1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
7 #define RELAY_CONFIG_PRIVATE
9 #define ROUTERSET_PRIVATE
10 #include "core/or/or.h"
11 #include "lib/confmgt/confmgt.h"
12 #include "app/config/config.h"
13 #include "feature/dirauth/dirauth_config.h"
14 #include "feature/dirauth/dirauth_options_st.h"
15 #include "feature/dirauth/dirauth_sys.h"
16 #include "feature/relay/relay_config.h"
17 #include "test/test.h"
18 #include "lib/geoip/geoip.h"
20 #include "feature/nodelist/routerset.h"
21 #include "core/mainloop/mainloop.h"
22 #include "app/main/subsysmgr.h"
23 #include "test/log_test_helpers.h"
24 #include "test/resolve_test_helpers.h"
25 #include "lib/crypt_ops/crypto_options_st.h"
26 #include "lib/crypt_ops/crypto_sys.h"
28 #include "lib/sandbox/sandbox.h"
29 #include "lib/memarea/memarea.h"
30 #include "lib/osinfo/uname.h"
31 #include "lib/encoding/confline.h"
32 #include "core/or/policies.h"
33 #include "test/test_helpers.h"
34 #include "test/opts_test_helpers.h"
35 #include "lib/net/resolve.h"
37 #ifdef HAVE_SYS_PARAM_H
38 #include <sys/param.h>
43 log_domain_mask_t domain
;
47 static smartlist_t
*messages
= NULL
;
50 log_cback(int severity
, log_domain_mask_t domain
, const char *msg
)
52 logmsg_t
*x
= tor_malloc(sizeof(*x
));
53 x
->severity
= severity
;
55 x
->msg
= tor_strdup(msg
);
57 messages
= smartlist_new();
58 smartlist_add(messages
, x
);
62 setup_log_callback(void)
64 log_severity_list_t lst
;
65 memset(&lst
, 0, sizeof(lst
));
66 lst
.masks
[SEVERITY_MASK_IDX(LOG_ERR
)] = LD_ALL_DOMAINS
;
67 lst
.masks
[SEVERITY_MASK_IDX(LOG_WARN
)] = LD_ALL_DOMAINS
;
68 lst
.masks
[SEVERITY_MASK_IDX(LOG_NOTICE
)] = LD_ALL_DOMAINS
;
69 add_callback_log(&lst
, log_cback
);
79 return tor_strdup("");
80 msgs
= smartlist_new();
81 SMARTLIST_FOREACH_BEGIN(messages
, logmsg_t
*, x
) {
82 smartlist_add_asprintf(msgs
, "[%s] %s",
83 log_level_to_string(x
->severity
), x
->msg
);
84 } SMARTLIST_FOREACH_END(x
);
85 out
= smartlist_join_strings(msgs
, "", 0, NULL
);
86 SMARTLIST_FOREACH(msgs
, char *, cp
, tor_free(cp
));
92 clear_log_messages(void)
96 SMARTLIST_FOREACH(messages
, logmsg_t
*, m
,
97 { tor_free(m
->msg
); tor_free(m
); });
98 smartlist_free(messages
);
102 #define setup_options(opt) \
104 opt = options_new(); \
105 opt->command = CMD_RUN_TOR; \
111 #define ENABLE_AUTHORITY_MIN ""
112 #define ENABLE_AUTHORITY_V3_MIN ""
113 #define ENABLE_AUTHORITY_BRIDGE_MIN ""
114 #define AUTHORITY_OPT_REQ_ ""
115 #define ENABLE_AUTHORITY ""
116 #define ENABLE_AUTHORITY_V3 ""
117 #define ENABLE_AUTHORITY_BRIDGE ""
119 #else /* !defined(COCCI) */
121 #define ENABLE_AUTHORITY_MIN \
122 "AuthoritativeDirectory 1\n"
124 #define ENABLE_AUTHORITY_V3_MIN \
125 ENABLE_AUTHORITY_MIN \
126 "V3AuthoritativeDir 1\n"
128 #define ENABLE_AUTHORITY_BRIDGE_MIN \
129 ENABLE_AUTHORITY_MIN \
130 "BridgeAuthoritativeDir 1\n"
132 #define AUTHORITY_OPT_REQ_ \
133 "Address 192.0.2.111\n" \
134 "ContactInfo a@example.org\n" \
138 /* Not actually valid: requires v3 / bridge */
139 #define ENABLE_AUTHORITY \
140 ENABLE_AUTHORITY_MIN \
143 #define ENABLE_AUTHORITY_V3 \
144 ENABLE_AUTHORITY_V3_MIN \
147 #define ENABLE_AUTHORITY_BRIDGE \
148 ENABLE_AUTHORITY_BRIDGE_MIN \
151 #endif /* defined(COCCI) */
153 #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \
154 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
155 " 083C 538F 4403 8BBF A077 587D D755\n"
156 #define VALID_ALT_BRIDGE_AUTH \
157 "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \
158 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
159 " 083C 538F 4403 8BBF A077 587D D755\n"
160 #define VALID_ALT_DIR_AUTH \
161 "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \
162 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
163 " 083C 538F 4403 8BBF A077 587D D755\n"
166 test_options_checklog(const char *configuration
, int expect_log_severity
,
167 const char *expect_log
)
169 int found
= 0, ret
= -1;
170 char *actual_log
= NULL
;
173 SMARTLIST_FOREACH_BEGIN(messages
, logmsg_t
*, m
) {
174 if (m
->severity
== expect_log_severity
&&
175 strstr(m
->msg
, expect_log
)) {
179 } SMARTLIST_FOREACH_END(m
);
182 actual_log
= dump_logs();
183 TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.",
184 log_level_to_string(expect_log_severity
), expect_log
,
185 configuration
, actual_log
));
190 tor_free(actual_log
);
195 test_options_checkmsgs(const char *configuration
,
196 const char *expect_errmsg
,
197 int expect_log_severity
,
198 const char *expect_log
,
201 if (expect_errmsg
&& !msg
) {
202 TT_DIE(("Expected error message <%s> from <%s>, but got none.",
203 expect_errmsg
, configuration
));
204 } else if (expect_errmsg
&& !strstr(msg
, expect_errmsg
)) {
205 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
206 expect_errmsg
, configuration
, msg
));
207 } else if (!expect_errmsg
&& msg
) {
208 TT_DIE(("Expected no error message from <%s> but got <%s>.",
209 configuration
, msg
));
212 return test_options_checklog(configuration
, expect_log_severity
,
221 /* Which phases of config parsing/validation to check for messages/logs */
222 enum { PH_GETLINES
, PH_ASSIGN
, PH_VALIDATE
};
225 test_options_validate_impl(const char *configuration
,
226 const char *expect_errmsg
,
227 int expect_log_severity
,
228 const char *expect_log
,
231 or_options_t
*opt
=NULL
;
232 config_line_t
*cl
=NULL
;
238 r
= config_get_lines(configuration
, &cl
, 1);
239 if (phase
== PH_GETLINES
) {
240 if (test_options_checkmsgs(configuration
, expect_errmsg
,
248 r
= config_assign(get_options_mgr(), opt
, cl
, 0, &msg
);
249 if (phase
== PH_ASSIGN
) {
250 if (test_options_checkmsgs(configuration
, expect_errmsg
,
255 tt_int_op((r
== 0), OP_EQ
, (msg
== NULL
));
259 r
= options_validate(NULL
, opt
, &msg
);
260 if (phase
== PH_VALIDATE
) {
261 if (test_options_checkmsgs(configuration
, expect_errmsg
,
266 tt_int_op((r
== 0), OP_EQ
, (msg
== NULL
));
271 config_free_lines(cl
);
272 or_options_free(opt
);
274 clear_log_messages();
277 #define WANT_ERR(config, msg, ph) \
278 test_options_validate_impl((config), (msg), 0, NULL, (ph))
279 #define WANT_LOG(config, severity, msg, ph) \
280 test_options_validate_impl((config), NULL, (severity), (msg), (ph))
281 #define WANT_ERR_LOG(config, msg, severity, logmsg, ph) \
282 test_options_validate_impl((config), (msg), (severity), (logmsg), (ph))
283 #define OK(config, ph) \
284 test_options_validate_impl((config), NULL, 0, NULL, (ph))
287 test_options_validate(void *arg
)
290 setup_log_callback();
291 sandbox_disable_getaddrinfo_cache();
292 mock_hostname_resolver();
294 WANT_ERR("ExtORPort 500000", "Invalid ExtORPort", PH_VALIDATE
);
296 WANT_ERR_LOG("ServerTransportOptions trebuchet",
297 "ServerTransportOptions did not parse",
298 LOG_WARN
, "Too few arguments", PH_VALIDATE
);
299 OK("ServerTransportOptions trebuchet sling=snappy", PH_VALIDATE
);
300 OK("ServerTransportOptions trebuchet sling=", PH_VALIDATE
);
301 WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy",
302 "ServerTransportOptions did not parse",
303 LOG_WARN
, "\"slingsnappy\" is not a k=v", PH_VALIDATE
);
305 WANT_ERR("BridgeRelay 1\nDirCache 0",
306 "We're a bridge but DirCache is disabled.", PH_VALIDATE
);
308 WANT_ERR("HeartbeatPeriod 21 snarks",
309 "Unknown unit in 21 snarks", PH_ASSIGN
);
310 WANT_ERR("LogTimeGranularity 21 snarks",
311 "Unknown unit in 21 snarks", PH_ASSIGN
);
312 OK("HeartbeatPeriod 1 hour", PH_VALIDATE
);
313 OK("LogTimeGranularity 100 milliseconds", PH_VALIDATE
);
315 WANT_LOG("ControlSocket \"string with trailing garbage\" bogus", LOG_WARN
,
316 "Error while parsing configuration: "
317 "Excess data after quoted string", PH_GETLINES
);
318 WANT_LOG("ControlSocket \"bogus escape \\@\"", LOG_WARN
,
319 "Error while parsing configuration: "
320 "Invalid escape sequence in quoted string", PH_GETLINES
);
323 clear_log_messages();
324 unmock_hostname_resolver();
328 #define MEGABYTEIFY(mb) (UINT64_C(mb) << 20)
330 test_have_enough_mem_for_dircache(void *arg
)
333 or_options_t
*opt
=NULL
;
334 config_line_t
*cl
=NULL
;
337 const char *configuration
= "ORPort 8080\nDirCache 1", *expect_errmsg
;
340 setup_log_callback();
342 r
= config_get_lines(configuration
, &cl
, 1);
343 tt_int_op(r
, OP_EQ
, 0);
345 r
= config_assign(get_options_mgr(), opt
, cl
, 0, &msg
);
346 tt_int_op(r
, OP_EQ
, 0);
348 /* 300 MB RAM available, DirCache enabled */
349 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(300), &msg
);
350 tt_int_op(r
, OP_EQ
, 0);
351 tt_ptr_op(msg
, OP_EQ
, NULL
);
353 /* 200 MB RAM available, DirCache enabled */
354 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(200), &msg
);
355 tt_int_op(r
, OP_EQ
, -1);
356 expect_errmsg
= "Being a directory cache (default) with less than ";
357 if (!strstr(msg
, expect_errmsg
)) {
358 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
359 expect_errmsg
, configuration
, msg
));
363 config_free_lines(cl
); cl
= NULL
;
364 configuration
= "ORPort 8080\nDirCache 1\nBridgeRelay 1";
365 r
= config_get_lines(configuration
, &cl
, 1);
366 tt_int_op(r
, OP_EQ
, 0);
368 r
= config_assign(get_options_mgr(), opt
, cl
, 0, &msg
);
369 tt_int_op(r
, OP_EQ
, 0);
371 /* 300 MB RAM available, DirCache enabled, Bridge */
372 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(300), &msg
);
373 tt_int_op(r
, OP_EQ
, 0);
374 tt_ptr_op(msg
, OP_EQ
, NULL
);
376 /* 200 MB RAM available, DirCache enabled, Bridge */
377 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(200), &msg
);
378 tt_int_op(r
, OP_EQ
, -1);
379 expect_errmsg
= "Running a Bridge with less than ";
380 if (!strstr(msg
, expect_errmsg
)) {
381 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
382 expect_errmsg
, configuration
, msg
));
386 config_free_lines(cl
); cl
= NULL
;
387 configuration
= "ORPort 8080\nDirCache 0";
388 r
= config_get_lines(configuration
, &cl
, 1);
389 tt_int_op(r
, OP_EQ
, 0);
391 r
= config_assign(get_options_mgr(), opt
, cl
, 0, &msg
);
392 tt_int_op(r
, OP_EQ
, 0);
394 /* 200 MB RAM available, DirCache disabled */
395 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(200), &msg
);
396 tt_int_op(r
, OP_EQ
, 0);
397 tt_ptr_op(msg
, OP_EQ
, NULL
);
399 /* 300 MB RAM available, DirCache disabled */
400 r
= have_enough_mem_for_dircache(opt
, MEGABYTEIFY(300), &msg
);
401 tt_int_op(r
, OP_EQ
, -1);
402 expect_errmsg
= "DirCache is disabled and we are configured as a ";
403 if (!strstr(msg
, expect_errmsg
)) {
404 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
405 expect_errmsg
, configuration
, msg
));
409 clear_log_messages();
414 or_options_free(opt
);
415 config_free_lines(cl
);
419 static const char *fixed_get_uname_result
= NULL
;
422 fixed_get_uname(void)
424 return fixed_get_uname_result
;
429 } options_test_data_t
;
431 static void free_options_test_data(options_test_data_t
*td
);
433 static options_test_data_t
*
434 get_options_test_data(const char *conf
)
438 config_line_t
*cl
=NULL
;
439 options_test_data_t
*result
= tor_malloc(sizeof(options_test_data_t
));
440 result
->opt
= options_new();
442 options_init(result
->opt
);
444 rv
= config_get_lines(conf
, &cl
, 1);
445 tt_int_op(rv
, OP_EQ
, 0);
446 rv
= config_assign(get_options_mgr(), result
->opt
, cl
, 0, &msg
);
448 /* Display the parse error message by comparing it with an empty string */
449 tt_str_op(msg
, OP_EQ
, "");
451 tt_int_op(rv
, OP_EQ
, 0);
452 config_free_lines(cl
);
453 result
->opt
->LogTimeGranularity
= 1;
454 result
->opt
->TokenBucketRefillInterval
= 1;
455 rv
= config_get_lines("", &cl
, 1);
456 tt_int_op(rv
, OP_EQ
, 0);
459 config_free_lines(cl
);
461 free_options_test_data(result
);
463 /* Callers expect a non-NULL result, so just die if we can't provide one.
471 free_options_test_data(options_test_data_t
*td
)
474 or_options_free(td
->opt
);
479 test_options_validate__uname_for_server(void *ignored
)
485 int unset_home_env
= 0;
486 if (setenv("HOME", "/home/john", 0) == 0)
490 options_test_data_t
*tdata
= get_options_test_data(
491 "ORPort 127.0.0.1:5555\n"
492 "ContactInfo nobody@example.com");
493 setup_capture_of_logs(LOG_WARN
);
495 MOCK(get_uname
, fixed_get_uname
);
496 fixed_get_uname_result
= "Windows 95";
497 options_validate(NULL
, tdata
->opt
, &msg
);
498 expect_log_msg("Tor is running as a server, but you"
499 " are running Windows 95; this probably won't work. See https://www"
500 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
503 fixed_get_uname_result
= "Windows 98";
504 mock_clean_saved_logs();
505 options_validate(NULL
, tdata
->opt
, &msg
);
506 expect_log_msg("Tor is running as a server, but you"
507 " are running Windows 98; this probably won't work. See https://www"
508 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
511 fixed_get_uname_result
= "Windows Me";
512 mock_clean_saved_logs();
513 options_validate(NULL
, tdata
->opt
, &msg
);
514 expect_log_msg("Tor is running as a server, but you"
515 " are running Windows Me; this probably won't work. See https://www"
516 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
519 fixed_get_uname_result
= "Windows 2000";
520 mock_clean_saved_logs();
521 options_validate(NULL
, tdata
->opt
, &msg
);
522 expect_no_log_msg("Tor is running as a server, but you ");
527 free_options_test_data(tdata
);
529 teardown_capture_of_logs();
537 test_options_validate__outbound_addresses(void *ignored
)
542 options_test_data_t
*tdata
= get_options_test_data(
543 "OutboundBindAddress xxyy!!!sdfaf");
545 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
546 tt_int_op(ret
, OP_EQ
, -1);
547 tt_str_op(msg
, OP_EQ
, "Multiple outbound bind addresses configured: "
551 free_options_test_data(tdata
);
556 test_options_validate__data_directory(void *ignored
)
561 options_test_data_t
*tdata
= get_options_test_data(
562 "DataDirectory longreallyl"
563 "ongLONGLONGlongreallylong"
564 "LONGLONGlongreallylongLON"
565 "GLONGlongreallylongLONGLO"
566 "NGlongreallylongLONGLONGl"
567 "ongreallylongLONGLONGlong"
568 "reallylongLONGLONGlongrea"
569 "llylongLONGLONGlongreally"
570 "longLONGLONGlongreallylon"
571 "gLONGLONGlongreallylongLO"
572 "NGLONGlongreallylongLONGL"
573 "ONGlongreallylongLONGLONG"
574 "longreallylongLONGLONGlon"
575 "greallylongLONGLONGlongre"
576 "allylongLONGLONGlongreall"
577 "ylongLONGLONGlongreallylo"
578 "ngLONGLONGlongreallylongL"
579 "ONGLONGlongreallylongLONG"
580 "LONG"); // 440 characters
582 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
583 tt_int_op(ret
, OP_EQ
, -1);
584 tt_str_op(msg
, OP_EQ
, "Invalid DataDirectory");
587 free_options_test_data(tdata
);
592 test_options_validate__nickname(void *ignored
)
597 options_test_data_t
*tdata
= get_options_test_data(
598 "Nickname ThisNickNameIsABitTooLong");
600 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
601 tt_int_op(ret
, OP_EQ
, -1);
602 tt_str_op(msg
, OP_EQ
,
603 "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between "
604 "1 and 19 characters inclusive, and must contain only the "
605 "characters [a-zA-Z0-9].");
608 free_options_test_data(tdata
);
609 tdata
= get_options_test_data("Nickname AMoreValidNick");
610 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
611 tt_int_op(ret
, OP_EQ
, 0);
614 free_options_test_data(tdata
);
615 tdata
= get_options_test_data("DataDirectory /tmp/somewhere");
616 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
617 tt_int_op(ret
, OP_EQ
, 0);
620 free_options_test_data(tdata
);
625 test_options_validate__contactinfo(void *ignored
)
630 options_test_data_t
*tdata
= get_options_test_data(
631 "ORPort 127.0.0.1:5555");
632 setup_capture_of_logs(LOG_DEBUG
);
633 tdata
->opt
->ContactInfo
= NULL
;
635 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
636 tt_int_op(ret
, OP_EQ
, 0);
638 "Your ContactInfo config option is not set. Please strongly "
639 "consider setting it, so we can contact you if your relay is "
640 "misconfigured, end-of-life, or something else goes wrong. It "
641 "is also possible that your relay might get rejected from the "
642 "network due to a missing valid contact address.\n");
645 free_options_test_data(tdata
);
646 tdata
= get_options_test_data("ORPort 127.0.0.1:5555\n"
647 "ContactInfo hella@example.org");
648 mock_clean_saved_logs();
649 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
650 tt_int_op(ret
, OP_EQ
, 0);
652 "Your ContactInfo config option is not set. Please strongly "
653 "consider setting it, so we can contact you if your relay is "
654 "misconfigured, end-of-life, or something else goes wrong. It "
655 "is also possible that your relay might get rejected from the "
656 "network due to a missing valid contact address.\n");
660 teardown_capture_of_logs();
661 free_options_test_data(tdata
);
666 test_options_validate__logs(void *ignored
)
672 int orig_quiet_level
= quiet_level
;
673 options_test_data_t
*tdata
= get_options_test_data("");
674 tdata
->opt
->Logs
= NULL
;
675 tdata
->opt
->RunAsDaemon
= 0;
677 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
678 tt_assert(!tdata
->opt
->Logs
);
680 tt_int_op(ret
, OP_EQ
, 0);
682 free_options_test_data(tdata
);
683 tdata
= get_options_test_data("");
684 tdata
->opt
->Logs
= NULL
;
685 tdata
->opt
->RunAsDaemon
= 0;
687 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
688 tt_assert(!tdata
->opt
->Logs
);
690 tt_int_op(ret
, OP_EQ
, 0);
692 free_options_test_data(tdata
);
693 tdata
= get_options_test_data("");
694 tdata
->opt
->Logs
= NULL
;
695 tdata
->opt
->RunAsDaemon
= 0;
697 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
698 tt_assert(!tdata
->opt
->Logs
);
700 tt_int_op(ret
, OP_EQ
, 0);
702 free_options_test_data(tdata
);
703 tdata
= get_options_test_data("");
704 tdata
->opt
->Logs
= NULL
;
705 tdata
->opt
->RunAsDaemon
= 0;
706 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
707 tt_assert(!tdata
->opt
->Logs
);
709 tt_int_op(ret
, OP_EQ
, 0);
711 free_options_test_data(tdata
);
712 tdata
= get_options_test_data("");
713 tdata
->opt
->Logs
= NULL
;
714 tdata
->opt
->RunAsDaemon
= 1;
715 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
716 tt_assert(!tdata
->opt
->Logs
);
719 /* Can't RunAsDaemon on Windows. */
720 tt_int_op(ret
, OP_EQ
, -1);
722 tt_int_op(ret
, OP_EQ
, 0);
723 #endif /* defined(_WIN32) */
725 free_options_test_data(tdata
);
726 tdata
= get_options_test_data("");
727 tdata
->opt
->RunAsDaemon
= 0;
728 config_line_t
*cl
=NULL
;
729 config_get_lines("Log foo", &cl
, 1);
730 tdata
->opt
->Logs
= cl
;
731 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
732 tt_int_op((intptr_t)tdata
->opt
->Logs
, OP_EQ
, (intptr_t)cl
);
733 tt_int_op(ret
, OP_EQ
, -1);
736 quiet_level
= orig_quiet_level
;
737 free_options_test_data(tdata
);
741 /* static config_line_t * */
742 /* mock_config_line(const char *key, const char *val) */
744 /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
745 /* memset(config_line, 0, sizeof(config_line_t)); */
746 /* config_line->key = tor_strdup(key); */
747 /* config_line->value = tor_strdup(val); */
748 /* return config_line; */
752 test_options_validate__authdir(void *ignored
)
757 setup_capture_of_logs(LOG_INFO
);
758 options_test_data_t
*tdata
= get_options_test_data(
759 ENABLE_AUTHORITY_V3_MIN
760 "Address this.should.not!exist!.example.org");
761 const dirauth_options_t
*da_opt
;
763 sandbox_disable_getaddrinfo_cache();
765 MOCK(tor_addr_lookup
, mock_tor_addr_lookup__fail_on_bad_addrs
);
766 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
767 UNMOCK(tor_addr_lookup
);
768 tt_int_op(ret
, OP_EQ
, -1);
769 tt_str_op(msg
, OP_EQ
, "Failed to resolve/guess local address. See logs for"
771 expect_log_msg("Could not resolve local Address "
772 "'this.should.not!exist!.example.org'. Failing.\n");
775 free_options_test_data(tdata
);
776 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3_MIN
777 "Address 100.200.10.1");
778 mock_clean_saved_logs();
779 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
780 tt_int_op(ret
, OP_EQ
, -1);
781 tt_str_op(msg
, OP_EQ
, "Authoritative directory servers must set "
785 free_options_test_data(tdata
);
786 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3_MIN
787 "Address 100.200.10.1\n");
788 mock_clean_saved_logs();
789 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
790 tt_int_op(ret
, OP_EQ
, -1);
791 tt_str_op(msg
, OP_EQ
,
792 "Authoritative directory servers must set ContactInfo");
795 free_options_test_data(tdata
);
796 tdata
= get_options_test_data(ENABLE_AUTHORITY_MIN
797 "Address 100.200.10.1\n"
798 "TestingTorNetwork 1\n");
799 mock_clean_saved_logs();
800 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
801 tt_int_op(ret
, OP_EQ
, -1);
802 tt_str_op(msg
, OP_EQ
, "AuthoritativeDir is set, but none of (Bridge/V3)"
803 "AuthoritativeDir is set.");
806 free_options_test_data(tdata
);
807 tdata
= get_options_test_data(ENABLE_AUTHORITY
);
808 mock_clean_saved_logs();
809 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
810 tt_int_op(ret
, OP_EQ
, -1);
811 tt_str_op(msg
, OP_EQ
, "AuthoritativeDir is set, but none of (Bridge/V3)"
812 "AuthoritativeDir is set.");
815 free_options_test_data(tdata
);
816 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
817 "RecommendedVersions 1.2, 3.14\n");
818 mock_clean_saved_logs();
819 options_validate(NULL
, tdata
->opt
, &msg
);
820 da_opt
= get_dirauth_options(tdata
->opt
);
821 tt_str_op(da_opt
->RecommendedClientVersions
->value
, OP_EQ
, "1.2, 3.14");
822 tt_str_op(da_opt
->RecommendedServerVersions
->value
, OP_EQ
, "1.2, 3.14");
825 free_options_test_data(tdata
);
826 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
827 "RecommendedVersions 1.2, 3.14\n"
828 "RecommendedClientVersions 25\n"
829 "RecommendedServerVersions 4.18\n");
830 mock_clean_saved_logs();
831 options_validate(NULL
, tdata
->opt
, &msg
);
832 da_opt
= get_dirauth_options(tdata
->opt
);
833 tt_str_op(da_opt
->RecommendedClientVersions
->value
, OP_EQ
, "25");
834 tt_str_op(da_opt
->RecommendedServerVersions
->value
, OP_EQ
, "4.18");
837 free_options_test_data(tdata
);
838 tdata
= get_options_test_data(ENABLE_AUTHORITY
839 "VersioningAuthoritativeDirectory 1\n"
840 "RecommendedVersions 1.2, 3.14\n"
841 "RecommendedClientVersions 25\n"
842 "RecommendedServerVersions 4.18\n");
843 mock_clean_saved_logs();
844 options_validate(NULL
, tdata
->opt
, &msg
);
845 da_opt
= get_dirauth_options(tdata
->opt
);
846 tt_str_op(msg
, OP_EQ
, "AuthoritativeDir is set, but none of (Bridge/V3)"
847 "AuthoritativeDir is set.");
850 free_options_test_data(tdata
);
851 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
852 "VersioningAuthoritativeDirectory 1\n"
853 "RecommendedServerVersions 4.18\n");
854 mock_clean_saved_logs();
855 options_validate(NULL
, tdata
->opt
, &msg
);
856 da_opt
= get_dirauth_options(tdata
->opt
);
857 tt_str_op(msg
, OP_EQ
, "Versioning authoritative dir servers must set "
858 "Recommended*Versions.");
861 free_options_test_data(tdata
);
862 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
863 "VersioningAuthoritativeDirectory 1\n"
864 "RecommendedClientVersions 4.18\n");
865 mock_clean_saved_logs();
866 options_validate(NULL
, tdata
->opt
, &msg
);
867 da_opt
= get_dirauth_options(tdata
->opt
);
868 tt_str_op(msg
, OP_EQ
, "Versioning authoritative dir servers must set "
869 "Recommended*Versions.");
873 free_options_test_data(tdata
);
874 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
875 "UseEntryGuards 1\n");
876 mock_clean_saved_logs();
877 options_validate(NULL
, tdata
->opt
, &msg
);
878 expect_log_msg("Authoritative directory servers "
879 "can't set UseEntryGuards. Disabling.\n");
880 tt_int_op(tdata
->opt
->UseEntryGuards
, OP_EQ
, 0);
883 free_options_test_data(tdata
);
884 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
885 "DownloadExtraInfo 0\n");
886 mock_clean_saved_logs();
887 options_validate(NULL
, tdata
->opt
, &msg
);
888 expect_log_msg("Authoritative directories always try"
889 " to download extra-info documents. Setting DownloadExtraInfo.\n");
890 tt_int_op(tdata
->opt
->DownloadExtraInfo
, OP_EQ
, 1);
893 free_options_test_data(tdata
);
894 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
895 "V3BandwidthsFile non-existent-file\n");
896 mock_clean_saved_logs();
897 options_validate(NULL
, tdata
->opt
, &msg
);
898 expect_log_msg("Can't open bandwidth file at configured location: "
899 "non-existent-file\n");
902 free_options_test_data(tdata
);
903 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
904 "GuardfractionFile non-existent-file\n");
905 mock_clean_saved_logs();
906 options_validate(NULL
, tdata
->opt
, &msg
);
907 expect_log_msg("Cannot open guardfraction file 'non-existent-file'. "
911 free_options_test_data(tdata
);
912 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3_MIN
913 "Address 100.200.10.1\n"
915 "ContactInfo hello@hello.com\n");
916 mock_clean_saved_logs();
917 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
918 tt_int_op(ret
, OP_EQ
, -1);
919 tt_str_op(msg
, OP_EQ
,
920 "Running as authoritative directory, but no DirPort set.");
923 free_options_test_data(tdata
);
924 tdata
= get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
925 "Address 100.200.10.1\n"
927 "ContactInfo hello@hello.com\n");
928 mock_clean_saved_logs();
929 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
930 tt_int_op(ret
, OP_EQ
, -1);
931 tt_str_op(msg
, OP_EQ
,
932 "Running as authoritative directory, but no DirPort set.");
935 free_options_test_data(tdata
);
936 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3_MIN
937 "Address 100.200.10.1\n"
939 "ContactInfo hello@hello.com\n");
940 mock_clean_saved_logs();
941 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
942 tt_int_op(ret
, OP_EQ
, -1);
943 tt_str_op(msg
, OP_EQ
,
944 "Running as authoritative directory, but no ORPort set.");
947 free_options_test_data(tdata
);
948 tdata
= get_options_test_data(ENABLE_AUTHORITY_BRIDGE_MIN
949 "Address 100.200.10.1\n"
951 "ContactInfo hello@hello.com\n");
952 mock_clean_saved_logs();
953 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
954 tt_int_op(ret
, OP_EQ
, -1);
955 tt_str_op(msg
, OP_EQ
,
956 "Running as authoritative directory, but no ORPort set.");
959 free_options_test_data(tdata
);
960 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
962 /* We have to call the dirauth-specific function, and fake port parsing,
963 * to hit this case */
964 tdata
->opt
->DirPort_set
= 1;
965 tdata
->opt
->ORPort_set
= 1;
966 mock_clean_saved_logs();
967 ret
= options_validate_dirauth_mode(NULL
, tdata
->opt
, &msg
);
968 tt_int_op(ret
, OP_EQ
, -1);
969 tt_str_op(msg
, OP_EQ
, "Running as authoritative directory, "
970 "but ClientOnly also set.");
973 free_options_test_data(tdata
);
974 tdata
= get_options_test_data(ENABLE_AUTHORITY_BRIDGE
976 /* We have to call the dirauth-specific function, and fake port parsing,
977 * to hit this case */
978 tdata
->opt
->DirPort_set
= 1;
979 tdata
->opt
->ORPort_set
= 1;
980 mock_clean_saved_logs();
981 ret
= options_validate_dirauth_mode(NULL
, tdata
->opt
, &msg
);
982 tt_int_op(ret
, OP_EQ
, -1);
983 tt_str_op(msg
, OP_EQ
, "Running as authoritative directory, "
984 "but ClientOnly also set.");
988 teardown_capture_of_logs();
989 // sandbox_free_getaddrinfo_cache();
990 free_options_test_data(tdata
);
995 test_options_validate__relay_with_hidden_services(void *ignored
)
1000 setup_capture_of_logs(LOG_DEBUG
);
1001 options_test_data_t
*tdata
= get_options_test_data(
1002 "ORPort 127.0.0.1:5555\n"
1004 "/Library/Tor/var/lib/tor/hidden_service/\n"
1005 "HiddenServicePort 80 127.0.0.1:8080\n"
1008 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1009 tt_int_op(ret
, OP_EQ
, 0);
1011 "Tor is currently configured as a relay and a hidden service. "
1012 "That's not very secure: you should probably run your hidden servi"
1013 "ce in a separate Tor process, at least -- see "
1014 "https://bugs.torproject.org/tpo/core/tor/8742.\n");
1017 teardown_capture_of_logs();
1018 free_options_test_data(tdata
);
1023 test_options_validate__listen_ports(void *ignored
)
1028 setup_capture_of_logs(LOG_WARN
);
1029 options_test_data_t
*tdata
= get_options_test_data("SOCKSPort 0");
1030 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1031 tt_int_op(ret
, OP_EQ
, 0);
1032 expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort "
1033 "are all undefined, and there aren't any hidden services "
1035 " Tor will still run, but probably won't do anything.\n");
1037 teardown_capture_of_logs();
1038 free_options_test_data(tdata
);
1043 test_options_validate__transproxy(void *ignored
)
1048 options_test_data_t
*tdata
;
1050 #ifdef USE_TRANSPARENT
1051 // Test default trans proxy
1052 tdata
= get_options_test_data("TransProxyType default\n");
1054 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1055 tt_int_op(ret
, OP_EQ
, 0);
1056 tt_int_op(tdata
->opt
->TransProxyType_parsed
, OP_EQ
, TPT_DEFAULT
);
1059 // Test pf-divert trans proxy
1060 free_options_test_data(tdata
);
1061 tdata
= get_options_test_data("TransProxyType pf-divert\n");
1062 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1063 tt_int_op(ret
, OP_EQ
, -1);
1065 #if !defined(OpenBSD) && !defined(DARWIN)
1066 tt_str_op(msg
, OP_EQ
,
1067 "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
1069 tt_int_op(tdata
->opt
->TransProxyType_parsed
, OP_EQ
, TPT_PF_DIVERT
);
1070 tt_str_op(msg
, OP_EQ
, "Cannot use TransProxyType without "
1071 "any valid TransPort.");
1072 #endif /* !defined(OpenBSD) && !defined(DARWIN) */
1075 // Test tproxy trans proxy
1076 free_options_test_data(tdata
);
1077 tdata
= get_options_test_data("TransProxyType tproxy\n");
1078 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1079 tt_int_op(ret
, OP_EQ
, -1);
1081 #if !defined(__linux__)
1082 tt_str_op(msg
, OP_EQ
, "TPROXY is a Linux-specific feature.");
1084 tt_int_op(tdata
->opt
->TransProxyType_parsed
, OP_EQ
, TPT_TPROXY
);
1085 tt_str_op(msg
, OP_EQ
, "Cannot use TransProxyType without any valid "
1087 #endif /* !defined(__linux__) */
1090 // Test ipfw trans proxy
1091 free_options_test_data(tdata
);
1092 tdata
= get_options_test_data("TransProxyType ipfw\n");
1093 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1094 tt_int_op(ret
, OP_EQ
, -1);
1096 #ifndef KERNEL_MAY_SUPPORT_IPFW
1097 tt_str_op(msg
, OP_EQ
, "ipfw is a FreeBSD-specific and OS X/Darwin-specific "
1100 tt_int_op(tdata
->opt
->TransProxyType_parsed
, OP_EQ
, TPT_IPFW
);
1101 tt_str_op(msg
, OP_EQ
, "Cannot use TransProxyType without any valid "
1103 #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */
1106 // Test unknown trans proxy
1107 free_options_test_data(tdata
);
1108 tdata
= get_options_test_data("TransProxyType non-existent\n");
1109 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1110 tt_int_op(ret
, OP_EQ
, -1);
1111 tt_str_op(msg
, OP_EQ
, "Unrecognized value for TransProxyType");
1114 // Test trans proxy success
1115 free_options_test_data(tdata
);
1118 #if defined(__linux__)
1119 tdata
= get_options_test_data("TransProxyType tproxy\n"
1120 "TransPort 127.0.0.1:123\n");
1121 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1122 tt_int_op(ret
, OP_EQ
, 0);
1123 #elif defined(KERNEL_MAY_SUPPORT_IPFW)
1124 tdata
= get_options_test_data("TransProxyType ipfw\n"
1125 "TransPort 127.0.0.1:123\n");
1126 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1127 tt_int_op(ret
, OP_EQ
, 0);
1129 #elif defined(OpenBSD)
1130 tdata
= get_options_test_data("TransProxyType pf-divert\n"
1131 "TransPort 127.0.0.1:123\n");
1132 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1133 tt_int_op(ret
, OP_EQ
, 0);
1135 #elif defined(__NetBSD__)
1136 tdata
= get_options_test_data("TransProxyType default\n"
1137 "TransPort 127.0.0.1:123\n");
1138 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1139 tt_int_op(ret
, OP_EQ
, 0);
1141 #endif /* defined(__linux__) || ... */
1143 // Assert that a test has run for some TransProxyType
1146 #else /* !defined(USE_TRANSPARENT) */
1147 tdata
= get_options_test_data("TransPort 127.0.0.1:555\n");
1149 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1150 tt_int_op(ret
, OP_EQ
, -1);
1151 tt_str_op(msg
, OP_EQ
, "TransPort is disabled in this build.");
1153 #endif /* defined(USE_TRANSPARENT) */
1156 free_options_test_data(tdata
);
1160 static country_t
opt_tests_geoip_get_country(const char *country
);
1161 ATTR_UNUSED
static int opt_tests_geoip_get_country_called
= 0;
1164 opt_tests_geoip_get_country(const char *countrycode
)
1167 opt_tests_geoip_get_country_called
++;
1173 test_options_validate__exclude_nodes(void *ignored
)
1177 MOCK(geoip_get_country
,
1178 opt_tests_geoip_get_country
);
1182 setup_capture_of_logs(LOG_WARN
);
1183 options_test_data_t
*tdata
= get_options_test_data(
1184 "ExcludeExitNodes {us}\n");
1186 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1187 tt_int_op(ret
, OP_EQ
, 0);
1188 tt_int_op(smartlist_len(tdata
->opt
->ExcludeExitNodesUnion_
->list
), OP_EQ
, 1);
1190 (smartlist_get(tdata
->opt
->ExcludeExitNodesUnion_
->list
, 0)),
1194 free_options_test_data(tdata
);
1195 tdata
= get_options_test_data("ExcludeNodes {cn}\n");
1196 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1197 tt_int_op(ret
, OP_EQ
, 0);
1198 tt_int_op(smartlist_len(tdata
->opt
->ExcludeExitNodesUnion_
->list
), OP_EQ
, 1);
1200 (smartlist_get(tdata
->opt
->ExcludeExitNodesUnion_
->list
, 0)),
1204 free_options_test_data(tdata
);
1205 tdata
= get_options_test_data("ExcludeNodes {cn}\n"
1206 "ExcludeExitNodes {us} {cn}\n");
1207 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1208 tt_int_op(ret
, OP_EQ
, 0);
1209 tt_int_op(smartlist_len(tdata
->opt
->ExcludeExitNodesUnion_
->list
), OP_EQ
, 2);
1211 (smartlist_get(tdata
->opt
->ExcludeExitNodesUnion_
->list
, 0)),
1212 OP_EQ
, "{us} {cn}");
1214 (smartlist_get(tdata
->opt
->ExcludeExitNodesUnion_
->list
, 1)),
1218 free_options_test_data(tdata
);
1219 tdata
= get_options_test_data("ExcludeNodes {cn}\n"
1221 mock_clean_saved_logs();
1222 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1223 tt_int_op(ret
, OP_EQ
, 0);
1225 "You have asked to exclude certain relays from all positions "
1226 "in your circuits. Expect hidden services and other Tor "
1227 "features to be broken in unpredictable ways.\n");
1230 free_options_test_data(tdata
);
1231 tdata
= get_options_test_data("ExcludeNodes {cn}\n");
1232 mock_clean_saved_logs();
1233 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1234 tt_int_op(ret
, OP_EQ
, 0);
1236 "You have asked to exclude certain relays from all positions "
1237 "in your circuits. Expect hidden services and other Tor "
1238 "features to be broken in unpredictable ways.\n");
1242 UNMOCK(geoip_get_country
);
1243 teardown_capture_of_logs();
1244 free_options_test_data(tdata
);
1249 test_options_validate__node_families(void *ignored
)
1254 options_test_data_t
*tdata
= get_options_test_data(
1255 "NodeFamily flux, flax\n"
1256 "NodeFamily somewhere\n");
1258 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1259 tt_int_op(ret
, OP_EQ
, 0);
1260 tt_assert(tdata
->opt
->NodeFamilySets
);
1261 tt_int_op(smartlist_len(tdata
->opt
->NodeFamilySets
), OP_EQ
, 2);
1262 tt_str_op((char *)(smartlist_get(
1263 ((routerset_t
*)smartlist_get(tdata
->opt
->NodeFamilySets
, 0))->list
, 0)),
1265 tt_str_op((char *)(smartlist_get(
1266 ((routerset_t
*)smartlist_get(tdata
->opt
->NodeFamilySets
, 0))->list
, 1)),
1268 tt_str_op((char *)(smartlist_get(
1269 ((routerset_t
*)smartlist_get(tdata
->opt
->NodeFamilySets
, 1))->list
, 0)),
1270 OP_EQ
, "somewhere");
1273 free_options_test_data(tdata
);
1274 tdata
= get_options_test_data("");
1276 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1277 tt_int_op(ret
, OP_EQ
, 0);
1278 tt_assert(!tdata
->opt
->NodeFamilySets
);
1281 free_options_test_data(tdata
);
1282 tdata
= get_options_test_data("NodeFamily !flux\n");
1284 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1285 tt_int_op(ret
, OP_EQ
, -1);
1286 tt_assert(tdata
->opt
->NodeFamilySets
);
1287 tt_int_op(smartlist_len(tdata
->opt
->NodeFamilySets
), OP_EQ
, 0);
1291 free_options_test_data(tdata
);
1296 test_options_validate__token_bucket(void *ignored
)
1301 options_test_data_t
*tdata
= get_options_test_data("");
1303 tdata
->opt
->TokenBucketRefillInterval
= 0;
1304 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1305 tt_int_op(ret
, OP_EQ
, -1);
1306 tt_str_op(msg
, OP_EQ
,
1307 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1310 tdata
->opt
->TokenBucketRefillInterval
= 1001;
1311 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1312 tt_int_op(ret
, OP_EQ
, -1);
1313 tt_str_op(msg
, OP_EQ
,
1314 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1318 free_options_test_data(tdata
);
1323 test_options_validate__fetch_dir(void *ignored
)
1328 options_test_data_t
*tdata
= get_options_test_data(
1329 "FetchDirInfoExtraEarly 1\n"
1330 "FetchDirInfoEarly 0\n");
1332 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1333 tt_int_op(ret
, OP_EQ
, -1);
1334 tt_str_op(msg
, OP_EQ
, "FetchDirInfoExtraEarly requires that you"
1335 " also set FetchDirInfoEarly");
1338 free_options_test_data(tdata
);
1339 tdata
= get_options_test_data("FetchDirInfoExtraEarly 1\n"
1340 "FetchDirInfoEarly 1\n");
1342 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1343 tt_int_op(ret
, OP_EQ
, 0);
1347 free_options_test_data(tdata
);
1352 test_options_validate__conn_limit(void *ignored
)
1357 options_test_data_t
*tdata
= get_options_test_data(
1360 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1361 tt_int_op(ret
, OP_EQ
, -1);
1362 tt_str_op(msg
, OP_EQ
, "ConnLimit must be greater than 0, but was set to 0");
1365 free_options_test_data(tdata
);
1366 tdata
= get_options_test_data("ConnLimit 1\n");
1368 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1369 tt_int_op(ret
, OP_EQ
, 0);
1373 free_options_test_data(tdata
);
1378 test_options_validate__paths_needed(void *ignored
)
1385 int unset_home_env
= 0;
1386 if (setenv("HOME", "/home/john", 0) == 0)
1390 setup_capture_of_logs(LOG_WARN
);
1391 options_test_data_t
*tdata
= get_options_test_data(
1392 "PathsNeededToBuildCircuits 0.1\n");
1394 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1395 tt_int_op(ret
, OP_EQ
, 0);
1396 tt_assert(tdata
->opt
->PathsNeededToBuildCircuits
> 0.24 &&
1397 tdata
->opt
->PathsNeededToBuildCircuits
< 0.26);
1398 expect_log_msg("PathsNeededToBuildCircuits is too low. "
1399 "Increasing to 0.25\n");
1402 free_options_test_data(tdata
);
1403 mock_clean_saved_logs();
1404 tdata
= get_options_test_data("PathsNeededToBuildCircuits 0.99\n");
1406 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1407 tt_int_op(ret
, OP_EQ
, 0);
1408 tt_assert(tdata
->opt
->PathsNeededToBuildCircuits
> 0.94 &&
1409 tdata
->opt
->PathsNeededToBuildCircuits
< 0.96);
1410 expect_log_msg("PathsNeededToBuildCircuits is "
1411 "too high. Decreasing to 0.95\n");
1414 free_options_test_data(tdata
);
1415 mock_clean_saved_logs();
1416 tdata
= get_options_test_data("PathsNeededToBuildCircuits 0.91\n");
1418 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1419 tt_int_op(ret
, OP_EQ
, 0);
1420 tt_assert(tdata
->opt
->PathsNeededToBuildCircuits
> 0.90 &&
1421 tdata
->opt
->PathsNeededToBuildCircuits
< 0.92);
1422 expect_no_log_msg_containing("PathsNeededToBuildCircuits");
1426 teardown_capture_of_logs();
1427 free_options_test_data(tdata
);
1436 test_options_validate__max_client_circuits(void *ignored
)
1441 options_test_data_t
*tdata
= get_options_test_data(
1442 "MaxClientCircuitsPending 0\n");
1444 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1445 tt_int_op(ret
, OP_EQ
, -1);
1446 tt_str_op(msg
, OP_EQ
, "MaxClientCircuitsPending must be between 1 and 1024,"
1447 " but was set to 0");
1450 free_options_test_data(tdata
);
1451 tdata
= get_options_test_data("MaxClientCircuitsPending 1025\n");
1453 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1454 tt_int_op(ret
, OP_EQ
, -1);
1455 tt_str_op(msg
, OP_EQ
, "MaxClientCircuitsPending must be between 1 and 1024,"
1456 " but was set to 1025");
1459 free_options_test_data(tdata
);
1460 tdata
= get_options_test_data("MaxClientCircuitsPending 1\n");
1462 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1463 tt_int_op(ret
, OP_EQ
, 0);
1467 free_options_test_data(tdata
);
1472 test_options_validate__ports(void *ignored
)
1477 options_test_data_t
*tdata
= get_options_test_data("FirewallPorts 65537\n");
1479 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1480 tt_int_op(ret
, OP_EQ
, -1);
1481 tt_str_op(msg
, OP_EQ
, "Port '65537' out of range in FirewallPorts");
1484 free_options_test_data(tdata
);
1485 tdata
= get_options_test_data("FirewallPorts 1\n"
1486 "LongLivedPorts 124444\n");
1488 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1489 tt_int_op(ret
, OP_EQ
, -1);
1490 tt_str_op(msg
, OP_EQ
, "Port '124444' out of range in LongLivedPorts");
1493 free_options_test_data(tdata
);
1494 tdata
= get_options_test_data("FirewallPorts 1\n"
1495 "LongLivedPorts 2\n"
1496 "RejectPlaintextPorts 112233\n");
1498 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1499 tt_int_op(ret
, OP_EQ
, -1);
1500 tt_str_op(msg
, OP_EQ
, "Port '112233' out of range in RejectPlaintextPorts");
1503 free_options_test_data(tdata
);
1504 tdata
= get_options_test_data("FirewallPorts 1\n"
1505 "LongLivedPorts 2\n"
1506 "RejectPlaintextPorts 3\n"
1507 "WarnPlaintextPorts 65536\n");
1509 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1510 tt_int_op(ret
, OP_EQ
, -1);
1511 tt_str_op(msg
, OP_EQ
, "Port '65536' out of range in WarnPlaintextPorts");
1514 free_options_test_data(tdata
);
1515 tdata
= get_options_test_data("FirewallPorts 1\n"
1516 "LongLivedPorts 2\n"
1517 "RejectPlaintextPorts 3\n"
1518 "WarnPlaintextPorts 4\n");
1520 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1521 tt_int_op(ret
, OP_EQ
, 0);
1525 free_options_test_data(tdata
);
1530 test_options_validate__reachable_addresses(void *ignored
)
1535 setup_capture_of_logs(LOG_NOTICE
);
1536 options_test_data_t
*tdata
= get_options_test_data("FascistFirewall 1\n");
1538 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1539 tt_int_op(ret
, OP_EQ
, 0);
1540 expect_log_msg("Converting FascistFirewall config "
1541 "option to new format: \"ReachableDirAddresses *:80\"\n");
1542 tt_str_op(tdata
->opt
->ReachableDirAddresses
->value
, OP_EQ
, "*:80");
1543 expect_log_msg("Converting FascistFirewall config "
1544 "option to new format: \"ReachableORAddresses *:443\"\n");
1545 tt_str_op(tdata
->opt
->ReachableORAddresses
->value
, OP_EQ
, "*:443");
1548 free_options_test_data(tdata
);
1549 mock_clean_saved_logs();
1550 tdata
= get_options_test_data("FascistFirewall 1\n"
1551 "ReachableDirAddresses *:81\n"
1552 "ReachableORAddresses *:444\n");
1553 tt_assert(tdata
->opt
->FirewallPorts
);
1554 SMARTLIST_FOREACH(tdata
->opt
->FirewallPorts
, char *, cp
, tor_free(cp
));
1555 smartlist_clear(tdata
->opt
->FirewallPorts
);
1556 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1557 tt_int_op(ret
, OP_EQ
, 0);
1559 /* This does not actually produce any logs, and did not produce any relevant
1563 tt_str_op(tdata
->opt
->ReachableDirAddresses
->value
, OP_EQ
, "*:81");
1564 tt_str_op(tdata
->opt
->ReachableORAddresses
->value
, OP_EQ
, "*:444");
1567 free_options_test_data(tdata
);
1568 mock_clean_saved_logs();
1569 tdata
= get_options_test_data("FascistFirewall 1\n"
1570 "FirewallPort 123\n");
1572 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1573 tt_int_op(ret
, OP_EQ
, 0);
1574 expect_log_msg("Converting FascistFirewall and "
1575 "FirewallPorts config options to new format: "
1576 "\"ReachableAddresses *:123\"\n");
1577 tt_str_op(tdata
->opt
->ReachableAddresses
->value
, OP_EQ
, "*:123");
1580 free_options_test_data(tdata
);
1581 mock_clean_saved_logs();
1582 tdata
= get_options_test_data("FascistFirewall 1\n"
1583 "ReachableAddresses *:82\n"
1584 "ReachableAddresses *:83\n"
1585 "ReachableAddresses reject *:*\n");
1587 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1588 tt_int_op(ret
, OP_EQ
, 0);
1590 /* This does not actually produce any logs, and did not produce any relevant
1594 tt_str_op(tdata
->opt
->ReachableAddresses
->value
, OP_EQ
, "*:82");
1597 free_options_test_data(tdata
);
1598 mock_clean_saved_logs();
1599 tdata
= get_options_test_data("FascistFirewall 1\n"
1600 "ReachableAddresses *:82\n");
1602 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1603 tt_int_op(ret
, OP_EQ
, 0);
1604 tt_ptr_op(tdata
->opt
->ReachableAddresses
->next
, OP_EQ
, NULL
);
1607 #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
1608 " the rest of the Internet, so they must not set Reachable*Addresses or" \
1609 " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
1611 free_options_test_data(tdata
);
1612 tdata
= get_options_test_data("ReachableAddresses *:82\n"
1613 "ORPort 127.0.0.1:5555\n");
1615 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1616 tt_int_op(ret
, OP_EQ
, -1);
1617 tt_str_op(msg
, OP_EQ
, SERVERS_REACHABLE_MSG
);
1620 free_options_test_data(tdata
);
1621 tdata
= get_options_test_data("ReachableORAddresses *:82\n"
1622 "ORPort 127.0.0.1:5555\n");
1624 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1625 tt_int_op(ret
, OP_EQ
, -1);
1626 tt_str_op(msg
, OP_EQ
, SERVERS_REACHABLE_MSG
);
1629 free_options_test_data(tdata
);
1630 tdata
= get_options_test_data("ReachableDirAddresses *:82\n"
1631 "ORPort 127.0.0.1:5555\n");
1633 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1634 tt_int_op(ret
, OP_EQ
, -1);
1635 tt_str_op(msg
, OP_EQ
, SERVERS_REACHABLE_MSG
);
1638 free_options_test_data(tdata
);
1639 tdata
= get_options_test_data("ClientUseIPv4 0\n"
1640 "ORPort 127.0.0.1:5555\n");
1642 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1643 tt_int_op(ret
, OP_EQ
, -1);
1644 tt_str_op(msg
, OP_EQ
, SERVERS_REACHABLE_MSG
);
1647 /* Test IPv4-only clients setting IPv6 preferences */
1649 free_options_test_data(tdata
);
1650 tdata
= get_options_test_data("ClientUseIPv4 1\n"
1653 "ClientPreferIPv6ORPort 1\n");
1655 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1656 tt_int_op(ret
, OP_EQ
, 0);
1659 free_options_test_data(tdata
);
1660 tdata
= get_options_test_data("ClientUseIPv4 1\n"
1663 "ClientPreferIPv6DirPort 1\n");
1665 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1666 tt_int_op(ret
, OP_EQ
, 0);
1669 /* Now test an IPv4/IPv6 client setting IPv6 preferences */
1671 free_options_test_data(tdata
);
1672 tdata
= get_options_test_data("ClientUseIPv4 1\n"
1674 "ClientPreferIPv6ORPort 1\n"
1675 "ClientPreferIPv6DirPort 1\n");
1677 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1678 tt_int_op(ret
, OP_EQ
, 0);
1679 tt_ptr_op(msg
, OP_EQ
, NULL
);
1681 /* Now test an IPv6 client setting IPv6 preferences */
1683 free_options_test_data(tdata
);
1684 tdata
= get_options_test_data("ClientUseIPv6 1\n"
1685 "ClientPreferIPv6ORPort 1\n"
1686 "ClientPreferIPv6DirPort 1\n");
1688 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1689 tt_int_op(ret
, OP_EQ
, 0);
1690 tt_ptr_op(msg
, OP_EQ
, NULL
);
1692 /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
1694 free_options_test_data(tdata
);
1695 tdata
= get_options_test_data("ClientUseIPv4 0\n"
1696 "ClientPreferIPv6ORPort 1\n"
1697 "ClientPreferIPv6DirPort 1\n");
1699 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1700 tt_int_op(ret
, OP_EQ
, 0);
1701 tt_ptr_op(msg
, OP_EQ
, NULL
);
1703 /* And an implicit (bridge) client setting IPv6 preferences */
1705 free_options_test_data(tdata
);
1706 tdata
= get_options_test_data("UseBridges 1\n"
1707 "Bridge 127.0.0.1:12345\n"
1708 "ClientPreferIPv6ORPort 1\n"
1709 "ClientPreferIPv6DirPort 1\n");
1711 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1712 tt_int_op(ret
, OP_EQ
, 0);
1713 tt_ptr_op(msg
, OP_EQ
, NULL
);
1716 teardown_capture_of_logs();
1717 free_options_test_data(tdata
);
1722 test_options_validate__use_bridges(void *ignored
)
1727 options_test_data_t
*tdata
= get_options_test_data(
1730 "ORPort 127.0.0.1:5555\n");
1732 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1733 tt_int_op(ret
, OP_EQ
, -1);
1734 tt_str_op(msg
, OP_EQ
, "Servers must be able to freely connect to the rest of"
1735 " the Internet, so they must not set UseBridges.");
1738 free_options_test_data(tdata
);
1739 tdata
= get_options_test_data("UseBridges 1\n");
1741 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1742 tt_int_op(ret
, OP_EQ
, -1);
1743 tt_str_op(msg
, OP_NE
, "Servers must be able to freely connect to the rest of"
1744 " the Internet, so they must not set UseBridges.");
1747 MOCK(geoip_get_country
,
1748 opt_tests_geoip_get_country
);
1749 free_options_test_data(tdata
);
1750 tdata
= get_options_test_data("UseBridges 1\n"
1751 "EntryNodes {cn}\n");
1753 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1754 tt_int_op(ret
, OP_EQ
, -1);
1755 tt_str_op(msg
, OP_EQ
, "You cannot set both UseBridges and EntryNodes.");
1758 free_options_test_data(tdata
);
1759 tdata
= get_options_test_data("UseBridges 1\n");
1761 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1762 tt_int_op(ret
, OP_EQ
, -1);
1763 tt_str_op(msg
, OP_EQ
,
1764 "If you set UseBridges, you must specify at least one bridge.");
1767 free_options_test_data(tdata
);
1768 tdata
= get_options_test_data("UseBridges 1\n"
1770 "UseEntryGuards 0\n"
1773 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1774 tt_int_op(ret
, OP_EQ
, -1);
1775 tt_str_op(msg
, OP_EQ
,
1776 "Setting UseBridges requires also setting UseEntryGuards.");
1779 free_options_test_data(tdata
);
1780 tdata
= get_options_test_data("UseBridges 1\n"
1785 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1786 tt_int_op(ret
, OP_EQ
, -1);
1787 tt_str_op(msg
, OP_EQ
, "Bridge line did not parse. See logs for details.");
1791 UNMOCK(geoip_get_country
);
1792 policies_free_all();
1793 free_options_test_data(tdata
);
1798 test_options_validate__entry_nodes(void *ignored
)
1803 MOCK(geoip_get_country
,
1804 opt_tests_geoip_get_country
);
1805 options_test_data_t
*tdata
= get_options_test_data(
1807 "UseEntryGuards 0\n");
1809 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1810 tt_int_op(ret
, OP_EQ
, -1);
1811 tt_str_op(msg
, OP_EQ
,
1812 "If EntryNodes is set, UseEntryGuards must be enabled.");
1815 free_options_test_data(tdata
);
1816 tdata
= get_options_test_data("EntryNodes {cn}\n"
1817 "UseEntryGuards 1\n");
1819 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1820 tt_int_op(ret
, OP_EQ
, 0);
1824 UNMOCK(geoip_get_country
);
1825 free_options_test_data(tdata
);
1830 test_options_validate__safe_logging(void *ignored
)
1835 options_test_data_t
*tdata
= get_options_test_data("SafeLogging 0\n");
1837 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1838 tt_int_op(ret
, OP_EQ
, 0);
1839 tt_int_op(tdata
->opt
->SafeLogging_
, OP_EQ
, SAFELOG_SCRUB_NONE
);
1842 free_options_test_data(tdata
);
1843 tdata
= get_options_test_data("SafeLogging 0\n");
1845 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1846 tt_int_op(ret
, OP_EQ
, 0);
1847 tt_int_op(tdata
->opt
->SafeLogging_
, OP_EQ
, SAFELOG_SCRUB_NONE
);
1850 free_options_test_data(tdata
);
1851 tdata
= get_options_test_data("SafeLogging Relay\n");
1853 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1854 tt_int_op(ret
, OP_EQ
, 0);
1855 tt_int_op(tdata
->opt
->SafeLogging_
, OP_EQ
, SAFELOG_SCRUB_RELAY
);
1858 free_options_test_data(tdata
);
1859 tdata
= get_options_test_data("SafeLogging 1\n");
1861 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1862 tt_int_op(ret
, OP_EQ
, 0);
1863 tt_int_op(tdata
->opt
->SafeLogging_
, OP_EQ
, SAFELOG_SCRUB_ALL
);
1866 free_options_test_data(tdata
);
1867 tdata
= get_options_test_data("SafeLogging stuffy\n");
1869 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1870 tt_int_op(ret
, OP_EQ
, -1);
1871 tt_str_op(msg
, OP_EQ
, "Unrecognized value '\"stuffy\"' in SafeLogging");
1875 escaped(NULL
); // This will free the leaking memory from the previous escaped
1876 free_options_test_data(tdata
);
1881 test_options_validate__publish_server_descriptor(void *ignored
)
1886 setup_capture_of_logs(LOG_WARN
);
1887 options_test_data_t
*tdata
= get_options_test_data(
1888 "PublishServerDescriptor bridge\n");
1890 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1891 tt_int_op(ret
, OP_EQ
, 0);
1894 free_options_test_data(tdata
);
1895 tdata
= get_options_test_data("PublishServerDescriptor humma\n");
1897 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1898 tt_int_op(ret
, OP_EQ
, -1);
1899 tt_str_op(msg
, OP_EQ
, "Unrecognized value in PublishServerDescriptor");
1902 free_options_test_data(tdata
);
1903 tdata
= get_options_test_data("PublishServerDescriptor bridge, v3\n");
1905 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1906 tt_int_op(ret
, OP_EQ
, -1);
1907 tt_str_op(msg
, OP_EQ
, "Bridges are not supposed to publish router "
1908 "descriptors to the directory authorities. Please correct your "
1909 "PublishServerDescriptor line.");
1912 free_options_test_data(tdata
);
1913 tdata
= get_options_test_data("BridgeRelay 1\n"
1914 "PublishServerDescriptor v3\n");
1916 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1917 tt_int_op(ret
, OP_EQ
, -1);
1918 tt_str_op(msg
, OP_EQ
, "Bridges are not supposed to publish router "
1919 "descriptors to the directory authorities. Please correct your "
1920 "PublishServerDescriptor line.");
1923 free_options_test_data(tdata
);
1924 tdata
= get_options_test_data("BridgeRelay 1\n");
1926 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
1927 tt_int_op(ret
, OP_EQ
, -1);
1928 tt_str_op(msg
, OP_NE
, "Bridges are not supposed to publish router "
1929 "descriptors to the directory authorities. Please correct your "
1930 "PublishServerDescriptor line.");
1934 teardown_capture_of_logs();
1935 policies_free_all();
1936 free_options_test_data(tdata
);
1941 test_options_validate__testing(void *ignored
)
1946 options_test_data_t
*tdata
= NULL
;
1948 #define ENSURE_DEFAULT(varname, varval) \
1950 free_options_test_data(tdata); \
1951 tdata = get_options_test_data(#varname " " #varval "\n"); \
1952 ret = options_validate(NULL, tdata->opt, &msg); \
1953 tt_str_op(msg, OP_EQ, \
1954 #varname " may only be changed in testing Tor networks!"); \
1955 tt_int_op(ret, OP_EQ, -1); \
1958 free_options_test_data(tdata); \
1959 tdata = get_options_test_data(#varname " " #varval "\n" \
1961 "TestingTorNetwork 1\n"); \
1963 ret = options_validate(NULL, tdata->opt, &msg); \
1965 tt_str_op(msg, OP_NE, \
1966 #varname " may only be changed in testing Tor networks!"); \
1970 free_options_test_data(tdata); \
1971 tdata = get_options_test_data(#varname " " #varval "\n" \
1972 "___UsingTestNetworkDefaults 1\n"); \
1974 ret = options_validate(NULL, tdata->opt, &msg);\
1976 tt_str_op(msg, OP_NE, \
1977 #varname " may only be changed in testing Tor networks!"); \
1982 ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval
, 3600);
1983 ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay
, 3000);
1984 ENSURE_DEFAULT(TestingV3AuthInitialDistDelay
, 3000);
1985 ENSURE_DEFAULT(TestingV3AuthVotingStartOffset
, 3000);
1986 ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability
, 3000);
1987 ENSURE_DEFAULT(TestingServerDownloadInitialDelay
, 3000);
1988 ENSURE_DEFAULT(TestingClientDownloadInitialDelay
, 3000);
1989 ENSURE_DEFAULT(TestingServerConsensusDownloadInitialDelay
, 3000);
1990 ENSURE_DEFAULT(TestingClientConsensusDownloadInitialDelay
, 3000);
1991 ENSURE_DEFAULT(TestingBridgeDownloadInitialDelay
, 3000);
1992 ENSURE_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay
, 3000);
1993 ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest
, 3000);
1994 ENSURE_DEFAULT(TestingDirConnectionMaxStall
, 3000);
1995 ENSURE_DEFAULT(TestingAuthKeyLifetime
, 3000);
1996 ENSURE_DEFAULT(TestingLinkCertLifetime
, 3000);
1997 ENSURE_DEFAULT(TestingSigningKeySlop
, 3000);
1998 ENSURE_DEFAULT(TestingAuthKeySlop
, 3000);
1999 ENSURE_DEFAULT(TestingLinkKeySlop
, 3000);
2002 escaped(NULL
); // This will free the leaking memory from the previous escaped
2003 policies_free_all();
2004 free_options_test_data(tdata
);
2009 test_options_validate__hidserv(void *ignored
)
2014 setup_capture_of_logs(LOG_WARN
);
2016 options_test_data_t
*tdata
= NULL
;
2018 free_options_test_data(tdata
);
2019 tdata
= get_options_test_data("RendPostPeriod 1\n" );
2020 mock_clean_saved_logs();
2021 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2022 tt_int_op(ret
, OP_EQ
, 0);
2023 expect_log_msg("RendPostPeriod option is too short;"
2024 " raising to 600 seconds.\n");
2025 tt_int_op(tdata
->opt
->RendPostPeriod
, OP_EQ
, 600);
2028 free_options_test_data(tdata
);
2029 tdata
= get_options_test_data("RendPostPeriod 302401\n" );
2030 mock_clean_saved_logs();
2031 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2032 tt_int_op(ret
, OP_EQ
, 0);
2033 expect_log_msg("RendPostPeriod is too large; "
2034 "clipping to 302400s.\n");
2035 tt_int_op(tdata
->opt
->RendPostPeriod
, OP_EQ
, 302400);
2039 teardown_capture_of_logs();
2040 policies_free_all();
2041 free_options_test_data(tdata
);
2046 test_options_validate__path_bias(void *ignored
)
2052 options_test_data_t
*tdata
= get_options_test_data(
2053 "PathBiasNoticeRate 1.1\n");
2054 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2055 tt_int_op(ret
, OP_EQ
, -1);
2056 tt_str_op(msg
, OP_EQ
,
2057 "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
2060 free_options_test_data(tdata
);
2061 tdata
= get_options_test_data("PathBiasWarnRate 1.1\n");
2062 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2063 tt_int_op(ret
, OP_EQ
, -1);
2064 tt_str_op(msg
, OP_EQ
,
2065 "PathBiasWarnRate is too high. It must be between 0 and 1.0");
2068 free_options_test_data(tdata
);
2069 tdata
= get_options_test_data("PathBiasExtremeRate 1.1\n");
2070 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2071 tt_int_op(ret
, OP_EQ
, -1);
2072 tt_str_op(msg
, OP_EQ
,
2073 "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
2076 free_options_test_data(tdata
);
2077 tdata
= get_options_test_data("PathBiasNoticeUseRate 1.1\n");
2078 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2079 tt_int_op(ret
, OP_EQ
, -1);
2080 tt_str_op(msg
, OP_EQ
,
2081 "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
2084 free_options_test_data(tdata
);
2085 tdata
= get_options_test_data("PathBiasExtremeUseRate 1.1\n");
2086 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2087 tt_int_op(ret
, OP_EQ
, -1);
2088 tt_str_op(msg
, OP_EQ
,
2089 "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
2093 free_options_test_data(tdata
);
2098 test_options_validate__bandwidth(void *ignored
)
2103 options_test_data_t
*tdata
= NULL
;
2105 #define ENSURE_BANDWIDTH_PARAM(p, EXTRA_OPT_STR) \
2107 free_options_test_data(tdata); \
2108 tdata = get_options_test_data(EXTRA_OPT_STR \
2110 ret = options_validate(NULL, tdata->opt, &msg); \
2111 tt_int_op(ret, OP_EQ, -1); \
2112 tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
2116 ENSURE_BANDWIDTH_PARAM(BandwidthRate
, "");
2117 ENSURE_BANDWIDTH_PARAM(BandwidthBurst
, "");
2119 ENSURE_BANDWIDTH_PARAM(BandwidthRate
, ENABLE_AUTHORITY_V3
);
2120 ENSURE_BANDWIDTH_PARAM(BandwidthBurst
, ENABLE_AUTHORITY_V3
);
2122 ENSURE_BANDWIDTH_PARAM(BandwidthRate
, ENABLE_AUTHORITY_BRIDGE
);
2123 ENSURE_BANDWIDTH_PARAM(BandwidthBurst
, ENABLE_AUTHORITY_BRIDGE
);
2125 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth
, "");
2126 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate
, "");
2127 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst
, "");
2128 ENSURE_BANDWIDTH_PARAM(PerConnBWRate
, "");
2129 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst
, "");
2131 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth
, ENABLE_AUTHORITY_V3
);
2132 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate
, ENABLE_AUTHORITY_V3
);
2133 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst
, ENABLE_AUTHORITY_V3
);
2134 ENSURE_BANDWIDTH_PARAM(PerConnBWRate
, ENABLE_AUTHORITY_V3
);
2135 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst
, ENABLE_AUTHORITY_V3
);
2137 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth
, ENABLE_AUTHORITY_BRIDGE
);
2138 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate
, ENABLE_AUTHORITY_BRIDGE
);
2139 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst
, ENABLE_AUTHORITY_BRIDGE
);
2140 ENSURE_BANDWIDTH_PARAM(PerConnBWRate
, ENABLE_AUTHORITY_BRIDGE
);
2141 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst
, ENABLE_AUTHORITY_BRIDGE
);
2143 ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee
, ENABLE_AUTHORITY_V3
);
2144 ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee
, ENABLE_AUTHORITY_V3
);
2146 free_options_test_data(tdata
);
2147 tdata
= get_options_test_data("RelayBandwidthRate 1000\n");
2148 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2149 tt_int_op(ret
, OP_EQ
, 0);
2150 tt_u64_op(tdata
->opt
->RelayBandwidthBurst
, OP_EQ
, 1000);
2153 free_options_test_data(tdata
);
2154 tdata
= get_options_test_data("RelayBandwidthBurst 1001\n");
2155 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2156 tt_int_op(ret
, OP_EQ
, 0);
2157 tt_u64_op(tdata
->opt
->RelayBandwidthRate
, OP_EQ
, 1001);
2160 free_options_test_data(tdata
);
2161 tdata
= get_options_test_data("RelayBandwidthRate 1001\n"
2162 "RelayBandwidthBurst 1000\n");
2163 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2164 tt_int_op(ret
, OP_EQ
, -1);
2165 tt_str_op(msg
, OP_EQ
, "RelayBandwidthBurst must be at least equal to "
2166 "RelayBandwidthRate.");
2169 free_options_test_data(tdata
);
2170 tdata
= get_options_test_data("BandwidthRate 1001\n"
2171 "BandwidthBurst 1000\n");
2172 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2173 tt_int_op(ret
, OP_EQ
, -1);
2174 tt_str_op(msg
, OP_EQ
,
2175 "BandwidthBurst must be at least equal to BandwidthRate.");
2178 free_options_test_data(tdata
);
2179 tdata
= get_options_test_data("RelayBandwidthRate 1001\n"
2180 "BandwidthRate 1000\n"
2181 "BandwidthBurst 1000\n"
2183 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2184 tt_int_op(ret
, OP_EQ
, 0);
2185 tt_u64_op(tdata
->opt
->BandwidthRate
, OP_EQ
, 1001);
2188 free_options_test_data(tdata
);
2189 tdata
= get_options_test_data("RelayBandwidthRate 1001\n"
2190 "BandwidthRate 1000\n"
2191 "RelayBandwidthBurst 1001\n"
2192 "BandwidthBurst 1000\n"
2194 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2195 tt_int_op(ret
, OP_EQ
, 0);
2196 tt_u64_op(tdata
->opt
->BandwidthBurst
, OP_EQ
, 1001);
2199 free_options_test_data(tdata
);
2200 tdata
= get_options_test_data("ORPort 127.0.0.1:5555\n"
2203 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2204 tt_int_op(ret
, OP_EQ
, -1);
2205 tt_str_op(msg
, OP_EQ
, "BandwidthRate is set to 1 bytes/second. For servers,"
2206 " it must be at least 76800.");
2209 free_options_test_data(tdata
);
2210 tdata
= get_options_test_data("ORPort 127.0.0.1:5555\n"
2211 "BandwidthRate 76800\n"
2212 "MaxAdvertisedBandwidth 30000\n"
2214 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2215 tt_int_op(ret
, OP_EQ
, -1);
2216 tt_str_op(msg
, OP_EQ
, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
2217 " For servers, it must be at least 38400.");
2220 free_options_test_data(tdata
);
2221 tdata
= get_options_test_data("ORPort 127.0.0.1:5555\n"
2222 "BandwidthRate 76800\n"
2223 "RelayBandwidthRate 1\n"
2224 "MaxAdvertisedBandwidth 38400\n"
2226 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2227 tt_int_op(ret
, OP_EQ
, -1);
2228 tt_str_op(msg
, OP_EQ
, "RelayBandwidthRate is set to 1 bytes/second. For "
2229 "servers, it must be at least 76800.");
2232 free_options_test_data(tdata
);
2233 tdata
= get_options_test_data("ORPort 127.0.0.1:5555\n"
2234 "BandwidthRate 76800\n"
2235 "BandwidthBurst 76800\n"
2236 "RelayBandwidthRate 76800\n"
2237 "MaxAdvertisedBandwidth 38400\n"
2239 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2240 tt_int_op(ret
, OP_EQ
, 0);
2244 policies_free_all();
2245 free_options_test_data(tdata
);
2250 test_options_validate__circuits(void *ignored
)
2254 options_test_data_t
*tdata
= NULL
;
2255 setup_capture_of_logs(LOG_WARN
);
2257 free_options_test_data(tdata
);
2258 tdata
= get_options_test_data("MaxCircuitDirtiness 2592001\n");
2259 options_validate(NULL
, tdata
->opt
, &msg
);
2260 expect_log_msg("MaxCircuitDirtiness option is too "
2261 "high; setting to 30 days.\n");
2262 tt_int_op(tdata
->opt
->MaxCircuitDirtiness
, OP_EQ
, 2592000);
2265 free_options_test_data(tdata
);
2266 mock_clean_saved_logs();
2267 tdata
= get_options_test_data("CircuitStreamTimeout 1\n");
2268 options_validate(NULL
, tdata
->opt
, &msg
);
2269 expect_log_msg("CircuitStreamTimeout option is too"
2270 " short; raising to 10 seconds.\n");
2271 tt_int_op(tdata
->opt
->CircuitStreamTimeout
, OP_EQ
, 10);
2274 free_options_test_data(tdata
);
2275 mock_clean_saved_logs();
2276 tdata
= get_options_test_data("CircuitStreamTimeout 111\n");
2277 options_validate(NULL
, tdata
->opt
, &msg
);
2278 expect_no_log_msg("CircuitStreamTimeout option is too"
2279 " short; raising to 10 seconds.\n");
2280 tt_int_op(tdata
->opt
->CircuitStreamTimeout
, OP_EQ
, 111);
2283 free_options_test_data(tdata
);
2284 mock_clean_saved_logs();
2285 tdata
= get_options_test_data("HeartbeatPeriod 1\n");
2286 options_validate(NULL
, tdata
->opt
, &msg
);
2287 expect_log_msg("HeartbeatPeriod option is too short;"
2288 " raising to 1800 seconds.\n");
2289 tt_int_op(tdata
->opt
->HeartbeatPeriod
, OP_EQ
, 1800);
2292 free_options_test_data(tdata
);
2293 mock_clean_saved_logs();
2294 tdata
= get_options_test_data("HeartbeatPeriod 1982\n");
2295 options_validate(NULL
, tdata
->opt
, &msg
);
2296 expect_no_log_msg("HeartbeatPeriod option is too short;"
2297 " raising to 1800 seconds.\n");
2298 tt_int_op(tdata
->opt
->HeartbeatPeriod
, OP_EQ
, 1982);
2301 free_options_test_data(tdata
);
2302 mock_clean_saved_logs();
2303 tdata
= get_options_test_data("LearnCircuitBuildTimeout 0\n"
2304 "CircuitBuildTimeout 1\n"
2306 options_validate(NULL
, tdata
->opt
, &msg
);
2307 expect_log_msg("CircuitBuildTimeout is shorter (1"
2308 " seconds) than the recommended minimum (10 seconds), and "
2309 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2310 "raise this value or enable LearnCircuitBuildTimeout.\n");
2313 free_options_test_data(tdata
);
2314 mock_clean_saved_logs();
2315 tdata
= get_options_test_data("CircuitBuildTimeout 11\n"
2317 options_validate(NULL
, tdata
->opt
, &msg
);
2318 expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
2319 "seconds) than the recommended minimum (10 seconds), and "
2320 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2321 "raise this value or enable LearnCircuitBuildTimeout.\n");
2325 policies_free_all();
2326 teardown_capture_of_logs();
2327 free_options_test_data(tdata
);
2332 test_options_validate__rend(void *ignored
)
2337 options_test_data_t
*tdata
= NULL
;
2338 setup_capture_of_logs(LOG_WARN
);
2340 free_options_test_data(tdata
);
2341 tdata
= get_options_test_data(
2342 "UseEntryGuards 0\n"
2343 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2344 "HiddenServicePort 80 127.0.0.1:8080\n"
2346 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2347 tt_int_op(ret
, OP_EQ
, 0);
2348 expect_log_msg("UseEntryGuards is disabled, but you"
2349 " have configured one or more hidden services on this Tor "
2350 "instance. Your hidden services will be very easy to locate using"
2351 " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2352 "attack06 for details.\n");
2355 free_options_test_data(tdata
);
2356 tdata
= get_options_test_data(
2357 "UseEntryGuards 1\n"
2358 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2359 "HiddenServicePort 80 127.0.0.1:8080\n"
2361 mock_clean_saved_logs();
2362 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2363 tt_int_op(ret
, OP_EQ
, 0);
2364 expect_no_log_msg("UseEntryGuards is disabled, but you"
2365 " have configured one or more hidden services on this Tor "
2366 "instance. Your hidden services will be very easy to locate using"
2367 " a well-known attack -- see https://freehaven.net/anonbib/#hs-"
2368 "attack06 for details.\n");
2370 free_options_test_data(tdata
);
2371 tdata
= get_options_test_data("HiddenServicePort 80 127.0.0.1:8080\n");
2372 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2373 tt_int_op(ret
, OP_EQ
, -1);
2374 tt_str_op(msg
, OP_EQ
,
2375 "Failed to configure rendezvous options. See logs for details.");
2379 policies_free_all();
2380 teardown_capture_of_logs();
2381 free_options_test_data(tdata
);
2386 test_options_validate__single_onion(void *ignored
)
2391 options_test_data_t
*tdata
= NULL
;
2392 setup_capture_of_logs(LOG_WARN
);
2394 /* Test that HiddenServiceSingleHopMode must come with
2395 * HiddenServiceNonAnonymousMode */
2396 tdata
= get_options_test_data("SOCKSPort 0\n"
2397 "HiddenServiceSingleHopMode 1\n"
2399 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2400 tt_int_op(ret
, OP_EQ
, -1);
2401 tt_str_op(msg
, OP_EQ
, "HiddenServiceSingleHopMode does not provide any "
2402 "server anonymity. It must be used with "
2403 "HiddenServiceNonAnonymousMode set to 1.");
2405 free_options_test_data(tdata
);
2407 tdata
= get_options_test_data("SOCKSPort 0\n"
2408 "HiddenServiceSingleHopMode 1\n"
2409 "HiddenServiceNonAnonymousMode 0\n"
2411 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2412 tt_int_op(ret
, OP_EQ
, -1);
2413 tt_str_op(msg
, OP_EQ
, "HiddenServiceSingleHopMode does not provide any "
2414 "server anonymity. It must be used with "
2415 "HiddenServiceNonAnonymousMode set to 1.");
2417 free_options_test_data(tdata
);
2419 tdata
= get_options_test_data("SOCKSPort 0\n"
2420 "HiddenServiceSingleHopMode 1\n"
2421 "HiddenServiceNonAnonymousMode 1\n"
2423 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2424 tt_int_op(ret
, OP_EQ
, 0);
2425 tt_ptr_op(msg
, OP_EQ
, NULL
);
2426 free_options_test_data(tdata
);
2428 /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
2429 tdata
= get_options_test_data("SOCKSPort 5000\n"
2430 "HiddenServiceSingleHopMode 1\n"
2431 "HiddenServiceNonAnonymousMode 1\n"
2433 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2434 tt_int_op(ret
, OP_EQ
, -1);
2435 tt_str_op(msg
, OP_EQ
, "HiddenServiceNonAnonymousMode is incompatible with "
2436 "using Tor as an anonymous client. Please set "
2437 "Socks/Trans/NATD/DNSPort to 0, or revert "
2438 "HiddenServiceNonAnonymousMode to 0.");
2440 free_options_test_data(tdata
);
2442 tdata
= get_options_test_data("SOCKSPort 0\n"
2443 "HiddenServiceSingleHopMode 1\n"
2444 "HiddenServiceNonAnonymousMode 1\n"
2446 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2447 tt_int_op(ret
, OP_EQ
, 0);
2448 tt_ptr_op(msg
, OP_EQ
, NULL
);
2449 free_options_test_data(tdata
);
2451 tdata
= get_options_test_data("SOCKSPort 5000\n"
2452 "HiddenServiceSingleHopMode 0\n"
2454 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2455 tt_int_op(ret
, OP_EQ
, 0);
2456 tt_ptr_op(msg
, OP_EQ
, NULL
);
2457 free_options_test_data(tdata
);
2459 /* Test that a hidden service can't be run in non anonymous mode. */
2460 tdata
= get_options_test_data(
2461 "HiddenServiceNonAnonymousMode 1\n"
2462 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2463 "HiddenServicePort 80 127.0.0.1:8080\n"
2465 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2466 tt_int_op(ret
, OP_EQ
, -1);
2467 tt_str_op(msg
, OP_EQ
, "HiddenServiceNonAnonymousMode does not provide any "
2468 "server anonymity. It must be used with "
2469 "HiddenServiceSingleHopMode set to 1.");
2471 free_options_test_data(tdata
);
2473 tdata
= get_options_test_data(
2474 "HiddenServiceNonAnonymousMode 1\n"
2476 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2477 tt_int_op(ret
, OP_EQ
, -1);
2478 tt_str_op(msg
, OP_EQ
, "HiddenServiceNonAnonymousMode does not provide any "
2479 "server anonymity. It must be used with "
2480 "HiddenServiceSingleHopMode set to 1.");
2482 free_options_test_data(tdata
);
2484 tdata
= get_options_test_data(
2485 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2486 "HiddenServicePort 80 127.0.0.1:8080\n"
2488 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2489 tt_int_op(ret
, OP_EQ
, 0);
2490 tt_ptr_op(msg
, OP_EQ
, NULL
);
2491 free_options_test_data(tdata
);
2493 tdata
= get_options_test_data(
2494 "HiddenServiceNonAnonymousMode 1\n"
2495 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2496 "HiddenServicePort 80 127.0.0.1:8080\n"
2497 "HiddenServiceSingleHopMode 1\n"
2500 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2501 tt_int_op(ret
, OP_EQ
, 0);
2502 tt_ptr_op(msg
, OP_EQ
, NULL
);
2505 policies_free_all();
2506 teardown_capture_of_logs();
2507 free_options_test_data(tdata
);
2512 test_options_validate__accounting(void *ignored
)
2517 options_test_data_t
*tdata
= NULL
;
2518 setup_capture_of_logs(LOG_WARN
);
2520 free_options_test_data(tdata
);
2521 tdata
= get_options_test_data("AccountingRule something_bad\n");
2522 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2523 tt_int_op(ret
, OP_EQ
, -1);
2524 tt_str_op(msg
, OP_EQ
, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
2527 free_options_test_data(tdata
);
2528 tdata
= get_options_test_data("AccountingRule sum\n");
2529 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2530 tt_int_op(ret
, OP_EQ
, 0);
2531 tt_int_op(tdata
->opt
->AccountingRule
, OP_EQ
, ACCT_SUM
);
2534 free_options_test_data(tdata
);
2535 tdata
= get_options_test_data("AccountingRule max\n");
2536 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2537 tt_int_op(ret
, OP_EQ
, 0);
2538 tt_int_op(tdata
->opt
->AccountingRule
, OP_EQ
, ACCT_MAX
);
2541 free_options_test_data(tdata
);
2542 tdata
= get_options_test_data("AccountingRule in\n");
2543 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2544 tt_int_op(ret
, OP_EQ
, 0);
2545 tt_int_op(tdata
->opt
->AccountingRule
, OP_EQ
, ACCT_IN
);
2548 free_options_test_data(tdata
);
2549 tdata
= get_options_test_data("AccountingRule out\n");
2550 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2551 tt_int_op(ret
, OP_EQ
, 0);
2552 tt_int_op(tdata
->opt
->AccountingRule
, OP_EQ
, ACCT_OUT
);
2555 free_options_test_data(tdata
);
2556 tdata
= get_options_test_data("AccountingStart fail\n");
2557 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2558 tt_int_op(ret
, OP_EQ
, -1);
2559 tt_str_op(msg
, OP_EQ
,
2560 "Failed to parse accounting options. See logs for details.");
2563 free_options_test_data(tdata
);
2564 tdata
= get_options_test_data("AccountingMax 10\n");
2565 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2566 tt_int_op(ret
, OP_EQ
, 0);
2569 free_options_test_data(tdata
);
2570 tdata
= get_options_test_data(
2571 "ORPort 127.0.0.1:5555\n"
2572 "BandwidthRate 76800\n"
2573 "BandwidthBurst 76800\n"
2574 "MaxAdvertisedBandwidth 38400\n"
2575 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2576 "HiddenServicePort 80 127.0.0.1:8080\n"
2577 "AccountingMax 10\n"
2579 mock_clean_saved_logs();
2580 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2581 tt_int_op(ret
, OP_EQ
, 0);
2582 expect_log_msg("Using accounting with a hidden "
2583 "service and an ORPort is risky: your hidden service(s) and "
2584 "your public address will all turn off at the same time, "
2585 "which may alert observers that they are being run by the "
2589 free_options_test_data(tdata
);
2590 tdata
= get_options_test_data(
2591 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2592 "HiddenServicePort 80 127.0.0.1:8080\n"
2593 "AccountingMax 10\n"
2595 mock_clean_saved_logs();
2596 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2597 tt_int_op(ret
, OP_EQ
, 0);
2598 expect_no_log_msg("Using accounting with a hidden "
2599 "service and an ORPort is risky: your hidden service(s) and "
2600 "your public address will all turn off at the same time, "
2601 "which may alert observers that they are being run by the "
2605 free_options_test_data(tdata
);
2606 tdata
= get_options_test_data(
2607 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2608 "HiddenServicePort 80 127.0.0.1:8080\n"
2609 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
2610 "HiddenServicePort 81 127.0.0.1:8081\n"
2611 "AccountingMax 10\n"
2613 mock_clean_saved_logs();
2614 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2615 tt_int_op(ret
, OP_EQ
, 0);
2616 expect_log_msg("Using accounting with multiple "
2617 "hidden services is risky: they will all turn off at the same"
2618 " time, which may alert observers that they are being run by "
2619 "the same party.\n");
2623 teardown_capture_of_logs();
2624 policies_free_all();
2625 free_options_test_data(tdata
);
2630 test_options_validate__proxy(void *ignored
)
2635 options_test_data_t
*tdata
= NULL
;
2636 sandbox_disable_getaddrinfo_cache();
2637 setup_capture_of_logs(LOG_WARN
);
2638 MOCK(tor_addr_lookup
, mock_tor_addr_lookup__fail_on_bad_addrs
);
2640 free_options_test_data(tdata
);
2641 tdata
= get_options_test_data("HttpProxy 127.0.42.1\n");
2642 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2643 tt_int_op(ret
, OP_EQ
, 0);
2644 tt_int_op(tdata
->opt
->HTTPProxyPort
, OP_EQ
, 80);
2647 free_options_test_data(tdata
);
2648 tdata
= get_options_test_data("HttpProxy 127.0.42.1:444\n");
2649 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2650 tt_int_op(ret
, OP_EQ
, 0);
2651 tt_int_op(tdata
->opt
->HTTPProxyPort
, OP_EQ
, 444);
2654 free_options_test_data(tdata
);
2656 tdata
= get_options_test_data("HttpProxy not_so_valid!\n");
2657 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2658 tt_int_op(ret
, OP_EQ
, -1);
2659 tt_str_op(msg
, OP_EQ
, "HTTPProxy failed to parse or resolve. Please fix.");
2662 free_options_test_data(tdata
);
2663 tdata
= get_options_test_data("HttpProxyAuthenticator "
2664 "onetwothreonetwothreonetwothreonetwothreonetw"
2665 "othreonetwothreonetwothreonetwothreonetwothre"
2666 "onetwothreonetwothreonetwothreonetwothreonetw"
2667 "othreonetwothreonetwothreonetwothreonetwothre"
2668 "onetwothreonetwothreonetwothreonetwothreonetw"
2669 "othreonetwothreonetwothreonetwothreonetwothre"
2670 "onetwothreonetwothreonetwothreonetwothreonetw"
2671 "othreonetwothreonetwothreonetwothreonetwothre"
2672 "onetwothreonetwothreonetwothreonetwothreonetw"
2673 "othreonetwothreonetwothreonetwothreonetwothre"
2674 "onetwothreonetwothreonetwothreonetwothreonetw"
2675 "othreonetwothreeonetwothreeonetwothree"
2677 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2678 tt_int_op(ret
, OP_EQ
, -1);
2679 tt_str_op(msg
, OP_EQ
, "HTTPProxyAuthenticator is too long (>= 512 chars).");
2682 free_options_test_data(tdata
);
2683 tdata
= get_options_test_data("HttpProxyAuthenticator validauth\n");
2684 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2685 tt_int_op(ret
, OP_EQ
, 0);
2688 free_options_test_data(tdata
);
2689 tdata
= get_options_test_data("HttpsProxy 127.0.42.1\n");
2690 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2691 tt_int_op(ret
, OP_EQ
, 0);
2692 tt_int_op(tdata
->opt
->HTTPSProxyPort
, OP_EQ
, 443);
2695 free_options_test_data(tdata
);
2696 tdata
= get_options_test_data("HttpsProxy 127.0.42.1:444\n");
2697 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2698 tt_int_op(ret
, OP_EQ
, 0);
2699 tt_int_op(tdata
->opt
->HTTPSProxyPort
, OP_EQ
, 444);
2702 free_options_test_data(tdata
);
2703 tdata
= get_options_test_data("HttpsProxy not_so_valid!\n");
2704 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2705 tt_int_op(ret
, OP_EQ
, -1);
2706 tt_str_op(msg
, OP_EQ
, "HTTPSProxy failed to parse or resolve. Please fix.");
2709 free_options_test_data(tdata
);
2710 tdata
= get_options_test_data("HttpsProxyAuthenticator "
2711 "onetwothreonetwothreonetwothreonetwothreonetw"
2712 "othreonetwothreonetwothreonetwothreonetwothre"
2713 "onetwothreonetwothreonetwothreonetwothreonetw"
2714 "othreonetwothreonetwothreonetwothreonetwothre"
2715 "onetwothreonetwothreonetwothreonetwothreonetw"
2716 "othreonetwothreonetwothreonetwothreonetwothre"
2717 "onetwothreonetwothreonetwothreonetwothreonetw"
2718 "othreonetwothreonetwothreonetwothreonetwothre"
2719 "onetwothreonetwothreonetwothreonetwothreonetw"
2720 "othreonetwothreonetwothreonetwothreonetwothre"
2721 "onetwothreonetwothreonetwothreonetwothreonetw"
2722 "othreonetwothreeonetwothreeonetwothree"
2725 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2726 tt_int_op(ret
, OP_EQ
, -1);
2727 tt_str_op(msg
, OP_EQ
, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
2730 free_options_test_data(tdata
);
2731 tdata
= get_options_test_data("HttpsProxyAuthenticator validauth\n");
2732 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2733 tt_int_op(ret
, OP_EQ
, 0);
2736 free_options_test_data(tdata
);
2737 tdata
= get_options_test_data("Socks4Proxy 127.0.42.1\n");
2738 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2739 tt_int_op(ret
, OP_EQ
, 0);
2740 tt_int_op(tdata
->opt
->Socks4ProxyPort
, OP_EQ
, 1080);
2743 free_options_test_data(tdata
);
2744 tdata
= get_options_test_data("Socks4Proxy 127.0.42.1:444\n");
2745 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2746 tt_int_op(ret
, OP_EQ
, 0);
2747 tt_int_op(tdata
->opt
->Socks4ProxyPort
, OP_EQ
, 444);
2750 free_options_test_data(tdata
);
2751 tdata
= get_options_test_data("Socks4Proxy not_so_valid!\n");
2752 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2753 tt_int_op(ret
, OP_EQ
, -1);
2754 tt_str_op(msg
, OP_EQ
, "Socks4Proxy failed to parse or resolve. Please fix.");
2757 free_options_test_data(tdata
);
2758 tdata
= get_options_test_data("Socks5Proxy 127.0.42.1\n");
2759 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2760 tt_int_op(ret
, OP_EQ
, 0);
2761 tt_int_op(tdata
->opt
->Socks5ProxyPort
, OP_EQ
, 1080);
2764 free_options_test_data(tdata
);
2765 tdata
= get_options_test_data("Socks5Proxy 127.0.42.1:444\n");
2766 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2767 tt_int_op(ret
, OP_EQ
, 0);
2768 tt_int_op(tdata
->opt
->Socks5ProxyPort
, OP_EQ
, 444);
2771 free_options_test_data(tdata
);
2772 tdata
= get_options_test_data("Socks5Proxy not_so_valid!\n");
2773 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2774 tt_int_op(ret
, OP_EQ
, -1);
2775 tt_str_op(msg
, OP_EQ
, "Socks5Proxy failed to parse or resolve. Please fix.");
2778 free_options_test_data(tdata
);
2779 tdata
= get_options_test_data("Socks4Proxy 215.1.1.1\n"
2780 "Socks5Proxy 215.1.1.2\n"
2782 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2783 tt_int_op(ret
, OP_EQ
, -1);
2784 tt_str_op(msg
, OP_EQ
, "You have configured more than one proxy type. "
2785 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
2788 free_options_test_data(tdata
);
2789 tdata
= get_options_test_data("HttpProxy 215.1.1.1\n");
2790 mock_clean_saved_logs();
2791 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2792 tt_int_op(ret
, OP_EQ
, 0);
2793 expect_log_msg("HTTPProxy configured, but no SOCKS proxy, "
2794 "HTTPS proxy, or any other TCP proxy configured. Watch out: "
2795 "this configuration will proxy unencrypted directory "
2796 "connections only.\n");
2799 free_options_test_data(tdata
);
2800 tdata
= get_options_test_data("HttpProxy 215.1.1.1\n"
2801 "Socks4Proxy 215.1.1.1\n"
2803 mock_clean_saved_logs();
2804 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2805 tt_int_op(ret
, OP_EQ
, 0);
2806 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2807 "proxy or HTTPS proxy configured. Watch out: this configuration "
2808 "will proxy unencrypted directory connections only.\n");
2811 free_options_test_data(tdata
);
2812 tdata
= get_options_test_data("HttpProxy 215.1.1.1\n"
2813 "Socks5Proxy 215.1.1.1\n"
2815 mock_clean_saved_logs();
2816 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2817 tt_int_op(ret
, OP_EQ
, 0);
2818 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
2819 "proxy or HTTPS proxy configured. Watch out: this configuration "
2820 "will proxy unencrypted directory connections only.\n");
2823 free_options_test_data(tdata
);
2824 tdata
= get_options_test_data("HttpProxy 215.1.1.1\n"
2825 "HttpsProxy 215.1.1.1\n"
2827 mock_clean_saved_logs();
2828 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2829 tt_int_op(ret
, OP_EQ
, 0);
2831 "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
2832 "configured. Watch out: this configuration will proxy "
2833 "unencrypted directory connections only.\n");
2836 free_options_test_data(tdata
);
2837 tdata
= get_options_test_data("");
2838 tdata
->opt
->Socks5ProxyUsername
= tor_strdup("");
2839 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2840 tt_int_op(ret
, OP_EQ
, -1);
2841 tt_str_op(msg
, OP_EQ
,
2842 "Socks5ProxyUsername must be between 1 and 255 characters.");
2845 free_options_test_data(tdata
);
2846 tdata
= get_options_test_data("");
2847 tdata
->opt
->Socks5ProxyUsername
=
2848 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2849 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2850 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2851 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2852 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2853 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2854 tt_int_op(ret
, OP_EQ
, -1);
2855 tt_str_op(msg
, OP_EQ
,
2856 "Socks5ProxyUsername must be between 1 and 255 characters.");
2859 free_options_test_data(tdata
);
2860 tdata
= get_options_test_data("Socks5ProxyUsername hello_world\n");
2861 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2862 tt_int_op(ret
, OP_EQ
, -1);
2863 tt_str_op(msg
, OP_EQ
, "Socks5ProxyPassword must be included with "
2864 "Socks5ProxyUsername.");
2867 free_options_test_data(tdata
);
2868 tdata
= get_options_test_data("Socks5ProxyUsername hello_world\n");
2869 tdata
->opt
->Socks5ProxyPassword
= tor_strdup("");
2870 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2871 tt_int_op(ret
, OP_EQ
, -1);
2872 tt_str_op(msg
, OP_EQ
,
2873 "Socks5ProxyPassword must be between 1 and 255 characters.");
2876 free_options_test_data(tdata
);
2877 tdata
= get_options_test_data("Socks5ProxyUsername hello_world\n");
2878 tdata
->opt
->Socks5ProxyPassword
=
2879 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
2880 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
2881 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
2882 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
2883 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
2884 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2885 tt_int_op(ret
, OP_EQ
, -1);
2886 tt_str_op(msg
, OP_EQ
,
2887 "Socks5ProxyPassword must be between 1 and 255 characters.");
2890 free_options_test_data(tdata
);
2891 tdata
= get_options_test_data("Socks5ProxyUsername hello_world\n"
2892 "Socks5ProxyPassword world_hello\n");
2893 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2894 tt_int_op(ret
, OP_EQ
, 0);
2897 free_options_test_data(tdata
);
2898 tdata
= get_options_test_data("Socks5ProxyPassword hello_world\n");
2899 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2900 tt_int_op(ret
, OP_EQ
, -1);
2901 tt_str_op(msg
, OP_EQ
, "Socks5ProxyPassword must be included with "
2902 "Socks5ProxyUsername.");
2906 teardown_capture_of_logs();
2907 free_options_test_data(tdata
);
2908 policies_free_all();
2909 // sandbox_free_getaddrinfo_cache();
2911 UNMOCK(tor_addr_lookup
);
2915 test_options_validate__control(void *ignored
)
2920 options_test_data_t
*tdata
= NULL
;
2921 setup_capture_of_logs(LOG_WARN
);
2923 free_options_test_data(tdata
);
2924 tdata
= get_options_test_data(
2925 "HashedControlPassword something_incorrect\n");
2926 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2927 tt_int_op(ret
, OP_EQ
, -1);
2928 tt_str_op(msg
, OP_EQ
,
2929 "Bad HashedControlPassword: wrong length or bad encoding");
2932 free_options_test_data(tdata
);
2933 tdata
= get_options_test_data("HashedControlPassword 16:872860B76453A77D60CA"
2934 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2936 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2937 tt_int_op(ret
, OP_EQ
, 0);
2940 free_options_test_data(tdata
);
2941 tdata
= get_options_test_data(
2942 "__HashedControlSessionPassword something_incorrect\n"
2944 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2945 tt_int_op(ret
, OP_EQ
, -1);
2946 tt_str_op(msg
, OP_EQ
, "Bad HashedControlSessionPassword: wrong length or "
2950 free_options_test_data(tdata
);
2951 tdata
= get_options_test_data("__HashedControlSessionPassword 16:872860B7645"
2952 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
2955 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2956 tt_int_op(ret
, OP_EQ
, 0);
2959 free_options_test_data(tdata
);
2960 tdata
= get_options_test_data(
2961 "__OwningControllerProcess something_incorrect\n"
2963 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2964 tt_int_op(ret
, OP_EQ
, -1);
2965 tt_str_op(msg
, OP_EQ
, "Bad OwningControllerProcess: invalid PID");
2968 free_options_test_data(tdata
);
2969 tdata
= get_options_test_data("__OwningControllerProcess 123\n"
2971 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2972 tt_int_op(ret
, OP_EQ
, 0);
2975 free_options_test_data(tdata
);
2976 tdata
= get_options_test_data("ControlPort 127.0.0.1:1234\n"
2978 mock_clean_saved_logs();
2979 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2980 tt_int_op(ret
, OP_EQ
, 0);
2982 "ControlPort is open, but no authentication method has been "
2983 "configured. This means that any program on your computer can "
2984 "reconfigure your Tor. That's bad! You should upgrade your Tor"
2985 " controller as soon as possible.\n");
2988 free_options_test_data(tdata
);
2989 tdata
= get_options_test_data("ControlPort 127.0.0.1:1234\n"
2990 "HashedControlPassword 16:872860B76453A77D60CA"
2991 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
2993 mock_clean_saved_logs();
2994 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
2995 tt_int_op(ret
, OP_EQ
, 0);
2997 "ControlPort is open, but no authentication method has been "
2998 "configured. This means that any program on your computer can "
2999 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3000 "controller as soon as possible.\n");
3003 free_options_test_data(tdata
);
3004 tdata
= get_options_test_data("ControlPort 127.0.0.1:1234\n"
3005 "__HashedControlSessionPassword 16:872860B7645"
3006 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3009 mock_clean_saved_logs();
3010 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3011 tt_int_op(ret
, OP_EQ
, 0);
3013 "ControlPort is open, but no authentication method has been "
3014 "configured. This means that any program on your computer can "
3015 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3016 "controller as soon as possible.\n");
3019 free_options_test_data(tdata
);
3020 tdata
= get_options_test_data("ControlPort 127.0.0.1:1234\n"
3021 "CookieAuthentication 1\n"
3023 mock_clean_saved_logs();
3024 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3025 tt_int_op(ret
, OP_EQ
, 0);
3027 "ControlPort is open, but no authentication method has been "
3028 "configured. This means that any program on your computer can "
3029 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3030 "controller as soon as possible.\n");
3033 #ifdef HAVE_SYS_UN_H
3034 free_options_test_data(tdata
);
3035 tdata
= get_options_test_data("ControlSocket unix:/tmp WorldWritable\n");
3036 mock_clean_saved_logs();
3037 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3038 tt_int_op(ret
, OP_EQ
, 0);
3040 "ControlSocket is world writable, but no authentication method has"
3041 " been configured. This means that any program on your computer "
3042 "can reconfigure your Tor. That's bad! You should upgrade your "
3043 "Tor controller as soon as possible.\n");
3046 free_options_test_data(tdata
);
3047 tdata
= get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3048 "HashedControlPassword 16:872860B76453A77D60CA"
3049 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3051 mock_clean_saved_logs();
3052 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3053 tt_int_op(ret
, OP_EQ
, 0);
3055 "ControlSocket is world writable, but no authentication method has"
3056 " been configured. This means that any program on your computer "
3057 "can reconfigure your Tor. That's bad! You should upgrade your "
3058 "Tor controller as soon as possible.\n");
3061 free_options_test_data(tdata
);
3062 tdata
= get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3063 "__HashedControlSessionPassword 16:872860B7645"
3064 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3067 mock_clean_saved_logs();
3068 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3069 tt_int_op(ret
, OP_EQ
, 0);
3071 "ControlSocket is world writable, but no authentication method has"
3072 " been configured. This means that any program on your computer "
3073 "can reconfigure your Tor. That's bad! You should upgrade your "
3074 "Tor controller as soon as possible.\n");
3077 free_options_test_data(tdata
);
3078 tdata
= get_options_test_data("ControlSocket unix:/tmp WorldWritable\n"
3079 "CookieAuthentication 1\n"
3081 mock_clean_saved_logs();
3082 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3083 tt_int_op(ret
, OP_EQ
, 0);
3085 "ControlSocket is world writable, but no authentication method has"
3086 " been configured. This means that any program on your computer "
3087 "can reconfigure your Tor. That's bad! You should upgrade your "
3088 "Tor controller as soon as possible.\n");
3090 #endif /* defined(HAVE_SYS_UN_H) */
3092 free_options_test_data(tdata
);
3093 tdata
= get_options_test_data("CookieAuthFileGroupReadable 1\n"
3095 mock_clean_saved_logs();
3096 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3097 tt_int_op(ret
, OP_EQ
, 0);
3099 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3100 "must specify an explicit CookieAuthFile to have it "
3101 "group-readable.\n");
3104 free_options_test_data(tdata
);
3105 tdata
= get_options_test_data("CookieAuthFileGroupReadable 1\n"
3106 "CookieAuthFile /tmp/somewhere\n"
3108 mock_clean_saved_logs();
3109 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3110 tt_int_op(ret
, OP_EQ
, 0);
3112 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3113 "must specify an explicit CookieAuthFile to have it "
3114 "group-readable.\n");
3118 teardown_capture_of_logs();
3119 policies_free_all();
3120 free_options_test_data(tdata
);
3125 test_options_validate__families(void *ignored
)
3130 options_test_data_t
*tdata
= NULL
;
3131 setup_capture_of_logs(LOG_WARN
);
3133 free_options_test_data(tdata
);
3134 tdata
= get_options_test_data("MyFamily home\n"
3136 "ORPort 127.0.0.1:5555\n"
3137 "BandwidthRate 51300\n"
3138 "BandwidthBurst 51300\n"
3139 "MaxAdvertisedBandwidth 25700\n"
3142 mock_clean_saved_logs();
3143 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3144 tt_int_op(ret
, OP_EQ
, 0);
3146 "Listing a family for a bridge relay is not supported: it can "
3147 "reveal bridge fingerprints to censors. You should also make sure "
3148 "you aren't listing this bridge's fingerprint in any other "
3152 free_options_test_data(tdata
);
3153 tdata
= get_options_test_data("MyFamily home\n");
3154 mock_clean_saved_logs();
3155 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3156 tt_int_op(ret
, OP_EQ
, 0);
3158 "Listing a family for a bridge relay is not supported: it can "
3159 "reveal bridge fingerprints to censors. You should also make sure "
3160 "you aren't listing this bridge's fingerprint in any other "
3164 free_options_test_data(tdata
);
3165 tdata
= get_options_test_data("MyFamily !\n");
3166 mock_clean_saved_logs();
3167 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3168 tt_int_op(ret
, OP_EQ
, -1);
3169 tt_str_op(msg
, OP_EQ
, "Invalid nickname '!' in MyFamily line");
3172 free_options_test_data(tdata
);
3173 tdata
= get_options_test_data("NodeFamily foo\n"
3175 mock_clean_saved_logs();
3176 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3177 tt_int_op(ret
, OP_EQ
, -1);
3182 teardown_capture_of_logs();
3183 policies_free_all();
3184 free_options_test_data(tdata
);
3189 test_options_validate__addr_policies(void *ignored
)
3194 options_test_data_t
*tdata
= NULL
;
3196 free_options_test_data(tdata
);
3197 tdata
= get_options_test_data("ExitPolicy !!!\n"
3200 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3201 tt_int_op(ret
, OP_EQ
, -1);
3202 tt_str_op(msg
, OP_EQ
, "Error in ExitPolicy entry.");
3206 policies_free_all();
3207 free_options_test_data(tdata
);
3212 test_options_validate__dir_auth(void *ignored
)
3217 options_test_data_t
*tdata
= NULL
;
3218 setup_capture_of_logs(LOG_WARN
);
3220 free_options_test_data(tdata
);
3221 tdata
= get_options_test_data(VALID_DIR_AUTH
3224 mock_clean_saved_logs();
3225 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3226 tt_int_op(ret
, OP_EQ
, -1);
3227 tt_str_op(msg
, OP_EQ
,
3228 "Directory authority/fallback line did not parse. See logs for "
3231 "You cannot set both DirAuthority and Alternate*Authority.\n");
3234 free_options_test_data(tdata
);
3235 tdata
= get_options_test_data("TestingTorNetwork 1\n");
3236 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3237 tt_int_op(ret
, OP_EQ
, -1);
3238 tt_str_op(msg
, OP_EQ
,
3239 "TestingTorNetwork may only be configured in combination with a "
3240 "non-default set of DirAuthority or both of AlternateDirAuthority "
3241 "and AlternateBridgeAuthority configured.");
3244 free_options_test_data(tdata
);
3245 tdata
= get_options_test_data(VALID_DIR_AUTH
3246 "TestingTorNetwork 1\n"
3248 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3249 tt_int_op(ret
, OP_EQ
, 0);
3252 free_options_test_data(tdata
);
3253 tdata
= get_options_test_data("TestingTorNetwork 1\n"
3256 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3257 tt_int_op(ret
, OP_EQ
, -1);
3258 tt_str_op(msg
, OP_EQ
,
3259 "TestingTorNetwork may only be configured in combination with a "
3260 "non-default set of DirAuthority or both of AlternateDirAuthority "
3261 "and AlternateBridgeAuthority configured.");
3264 free_options_test_data(tdata
);
3265 tdata
= get_options_test_data("TestingTorNetwork 1\n"
3266 VALID_ALT_BRIDGE_AUTH
3268 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3269 tt_int_op(ret
, OP_EQ
, -1);
3270 tt_str_op(msg
, OP_EQ
, "TestingTorNetwork may only be configured in "
3271 "combination with a non-default set of DirAuthority or both of "
3272 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3275 free_options_test_data(tdata
);
3276 tdata
= get_options_test_data(VALID_ALT_DIR_AUTH
3277 VALID_ALT_BRIDGE_AUTH
3278 "TestingTorNetwork 1\n"
3280 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3281 tt_int_op(ret
, OP_EQ
, 0);
3285 policies_free_all();
3286 teardown_capture_of_logs();
3287 free_options_test_data(tdata
);
3292 test_options_validate__transport(void *ignored
)
3297 options_test_data_t
*tdata
= NULL
;
3298 setup_capture_of_logs(LOG_NOTICE
);
3300 free_options_test_data(tdata
);
3301 tdata
= get_options_test_data("ClientTransportPlugin !!\n"
3303 mock_clean_saved_logs();
3304 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3305 tt_int_op(ret
, OP_EQ
, -1);
3306 tt_str_op(msg
, OP_EQ
,
3307 "Invalid client transport line. See logs for details.");
3309 "Too few arguments on ClientTransportPlugin line.\n");
3312 free_options_test_data(tdata
);
3313 tdata
= get_options_test_data("ClientTransportPlugin foo exec bar\n"
3315 mock_clean_saved_logs();
3316 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3317 tt_int_op(ret
, OP_EQ
, 0);
3320 free_options_test_data(tdata
);
3321 tdata
= get_options_test_data("ServerTransportPlugin !!\n");
3322 mock_clean_saved_logs();
3323 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3324 tt_int_op(ret
, OP_EQ
, -1);
3325 tt_str_op(msg
, OP_EQ
,
3326 "Invalid server transport line. See logs for details.");
3328 "Too few arguments on ServerTransportPlugin line.\n");
3331 free_options_test_data(tdata
);
3332 tdata
= get_options_test_data("ServerTransportPlugin foo exec bar\n");
3333 mock_clean_saved_logs();
3334 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3335 tt_int_op(ret
, OP_EQ
, 0);
3337 "Tor is not configured as a relay but you specified a "
3338 "ServerTransportPlugin line (\"foo exec bar\"). The "
3339 "ServerTransportPlugin line will be ignored.\n");
3342 free_options_test_data(tdata
);
3343 tdata
= get_options_test_data("ServerTransportPlugin foo exec bar\n"
3344 "ORPort 127.0.0.1:5555\n"
3345 "BandwidthRate 76900\n"
3346 "BandwidthBurst 76900\n"
3347 "MaxAdvertisedBandwidth 38500\n"
3349 mock_clean_saved_logs();
3350 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3351 tt_int_op(ret
, OP_EQ
, 0);
3353 "Tor is not configured as a relay but you specified a "
3354 "ServerTransportPlugin line (\"foo exec bar\"). The "
3355 "ServerTransportPlugin line will be ignored.\n");
3358 free_options_test_data(tdata
);
3359 tdata
= get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3360 "ServerTransportListenAddr !\n");
3361 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3362 tt_int_op(ret
, OP_EQ
, -1);
3363 tt_str_op(msg
, OP_EQ
,
3364 "ServerTransportListenAddr did not parse. See logs for details.");
3367 free_options_test_data(tdata
);
3368 tdata
= get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3370 mock_clean_saved_logs();
3371 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3372 tt_int_op(ret
, OP_EQ
, 0);
3374 "You need at least a single managed-proxy to specify a transport "
3375 "listen address. The ServerTransportListenAddr line will be "
3379 free_options_test_data(tdata
);
3380 tdata
= get_options_test_data("ServerTransportListenAddr foo 127.0.0.42:55\n"
3381 "ServerTransportPlugin foo exec bar\n"
3382 "ORPort 127.0.0.1:5555\n"
3383 "BandwidthRate 76900\n"
3384 "BandwidthBurst 76900\n"
3385 "MaxAdvertisedBandwidth 38500\n"
3387 mock_clean_saved_logs();
3388 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3389 tt_int_op(ret
, OP_EQ
, 0);
3391 "You need at least a single managed-proxy to specify a transport "
3392 "listen address. The ServerTransportListenAddr line will be "
3396 escaped(NULL
); // This will free the leaking memory from the previous escaped
3397 policies_free_all();
3398 teardown_capture_of_logs();
3399 free_options_test_data(tdata
);
3404 test_options_validate__constrained_sockets(void *ignored
)
3409 options_test_data_t
*tdata
= NULL
;
3410 setup_capture_of_logs(LOG_WARN
);
3412 free_options_test_data(tdata
);
3413 tdata
= get_options_test_data("ConstrainedSockets 1\n"
3414 "ConstrainedSockSize 0\n"
3416 mock_clean_saved_logs();
3417 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3418 tt_int_op(ret
, OP_EQ
, -1);
3419 tt_str_op(msg
, OP_EQ
, "ConstrainedSockSize is invalid. Must be a value "
3420 "between 2048 and 262144 in 1024 byte increments.");
3423 free_options_test_data(tdata
);
3424 tdata
= get_options_test_data("ConstrainedSockets 1\n"
3425 "ConstrainedSockSize 263168\n"
3427 mock_clean_saved_logs();
3428 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3429 tt_int_op(ret
, OP_EQ
, -1);
3430 tt_str_op(msg
, OP_EQ
, "ConstrainedSockSize is invalid. Must be a value "
3431 "between 2048 and 262144 in 1024 byte increments.");
3434 free_options_test_data(tdata
);
3435 tdata
= get_options_test_data("ConstrainedSockets 1\n"
3436 "ConstrainedSockSize 2047\n"
3438 mock_clean_saved_logs();
3439 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3440 tt_int_op(ret
, OP_EQ
, -1);
3441 tt_str_op(msg
, OP_EQ
, "ConstrainedSockSize is invalid. Must be a value "
3442 "between 2048 and 262144 in 1024 byte increments.");
3446 policies_free_all();
3447 teardown_capture_of_logs();
3448 free_options_test_data(tdata
);
3453 test_options_validate__v3_auth(void *ignored
)
3458 options_test_data_t
*tdata
= NULL
;
3459 setup_capture_of_logs(LOG_WARN
);
3461 free_options_test_data(tdata
);
3462 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3463 "V3AuthVoteDelay 1000\n"
3464 "V3AuthDistDelay 1000\n"
3465 "V3AuthVotingInterval 1000\n"
3467 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3468 tt_int_op(ret
, OP_EQ
, -1);
3469 tt_str_op(msg
, OP_EQ
,
3470 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3471 "V3AuthVotingInterval");
3474 free_options_test_data(tdata
);
3475 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3476 "V3AuthVoteDelay 1\n");
3477 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3478 tt_int_op(ret
, OP_EQ
, -1);
3479 tt_str_op(msg
, OP_EQ
, "V3AuthVoteDelay is way too low.");
3482 free_options_test_data(tdata
);
3483 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3484 "V3AuthVoteDelay 1\n"
3485 "TestingTorNetwork 1\n");
3486 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3487 tt_int_op(ret
, OP_EQ
, -1);
3488 tt_str_op(msg
, OP_EQ
, "V3AuthVoteDelay is way too low.");
3491 // TODO: we can't reach the case of v3authvotedelay lower
3492 // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
3493 // since they are the same
3495 free_options_test_data(tdata
);
3496 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3497 "V3AuthDistDelay 1\n");
3498 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3499 tt_int_op(ret
, OP_EQ
, -1);
3500 tt_str_op(msg
, OP_EQ
, "V3AuthDistDelay is way too low.");
3503 free_options_test_data(tdata
);
3504 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3505 "V3AuthDistDelay 1\n"
3506 "TestingTorNetwork 1\n"
3508 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3509 tt_int_op(ret
, OP_EQ
, -1);
3510 tt_str_op(msg
, OP_EQ
, "V3AuthDistDelay is way too low.");
3513 // We can't reach the case of v3authdistdelay lower than
3514 // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
3515 // since they are the same
3517 free_options_test_data(tdata
);
3518 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3519 "V3AuthNIntervalsValid 1\n"
3521 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3522 tt_int_op(ret
, OP_EQ
, -1);
3523 tt_str_op(msg
, OP_EQ
, "V3AuthNIntervalsValid must be at least 2.");
3526 free_options_test_data(tdata
);
3527 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3528 "V3AuthVoteDelay 49\n"
3529 "V3AuthDistDelay 49\n"
3530 "V3AuthVotingInterval 200\n"
3532 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3533 tt_int_op(ret
, OP_EQ
, -1);
3534 tt_str_op(msg
, OP_EQ
, "V3AuthVotingInterval is insanely low.");
3537 free_options_test_data(tdata
);
3538 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3540 "TestingTorNetwork 1\n"
3541 "V3AuthVoteDelay 49\n"
3542 "V3AuthDistDelay 49\n"
3543 "V3AuthVotingInterval 200\n"
3545 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3546 tt_int_op(ret
, OP_EQ
, 0);
3547 tt_ptr_op(msg
, OP_EQ
, NULL
);
3550 free_options_test_data(tdata
);
3551 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3553 "TestingTorNetwork 1\n"
3554 "V3AuthVoteDelay 2\n"
3555 "V3AuthDistDelay 2\n"
3556 "V3AuthVotingInterval 9\n"
3558 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3559 tt_int_op(ret
, OP_EQ
, -1);
3560 tt_str_op(msg
, OP_EQ
,
3561 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3562 "V3AuthVotingInterval");
3565 free_options_test_data(tdata
);
3566 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3568 "TestingTorNetwork 1\n"
3569 "V3AuthVoteDelay 2\n"
3570 "V3AuthDistDelay 2\n"
3571 "V3AuthVotingInterval 10\n"
3573 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3574 tt_int_op(ret
, OP_EQ
, 0);
3575 tt_ptr_op(msg
, OP_EQ
, NULL
);
3578 free_options_test_data(tdata
);
3579 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3580 "V3AuthVoteDelay 49\n"
3581 "V3AuthDistDelay 49\n"
3582 "V3AuthVotingInterval 200000\n"
3584 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3585 tt_int_op(ret
, OP_EQ
, -1);
3586 tt_str_op(msg
, OP_EQ
, "V3AuthVotingInterval is insanely high.");
3589 free_options_test_data(tdata
);
3590 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3591 "V3AuthVoteDelay 49\n"
3592 "V3AuthDistDelay 49\n"
3593 "V3AuthVotingInterval 1441\n"
3595 mock_clean_saved_logs();
3596 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3597 tt_int_op(ret
, OP_EQ
, 0);
3598 expect_log_msg("V3AuthVotingInterval does not divide"
3599 " evenly into 24 hours.\n");
3602 free_options_test_data(tdata
);
3603 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3604 "V3AuthVoteDelay 49\n"
3605 "V3AuthDistDelay 49\n"
3606 "V3AuthVotingInterval 1440\n"
3608 mock_clean_saved_logs();
3609 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3610 tt_int_op(ret
, OP_EQ
, 0);
3611 expect_no_log_msg("V3AuthVotingInterval does not divide"
3612 " evenly into 24 hours.\n");
3615 free_options_test_data(tdata
);
3616 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3617 "V3AuthVoteDelay 49\n"
3618 "V3AuthDistDelay 49\n"
3619 "V3AuthVotingInterval 299\n"
3621 "TestingTorNetwork 1\n"
3623 mock_clean_saved_logs();
3624 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3625 tt_int_op(ret
, OP_EQ
, 0);
3626 expect_log_msg("V3AuthVotingInterval is very low. "
3627 "This may lead to failure to synchronise for a consensus.\n");
3630 free_options_test_data(tdata
);
3631 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3632 "V3AuthVoteDelay 1\n"
3633 "V3AuthDistDelay 1\n"
3634 "V3AuthVotingInterval 9\n"
3636 "TestingTorNetwork 1\n"
3638 /* We have to call the dirauth-specific function to reach this case */
3639 ret
= options_validate_dirauth_schedule(NULL
, tdata
->opt
, &msg
);
3640 tt_int_op(ret
, OP_EQ
, -1);
3641 tt_str_op(msg
, OP_EQ
, "V3AuthVoteDelay is way too low.");
3644 free_options_test_data(tdata
);
3645 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3646 "TestingV3AuthInitialVoteDelay 1\n"
3648 "TestingTorNetwork 1\n"
3650 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3651 tt_int_op(ret
, OP_EQ
, -1);
3652 tt_str_op(msg
, OP_EQ
, "TestingV3AuthInitialVoteDelay is way too low.");
3655 free_options_test_data(tdata
);
3656 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3657 "TestingV3AuthInitialDistDelay 1\n"
3659 "TestingTorNetwork 1\n"
3661 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3662 tt_int_op(ret
, OP_EQ
, -1);
3663 tt_str_op(msg
, OP_EQ
, "TestingV3AuthInitialDistDelay is way too low.");
3666 free_options_test_data(tdata
);
3667 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3669 "TestingTorNetwork 1\n"
3671 tdata
->opt
->TestingV3AuthVotingStartOffset
= 100000;
3672 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3673 tt_int_op(ret
, OP_EQ
, -1);
3674 tt_str_op(msg
, OP_EQ
, "TestingV3AuthVotingStartOffset is higher than the "
3675 "voting interval.");
3678 free_options_test_data(tdata
);
3679 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3681 "TestingTorNetwork 1\n"
3683 tdata
->opt
->TestingV3AuthVotingStartOffset
= -1;
3684 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3685 tt_int_op(ret
, OP_EQ
, -1);
3686 tt_str_op(msg
, OP_EQ
,
3687 "TestingV3AuthVotingStartOffset must be non-negative.");
3690 free_options_test_data(tdata
);
3691 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3693 "TestingTorNetwork 1\n"
3694 "TestingV3AuthInitialVotingInterval 4\n"
3696 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3697 tt_int_op(ret
, OP_EQ
, -1);
3698 tt_str_op(msg
, OP_EQ
, "TestingV3AuthInitialVotingInterval is insanely low.");
3701 free_options_test_data(tdata
);
3702 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3704 "TestingTorNetwork 1\n"
3705 "TestingV3AuthInitialVoteDelay 2\n"
3706 "TestingV3AuthInitialDistDelay 2\n"
3707 "TestingV3AuthInitialVotingInterval 5\n"
3709 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3710 tt_int_op(ret
, OP_EQ
, 0);
3711 tt_ptr_op(msg
, OP_EQ
, NULL
);
3714 free_options_test_data(tdata
);
3715 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3717 "TestingTorNetwork 1\n"
3718 "TestingV3AuthInitialVotingInterval 7\n"
3720 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3721 tt_int_op(ret
, OP_EQ
, -1);
3722 tt_str_op(msg
, OP_EQ
,
3723 "TestingV3AuthInitialVotingInterval does not divide evenly into "
3727 free_options_test_data(tdata
);
3728 tdata
= get_options_test_data(ENABLE_AUTHORITY_V3
3730 "TestingTorNetwork 1\n"
3731 "TestingV3AuthInitialVoteDelay 3\n"
3732 "TestingV3AuthInitialDistDelay 3\n"
3733 "TestingV3AuthInitialVotingInterval 5\n"
3735 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3736 tt_int_op(ret
, OP_EQ
, -1);
3737 tt_str_op(msg
, OP_EQ
,
3738 "TestingV3AuthInitialVoteDelay plus "
3739 "TestingV3AuthInitialDistDelay must be less than "
3740 "TestingV3AuthInitialVotingInterval");
3744 policies_free_all();
3745 teardown_capture_of_logs();
3746 free_options_test_data(tdata
);
3751 test_options_validate__virtual_addr(void *ignored
)
3756 options_test_data_t
*tdata
= NULL
;
3758 free_options_test_data(tdata
);
3759 tdata
= get_options_test_data("VirtualAddrNetworkIPv4 !!");
3760 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3761 tt_int_op(ret
, OP_EQ
, -1);
3762 tt_str_op(msg
, OP_EQ
, "Error parsing VirtualAddressNetwork !!");
3765 free_options_test_data(tdata
);
3766 tdata
= get_options_test_data("VirtualAddrNetworkIPv6 !!"
3768 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3769 tt_int_op(ret
, OP_EQ
, -1);
3770 tt_str_op(msg
, OP_EQ
, "Error parsing VirtualAddressNetworkIPv6 !!");
3774 escaped(NULL
); // This will free the leaking memory from the previous escaped
3775 policies_free_all();
3776 free_options_test_data(tdata
);
3781 test_options_validate__testing_options(void *ignored
)
3786 options_test_data_t
*tdata
= NULL
;
3787 setup_capture_of_logs(LOG_WARN
);
3789 #define TEST_TESTING_OPTION(name, accessor, \
3790 low_val, high_val, err_low, EXTRA_OPT_STR) \
3792 free_options_test_data(tdata); \
3793 tdata = get_options_test_data(EXTRA_OPT_STR \
3795 "TestingTorNetwork 1\n" \
3797 accessor(tdata->opt)->name = low_val; \
3798 ret = options_validate(NULL, tdata->opt, &msg); \
3799 tt_int_op(ret, OP_EQ, -1); \
3800 tt_str_op(msg, OP_EQ, #name " " err_low); \
3803 free_options_test_data(tdata); \
3804 tdata = get_options_test_data(EXTRA_OPT_STR \
3806 "TestingTorNetwork 1\n" \
3808 accessor(tdata->opt)->name = high_val; \
3809 mock_clean_saved_logs(); \
3810 ret = options_validate(NULL, tdata->opt, &msg); \
3811 tt_int_op(ret, OP_EQ, 0); \
3812 tt_ptr_op(msg, OP_EQ, NULL); \
3813 expect_log_msg( #name " is insanely high.\n"); \
3817 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest
, , -1, 3601,
3818 "is way too low.", "");
3819 TEST_TESTING_OPTION(TestingDirConnectionMaxStall
, , 1, 3601,
3820 "is way too low.", "");
3822 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest
, , -1, 3601,
3823 "is way too low.", ENABLE_AUTHORITY_V3
);
3824 TEST_TESTING_OPTION(TestingDirConnectionMaxStall
, , 1, 3601,
3825 "is way too low.", ENABLE_AUTHORITY_V3
);
3827 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest
, , -1, 3601,
3828 "is way too low.", ENABLE_AUTHORITY_BRIDGE
);
3829 TEST_TESTING_OPTION(TestingDirConnectionMaxStall
, , 1, 3601,
3830 "is way too low.", ENABLE_AUTHORITY_BRIDGE
);
3832 free_options_test_data(tdata
);
3833 tdata
= get_options_test_data("TestingEnableConnBwEvent 1\n");
3834 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3835 tt_int_op(ret
, OP_EQ
, -1);
3836 tt_str_op(msg
, OP_EQ
, "TestingEnableConnBwEvent may only be changed in "
3837 "testing Tor networks!");
3840 free_options_test_data(tdata
);
3841 tdata
= get_options_test_data("TestingEnableConnBwEvent 1\n"
3843 "TestingTorNetwork 1\n"
3844 "___UsingTestNetworkDefaults 0\n"
3847 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3848 tt_int_op(ret
, OP_EQ
, 0);
3852 free_options_test_data(tdata
);
3853 tdata
= get_options_test_data("TestingEnableConnBwEvent 1\n"
3855 "TestingTorNetwork 0\n"
3856 "___UsingTestNetworkDefaults 1\n"
3859 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3860 tt_int_op(ret
, OP_EQ
, 0);
3864 free_options_test_data(tdata
);
3865 tdata
= get_options_test_data("TestingEnableCellStatsEvent 1\n");
3866 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3867 tt_int_op(ret
, OP_EQ
, -1);
3868 tt_str_op(msg
, OP_EQ
, "TestingEnableCellStatsEvent may only be changed in "
3869 "testing Tor networks!");
3872 free_options_test_data(tdata
);
3873 tdata
= get_options_test_data("TestingEnableCellStatsEvent 1\n"
3875 "TestingTorNetwork 1\n"
3876 "___UsingTestNetworkDefaults 0\n"
3879 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3880 tt_int_op(ret
, OP_EQ
, 0);
3884 free_options_test_data(tdata
);
3885 tdata
= get_options_test_data("TestingEnableCellStatsEvent 1\n"
3887 "TestingTorNetwork 0\n"
3888 "___UsingTestNetworkDefaults 1\n"
3891 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3892 tt_int_op(ret
, OP_EQ
, 0);
3896 free_options_test_data(tdata
);
3897 tdata
= get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3899 "TestingTorNetwork 1\n"
3900 "___UsingTestNetworkDefaults 0\n"
3903 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3904 tt_int_op(ret
, OP_EQ
, 0);
3908 free_options_test_data(tdata
);
3909 tdata
= get_options_test_data("TestingEnableTbEmptyEvent 1\n"
3911 "TestingTorNetwork 0\n"
3912 "___UsingTestNetworkDefaults 1\n"
3915 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3916 tt_int_op(ret
, OP_EQ
, 0);
3921 policies_free_all();
3922 teardown_capture_of_logs();
3923 free_options_test_data(tdata
);
3928 test_options_validate__accel(void *ignored
)
3933 options_test_data_t
*tdata
= NULL
;
3935 free_options_test_data(tdata
);
3936 tdata
= get_options_test_data("AccelName foo\n");
3937 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3938 tt_int_op(ret
, OP_EQ
, 0);
3939 tt_int_op(get_crypto_options(tdata
->opt
)->HardwareAccel
, OP_EQ
, 0);
3942 free_options_test_data(tdata
);
3943 tdata
= get_options_test_data("AccelName foo\n");
3944 get_crypto_options(tdata
->opt
)->HardwareAccel
= 2;
3945 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3946 tt_int_op(ret
, OP_EQ
, 0);
3947 tt_int_op(get_crypto_options(tdata
->opt
)->HardwareAccel
, OP_EQ
, 2);
3950 free_options_test_data(tdata
);
3951 tdata
= get_options_test_data("AccelDir 1\n");
3952 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3953 tt_int_op(ret
, OP_EQ
, -1);
3954 tt_str_op(msg
, OP_EQ
,
3955 "Can't use hardware crypto accelerator dir without engine name.");
3958 free_options_test_data(tdata
);
3959 tdata
= get_options_test_data("AccelDir 1\n"
3960 "AccelName something\n");
3961 ret
= options_validate(NULL
, tdata
->opt
, &msg
);
3962 tt_int_op(ret
, OP_EQ
, 0);
3966 policies_free_all();
3967 free_options_test_data(tdata
);
3971 static int mocked_granularity
;
3974 mock_set_log_time_granularity(int g
)
3976 mocked_granularity
= g
;
3980 test_options_init_logs_granularity(void *arg
)
3982 options_test_data_t
*tdata
= get_options_test_data("");
3986 MOCK(set_log_time_granularity
, mock_set_log_time_granularity
);
3988 /* Reasonable value. */
3989 tdata
->opt
->LogTimeGranularity
= 100;
3990 mocked_granularity
= -1;
3991 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
3992 tt_int_op(rv
, OP_EQ
, 0);
3993 tt_int_op(mocked_granularity
, OP_EQ
, 100);
3995 /* Doesn't divide 1000. */
3996 tdata
->opt
->LogTimeGranularity
= 249;
3997 mocked_granularity
= -1;
3998 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
3999 tt_int_op(rv
, OP_EQ
, 0);
4000 tt_int_op(mocked_granularity
, OP_EQ
, 250);
4002 /* Doesn't divide 1000. */
4003 tdata
->opt
->LogTimeGranularity
= 3;
4004 mocked_granularity
= -1;
4005 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4006 tt_int_op(rv
, OP_EQ
, 0);
4007 tt_int_op(mocked_granularity
, OP_EQ
, 4);
4009 /* Not a multiple of 1000. */
4010 tdata
->opt
->LogTimeGranularity
= 1500;
4011 mocked_granularity
= -1;
4012 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4013 tt_int_op(rv
, OP_EQ
, 0);
4014 tt_int_op(mocked_granularity
, OP_EQ
, 2000);
4016 /* Reasonable value. */
4017 tdata
->opt
->LogTimeGranularity
= 3000;
4018 mocked_granularity
= -1;
4019 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4020 tt_int_op(rv
, OP_EQ
, 0);
4021 tt_int_op(mocked_granularity
, OP_EQ
, 3000);
4023 /* Negative. (Shouldn't be allowed by rest of config parsing.) */
4024 tdata
->opt
->LogTimeGranularity
= -1;
4025 mocked_granularity
= -1;
4026 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4027 tt_int_op(rv
, OP_EQ
, -1);
4030 tdata
->opt
->LogTimeGranularity
= 3600 * 1000;
4031 mocked_granularity
= -1;
4032 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4033 tt_int_op(rv
, OP_EQ
, 0);
4034 tt_int_op(mocked_granularity
, OP_EQ
, 3600 * 1000);
4037 free_options_test_data(tdata
);
4038 UNMOCK(set_log_time_granularity
);
4043 log_severity_list_t sev
;
4048 static smartlist_t
*added_logs
= NULL
;
4051 mock_add_stream_log_impl(const log_severity_list_t
*sev
, const char *name
,
4054 added_log_t
*a
= tor_malloc_zero(sizeof(added_log_t
));
4055 a
->name
= tor_strdup(name
);
4056 memcpy(&a
->sev
, sev
, sizeof(log_severity_list_t
));
4059 smartlist_add(added_logs
, a
);
4063 mock_add_file_log(const log_severity_list_t
*sev
, const char *name
, int fd
)
4065 added_log_t
*a
= tor_malloc_zero(sizeof(added_log_t
));
4066 a
->name
= tor_strdup(name
);
4067 memcpy(&a
->sev
, sev
, sizeof(log_severity_list_t
));
4069 smartlist_add(added_logs
, a
);
4074 clear_added_logs(void)
4076 SMARTLIST_FOREACH(added_logs
, added_log_t
*, a
,
4077 { tor_free(a
->name
); tor_free(a
); });
4078 smartlist_clear(added_logs
);
4082 test_options_init_logs_quiet(void *arg
)
4086 options_test_data_t
*tdata
= get_options_test_data("");
4087 char *fn1
= tor_strdup(get_fname_rnd("log"));
4088 const added_log_t
*a
;
4090 tdata
->opt
->RunAsDaemon
= 0;
4092 added_logs
= smartlist_new();
4093 MOCK(add_stream_log_impl
, mock_add_stream_log_impl
);
4094 MOCK(add_file_log
, mock_add_file_log
);
4096 tt_ptr_op(tdata
->opt
->Logs
, OP_EQ
, NULL
);
4098 /* First, try with no configured logs, and make sure that our configured
4099 logs match the quiet level. */
4100 quiet_level
= QUIET_SILENT
;
4101 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4102 tt_int_op(rv
, OP_EQ
, 0);
4103 tt_int_op(smartlist_len(added_logs
), OP_EQ
, 0);
4105 quiet_level
= QUIET_HUSH
;
4106 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4107 tt_int_op(rv
, OP_EQ
, 0);
4108 tt_int_op(smartlist_len(added_logs
), OP_EQ
, 1);
4109 a
= smartlist_get(added_logs
, 0);
4111 tt_assert(a
->stream
);
4112 tt_int_op(a
->fd
, OP_EQ
, fileno(stdout
));
4113 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_INFO
)], OP_EQ
, 0);
4114 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_NOTICE
)], OP_EQ
, 0);
4115 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_WARN
)], OP_EQ
, LD_ALL_DOMAINS
);
4118 quiet_level
= QUIET_NONE
;
4119 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4120 tt_int_op(rv
, OP_EQ
, 0);
4121 tt_int_op(smartlist_len(added_logs
), OP_EQ
, 1);
4122 a
= smartlist_get(added_logs
, 0);
4124 tt_assert(a
->stream
);
4125 tt_int_op(a
->fd
, OP_EQ
, fileno(stdout
));
4126 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_INFO
)], OP_EQ
, 0);
4127 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_NOTICE
)], OP_EQ
,
4129 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_WARN
)], OP_EQ
, LD_ALL_DOMAINS
);
4132 /* Make sure that adding a configured log makes the default logs go away. */
4133 tor_asprintf(&cfg
, "Log info file %s\n", fn1
);
4134 free_options_test_data(tdata
);
4135 tdata
= get_options_test_data(cfg
);
4136 rv
= options_init_logs(NULL
, tdata
->opt
, 0);
4137 tt_int_op(rv
, OP_EQ
, 0);
4138 tt_int_op(smartlist_len(added_logs
), OP_EQ
, 1);
4139 a
= smartlist_get(added_logs
, 0);
4141 tt_assert(! a
->stream
);
4142 tt_int_op(a
->fd
, OP_NE
, fileno(stdout
));
4143 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_INFO
)], OP_EQ
, LD_ALL_DOMAINS
);
4144 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_NOTICE
)], OP_EQ
,
4146 tt_u64_op(a
->sev
.masks
[SEVERITY_MASK_IDX(LOG_WARN
)], OP_EQ
, LD_ALL_DOMAINS
);
4149 free_options_test_data(tdata
);
4153 smartlist_free(added_logs
);
4154 UNMOCK(add_stream_log_impl
);
4155 UNMOCK(add_file_log
);
4158 static int mock_options_act_status
= 0;
4160 mock_options_act(const or_options_t
*old_options
)
4163 return mock_options_act_status
;
4166 mock_options_act_reversible(const or_options_t
*old_options
, char **msg_out
)
4174 test_options_trial_assign(void *arg
)
4178 config_line_t
*lines
= NULL
;
4182 // replace options_act*() so that we don't actually launch tor here.
4183 MOCK(options_act
, mock_options_act
);
4184 MOCK(options_act_reversible
, mock_options_act_reversible
);
4186 // Try assigning nothing; that should work.
4187 v
= options_trial_assign(lines
, 0, &msg
);
4190 tt_ptr_op(msg
, OP_EQ
, NULL
);
4191 tt_int_op(v
, OP_EQ
, SETOPT_OK
);
4193 // Assigning a nickname is okay
4194 r
= config_get_lines("Nickname Hemiramphinae", &lines
, 0);
4195 tt_int_op(r
, OP_EQ
, 0);
4196 v
= options_trial_assign(lines
, 0, &msg
);
4197 tt_ptr_op(msg
, OP_EQ
, NULL
);
4198 tt_int_op(v
, OP_EQ
, SETOPT_OK
);
4199 tt_str_op(get_options()->Nickname
, OP_EQ
, "Hemiramphinae");
4200 config_free_lines(lines
);
4202 // We can't change the User; that's a transition error.
4203 r
= config_get_lines("User Heraclitus", &lines
, 0);
4204 tt_int_op(r
, OP_EQ
, 0);
4205 v
= options_trial_assign(lines
, 0, &msg
);
4206 tt_int_op(v
, OP_EQ
, SETOPT_ERR_TRANSITION
);
4207 tt_str_op(msg
, OP_EQ
, "While Tor is running, changing User is not allowed");
4209 config_free_lines(lines
);
4211 // We can't set the ORPort to nonsense: that's a validation error.
4212 r
= config_get_lines("ORPort fractabling planished", &lines
, 0);
4213 tt_int_op(r
, OP_EQ
, 0);
4214 v
= options_trial_assign(lines
, 0, &msg
);
4215 tt_int_op(v
, OP_EQ
, SETOPT_ERR_PARSE
); // (same error code for now)
4216 tt_str_op(msg
, OP_EQ
, "Invalid ORPort configuration");
4218 config_free_lines(lines
);
4220 // We can't set UseBridges to a non-boolean: that's a parse error.
4221 r
= config_get_lines("UseBridges ambidextrous", &lines
, 0);
4222 tt_int_op(r
, OP_EQ
, 0);
4223 v
= options_trial_assign(lines
, 0, &msg
);
4224 tt_int_op(v
, OP_EQ
, SETOPT_ERR_PARSE
);
4225 tt_str_op(msg
, OP_EQ
,
4226 "Could not parse UseBridges: Unrecognized value ambidextrous. "
4227 "Allowed values are 0 and 1.");
4229 config_free_lines(lines
);
4231 // this didn't change.
4232 tt_str_op(get_options()->Nickname
, OP_EQ
, "Hemiramphinae");
4235 config_free_lines(lines
);
4237 UNMOCK(options_act
);
4238 UNMOCK(options_act_reversible
);
4242 #define LOCAL_VALIDATE_TEST(name) \
4243 { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
4246 struct testcase_t options_tests
[] = {
4247 { "validate", test_options_validate
, TT_FORK
, NULL
, NULL
},
4248 { "mem_dircache", test_have_enough_mem_for_dircache
, TT_FORK
, NULL
, NULL
},
4249 LOCAL_VALIDATE_TEST(uname_for_server
),
4250 LOCAL_VALIDATE_TEST(outbound_addresses
),
4251 LOCAL_VALIDATE_TEST(data_directory
),
4252 LOCAL_VALIDATE_TEST(nickname
),
4253 LOCAL_VALIDATE_TEST(contactinfo
),
4254 LOCAL_VALIDATE_TEST(logs
),
4255 LOCAL_VALIDATE_TEST(authdir
),
4256 LOCAL_VALIDATE_TEST(relay_with_hidden_services
),
4257 LOCAL_VALIDATE_TEST(listen_ports
),
4258 LOCAL_VALIDATE_TEST(transproxy
),
4259 LOCAL_VALIDATE_TEST(exclude_nodes
),
4260 LOCAL_VALIDATE_TEST(node_families
),
4261 LOCAL_VALIDATE_TEST(token_bucket
),
4262 LOCAL_VALIDATE_TEST(fetch_dir
),
4263 LOCAL_VALIDATE_TEST(conn_limit
),
4264 LOCAL_VALIDATE_TEST(paths_needed
),
4265 LOCAL_VALIDATE_TEST(max_client_circuits
),
4266 LOCAL_VALIDATE_TEST(ports
),
4267 LOCAL_VALIDATE_TEST(reachable_addresses
),
4268 LOCAL_VALIDATE_TEST(use_bridges
),
4269 LOCAL_VALIDATE_TEST(entry_nodes
),
4270 LOCAL_VALIDATE_TEST(safe_logging
),
4271 LOCAL_VALIDATE_TEST(publish_server_descriptor
),
4272 LOCAL_VALIDATE_TEST(testing
),
4273 LOCAL_VALIDATE_TEST(hidserv
),
4274 LOCAL_VALIDATE_TEST(path_bias
),
4275 LOCAL_VALIDATE_TEST(bandwidth
),
4276 LOCAL_VALIDATE_TEST(circuits
),
4277 LOCAL_VALIDATE_TEST(rend
),
4278 LOCAL_VALIDATE_TEST(single_onion
),
4279 LOCAL_VALIDATE_TEST(accounting
),
4280 LOCAL_VALIDATE_TEST(proxy
),
4281 LOCAL_VALIDATE_TEST(control
),
4282 LOCAL_VALIDATE_TEST(families
),
4283 LOCAL_VALIDATE_TEST(addr_policies
),
4284 LOCAL_VALIDATE_TEST(dir_auth
),
4285 LOCAL_VALIDATE_TEST(transport
),
4286 LOCAL_VALIDATE_TEST(constrained_sockets
),
4287 LOCAL_VALIDATE_TEST(v3_auth
),
4288 LOCAL_VALIDATE_TEST(virtual_addr
),
4289 LOCAL_VALIDATE_TEST(testing_options
),
4290 LOCAL_VALIDATE_TEST(accel
),
4291 { "init_logs/granularity", test_options_init_logs_granularity
, TT_FORK
,
4293 { "init_logs/quiet", test_options_init_logs_quiet
, TT_FORK
,
4295 { "trial_assign", test_options_trial_assign
, TT_FORK
, NULL
, NULL
},
4296 END_OF_TESTCASES
/* */