuthVotingInterval is very low. "
3873 "This may lead to failure to synchronise for a consensus.\n");
3874 tor_free(msg);
3875
3876 // TODO: It is impossible to reach the case of testingtor network, with
3877 // v3authvotinginterval too low
3878 /* free_options_test_data(tdata); */
3879 /* tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES */
3880 /* "V3AuthVoteDelay 1\n" */
3881 /* "V3AuthDistDelay 1\n" */
3882 /* "V3AuthVotingInterval 9\n" */
3883 /* VALID_DIR_AUTH */
3884 /* "TestingTorNetwork 1\n" */
3885 /* ); */
3886 /* ret = options_validate(tdata->old_opt, tdata->opt, */
3887 /* tdata->def_opt, 0, &msg); */
3888 /* tt_int_op(ret, OP_EQ, -1); */
3889 /* tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low."); */
3890
3891 free_options_test_data(tdata);
3892 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3893 "TestingV3AuthInitialVoteDelay 1\n"
3894 VALID_DIR_AUTH
3895 "TestingTorNetwork 1\n"
3896 );
3897 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3898 tt_int_op(ret, OP_EQ, -1);
3899 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low.");
3900 tor_free(msg);
3901
3902 free_options_test_data(tdata);
3903 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3904 "TestingV3AuthInitialDistDelay 1\n"
3905 VALID_DIR_AUTH
3906 "TestingTorNetwork 1\n"
3907 );
3908 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3909 tt_int_op(ret, OP_EQ, -1);
3910 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low.");
3911 tor_free(msg);
3912
3913 free_options_test_data(tdata);
3914 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3915 VALID_DIR_AUTH
3916 "TestingTorNetwork 1\n"
3917 );
3918 tdata->opt->TestingV3AuthVotingStartOffset = 100000;
3919 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3920 tt_int_op(ret, OP_EQ, -1);
3921 tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the "
3922 "voting interval.");
3923 tor_free(msg);
3924
3925 free_options_test_data(tdata);
3926 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3927 VALID_DIR_AUTH
3928 "TestingTorNetwork 1\n"
3929 );
3930 tdata->opt->TestingV3AuthVotingStartOffset = -1;
3931 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3932 tt_int_op(ret, OP_EQ, -1);
3933 tt_str_op(msg, OP_EQ,
3934 "TestingV3AuthVotingStartOffset must be non-negative.");
3935 tor_free(msg);
3936
3937 free_options_test_data(tdata);
3938 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3939 VALID_DIR_AUTH
3940 "TestingTorNetwork 1\n"
3941 "TestingV3AuthInitialVotingInterval 4\n"
3942 );
3943 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3944 tt_int_op(ret, OP_EQ, -1);
3945 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low.");
3946 tor_free(msg);
3947
3948 done:
3949 policies_free_all();
3950 teardown_capture_of_logs();
3951 free_options_test_data(tdata);
3952 tor_free(msg);
3953 }
3954
3955 static void
3956 test_options_validate__virtual_addr(void *ignored)
3957 {
3958 (void)ignored;
3959 int ret;
3960 char *msg;
3961 options_test_data_t *tdata = NULL;
3962
3963 free_options_test_data(tdata);
3964 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3965 "VirtualAddrNetworkIPv4 !!"
3966 );
3967 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3968 tt_int_op(ret, OP_EQ, -1);
3969 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!");
3970 tor_free(msg);
3971
3972 free_options_test_data(tdata);
3973 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3974 "VirtualAddrNetworkIPv6 !!"
3975 );
3976 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3977 tt_int_op(ret, OP_EQ, -1);
3978 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!");
3979 tor_free(msg);
3980
3981 done:
3982 escaped(NULL); // This will free the leaking memory from the previous escaped
3983 policies_free_all();
3984 free_options_test_data(tdata);
3985 tor_free(msg);
3986 }
3987
3988 static void
3989 test_options_validate__testing_options(void *ignored)
3990 {
3991 (void)ignored;
3992 int ret;
3993 char *msg;
3994 options_test_data_t *tdata = NULL;
3995 setup_capture_of_logs(LOG_WARN);
3996
3997 #define TEST_TESTING_OPTION(name, low_val, high_val, err_low) \
3998 STMT_BEGIN \
3999 free_options_test_data(tdata); \
4000 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
4001 VALID_DIR_AUTH \
4002 "TestingTorNetwork 1\n" \
4003 ); \
4004 tdata->opt-> name = low_val; \
4005 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
4006 tt_int_op(ret, OP_EQ, -1); \
4007 tt_str_op(msg, OP_EQ, #name " " err_low); \
4008 tor_free(msg); \
4009 \
4010 free_options_test_data(tdata); \
4011 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
4012 VALID_DIR_AUTH \
4013 "TestingTorNetwork 1\n" \
4014 ); \
4015 tdata->opt-> name = high_val; \
4016 mock_clean_saved_logs(); \
4017 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
4018 tt_int_op(ret, OP_EQ, 0); \
4019 expect_log_msg( #name " is insanely high.\n"); \
4020 tor_free(msg); \
4021 STMT_END
4022
4023 TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, -1, 8000,
4024 "must be non-negative.");
4025 TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601,
4026 "must be non-negative.");
4027 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601,
4028 "is way too low.");
4029 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601,
4030 "is way too low.");
4031
4032 free_options_test_data(tdata);
4033 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4034 "TestingEnableConnBwEvent 1\n"
4035 );
4036 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4037 tt_int_op(ret, OP_EQ, -1);
4038 tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in "
4039 "testing Tor networks!");
4040 tor_free(msg);
4041
4042 free_options_test_data(tdata);
4043 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4044 "TestingEnableConnBwEvent 1\n"
4045 VALID_DIR_AUTH
4046 "TestingTorNetwork 1\n"
4047 "___UsingTestNetworkDefaults 0\n"
4048 );
4049
4050 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4051 tt_int_op(ret, OP_EQ, 0);
4052 tt_assert(!msg);
4053 tor_free(msg);
4054
4055 free_options_test_data(tdata);
4056 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4057 "TestingEnableConnBwEvent 1\n"
4058 VALID_DIR_AUTH
4059 "TestingTorNetwork 0\n"
4060 "___UsingTestNetworkDefaults 1\n"
4061 );
4062
4063 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4064 tt_int_op(ret, OP_EQ, 0);
4065 tt_assert(!msg);
4066 tor_free(msg);
4067
4068 free_options_test_data(tdata);
4069 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4070 "TestingEnableCellStatsEvent 1\n"
4071 );
4072 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4073 tt_int_op(ret, OP_EQ, -1);
4074 tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in "
4075 "testing Tor networks!");
4076 tor_free(msg);
4077
4078 free_options_test_data(tdata);
4079 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4080 "TestingEnableCellStatsEvent 1\n"
4081 VALID_DIR_AUTH
4082 "TestingTorNetwork 1\n"
4083 "___UsingTestNetworkDefaults 0\n"
4084 );
4085
4086 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4087 tt_int_op(ret, OP_EQ, 0);
4088 tt_assert(!msg);
4089 tor_free(msg);
4090
4091 free_options_test_data(tdata);
4092 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4093 "TestingEnableCellStatsEvent 1\n"
4094 VALID_DIR_AUTH
4095 "TestingTorNetwork 0\n"
4096 "___UsingTestNetworkDefaults 1\n"
4097 );
4098
4099 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4100 tt_int_op(ret, OP_EQ, 0);
4101 tt_assert(!msg);
4102 tor_free(msg);
4103
4104 free_options_test_data(tdata);
4105 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4106 "TestingEnableTbEmptyEvent 1\n"
4107 VALID_DIR_AUTH
4108 "TestingTorNetwork 1\n"
4109 "___UsingTestNetworkDefaults 0\n"
4110 );
4111
4112 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4113 tt_int_op(ret, OP_EQ, 0);
4114 tt_assert(!msg);
4115 tor_free(msg);
4116
4117 free_options_test_data(tdata);
4118 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4119 "TestingEnableTbEmptyEvent 1\n"
4120 VALID_DIR_AUTH
4121 "TestingTorNetwork 0\n"
4122 "___UsingTestNetworkDefaults 1\n"
4123 );
4124
4125 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4126 tt_int_op(ret, OP_EQ, 0);
4127 tt_assert(!msg);
4128 tor_free(msg);
4129
4130 done:
4131 policies_free_all();
4132 teardown_capture_of_logs();
4133 free_options_test_data(tdata);
4134 tor_free(msg);
4135 }
4136
4137 static void
4138 test_options_validate__accel(void *ignored)
4139 {
4140 (void)ignored;
4141 int ret;
4142 char *msg;
4143 options_test_data_t *tdata = NULL;
4144
4145 free_options_test_data(tdata);
4146 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4147 "AccelName foo\n"
4148 );
4149 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4150 tt_int_op(ret, OP_EQ, 0);
4151 tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 1);
4152 tor_free(msg);
4153
4154 free_options_test_data(tdata);
4155 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4156 "AccelName foo\n"
4157 );
4158 tdata->opt->HardwareAccel = 2;
4159 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4160 tt_int_op(ret, OP_EQ, 0);
4161 tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 2);
4162 tor_free(msg);
4163
4164 free_options_test_data(tdata);
4165 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4166 "AccelDir 1\n"
4167 );
4168 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4169 tt_int_op(ret, OP_EQ, -1);
4170 tt_str_op(msg, OP_EQ,
4171 "Can't use hardware crypto accelerator dir without engine name.");
4172 tor_free(msg);
4173
4174 free_options_test_data(tdata);
4175 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4176 "AccelDir 1\n"
4177 "AccelName something\n"
4178 );
4179 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4180 tt_int_op(ret, OP_EQ, 0);
4181 tor_free(msg);
4182
4183 done:
4184 policies_free_all();
4185 free_options_test_data(tdata);
4186 tor_free(msg);
4187 }
4188
4189 #define LOCAL_VALIDATE_TEST(name) \
4190 { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
4191
4192 struct testcase_t options_tests[] = {
4193 { "validate", test_options_validate, TT_FORK, NULL, NULL },
4194 { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL },
4195 LOCAL_VALIDATE_TEST(uname_for_server),
4196 LOCAL_VALIDATE_TEST(outbound_addresses),
4197 LOCAL_VALIDATE_TEST(data_directory),
4198 LOCAL_VALIDATE_TEST(nickname),
4199 LOCAL_VALIDATE_TEST(contactinfo),
4200 LOCAL_VALIDATE_TEST(logs),
4201 LOCAL_VALIDATE_TEST(authdir),
4202 LOCAL_VALIDATE_TEST(relay_with_hidden_services),
4203 LOCAL_VALIDATE_TEST(transproxy),
4204 LOCAL_VALIDATE_TEST(exclude_nodes),
4205 LOCAL_VALIDATE_TEST(node_families),
4206 LOCAL_VALIDATE_TEST(token_bucket),
4207 LOCAL_VALIDATE_TEST(recommended_packages),
4208 LOCAL_VALIDATE_TEST(fetch_dir),
4209 LOCAL_VALIDATE_TEST(conn_limit),
4210 LOCAL_VALIDATE_TEST(paths_needed),
4211 LOCAL_VALIDATE_TEST(max_client_circuits),
4212 LOCAL_VALIDATE_TEST(ports),
4213 LOCAL_VALIDATE_TEST(reachable_addresses),
4214 LOCAL_VALIDATE_TEST(use_bridges),
4215 LOCAL_VALIDATE_TEST(entry_nodes),
4216 LOCAL_VALIDATE_TEST(safe_logging),
4217 LOCAL_VALIDATE_TEST(publish_server_descriptor),
4218 LOCAL_VALIDATE_TEST(testing),
4219 LOCAL_VALIDATE_TEST(hidserv),
4220 LOCAL_VALIDATE_TEST(path_bias),
4221 LOCAL_VALIDATE_TEST(bandwidth),
4222 LOCAL_VALIDATE_TEST(circuits),
4223 LOCAL_VALIDATE_TEST(tor2web),
4224 LOCAL_VALIDATE_TEST(rend),
4225 LOCAL_VALIDATE_TEST(single_onion),
4226 LOCAL_VALIDATE_TEST(accounting),
4227 LOCAL_VALIDATE_TEST(proxy),
4228 LOCAL_VALIDATE_TEST(control),
4229 LOCAL_VALIDATE_TEST(families),
4230 LOCAL_VALIDATE_TEST(addr_policies),
4231 LOCAL_VALIDATE_TEST(dir_auth),
4232 LOCAL_VALIDATE_TEST(transport),
4233 LOCAL_VALIDATE_TEST(constrained_sockets),
4234 LOCAL_VALIDATE_TEST(v3_auth),
4235 LOCAL_VALIDATE_TEST(virtual_addr),
4236 LOCAL_VALIDATE_TEST(testing_options),
4237 LOCAL_VALIDATE_TEST(accel),
4238 END_OF_TESTCASES /* */
4239 };
4240
The Onion Router