search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace OnionService* with HiddenService* in option names
[tor.git] / src / test / test_options.c
blobbdcb318bb6eaca075d99641fc570039333938751
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #define CONFIG_PRIVATE
7 #include "or.h"
8 #include "confparse.h"
9 #include "config.h"
10 #include "test.h"
11 #include "geoip.h"
12
13 #define ROUTERSET_PRIVATE
14 #include "routerset.h"
15 #include "main.h"
16 #include "log_test_helpers.h"
17
18 #include "sandbox.h"
19 #include "memarea.h"
20 #include "policies.h"
21
22 #define NS_MODULE test_options
23
24 typedef struct {
25 int severity;
26 uint32_t domain;
27 char *msg;
28 } logmsg_t;
29
30 static smartlist_t *messages = NULL;
31
32 static void
33 log_cback(int severity, uint32_t domain, const char *msg)
34 {
35 logmsg_t *x = tor_malloc(sizeof(*x));
36 x->severity = severity;
37 x->domain = domain;
38 x->msg = tor_strdup(msg);
39 if (!messages)
40 messages = smartlist_new();
41 smartlist_add(messages, x);
42 }
43
44 static void
45 setup_log_callback(void)
46 {
47 log_severity_list_t lst;
48 memset(&lst, 0, sizeof(lst));
49 lst.masks[LOG_ERR - LOG_ERR] = ~0;
50 lst.masks[LOG_WARN - LOG_ERR] = ~0;
51 lst.masks[LOG_NOTICE - LOG_ERR] = ~0;
52 add_callback_log(&lst, log_cback);
53 mark_logs_temp();
54 }
55
56 static char *
57 dump_logs(void)
58 {
59 smartlist_t *msgs;
60 char *out;
61 if (! messages)
62 return tor_strdup("");
63 msgs = smartlist_new();
64 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, x) {
65 smartlist_add_asprintf(msgs, "[%s] %s",
66 log_level_to_string(x->severity), x->msg);
67 } SMARTLIST_FOREACH_END(x);
68 out = smartlist_join_strings(msgs, "", 0, NULL);
69 SMARTLIST_FOREACH(msgs, char *, cp, tor_free(cp));
70 smartlist_free(msgs);
71 return out;
72 }
73
74 static void
75 clear_log_messages(void)
76 {
77 if (!messages)
78 return;
79 SMARTLIST_FOREACH(messages, logmsg_t *, m,
80 { tor_free(m->msg); tor_free(m); });
81 smartlist_free(messages);
82 messages = NULL;
83 }
84
85 #define setup_options(opt,dflt) \
86 do { \
87 opt = options_new(); \
88 opt->command = CMD_RUN_TOR; \
89 options_init(opt); \
90 \
91 dflt = config_dup(&options_format, opt); \
92 clear_log_messages(); \
93 } while (0)
94
95 #define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45" \
96 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
97 " 083C 538F 4403 8BBF A077 587D D755\n"
98 #define VALID_ALT_BRIDGE_AUTH \
99 "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45" \
100 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
101 " 083C 538F 4403 8BBF A077 587D D755\n"
102 #define VALID_ALT_DIR_AUTH \
103 "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45" \
104 "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
105 " 083C 538F 4403 8BBF A077 587D D755\n"
106
107 static void
108 test_options_validate_impl(const char *configuration,
109 const char *expect_errmsg,
110 int expect_log_severity,
111 const char *expect_log)
112 {
113 or_options_t *opt=NULL;
114 or_options_t *dflt;
115 config_line_t *cl=NULL;
116 char *msg=NULL;
117 int r;
118
119 setup_options(opt, dflt);
120
121 r = config_get_lines(configuration, &cl, 1);
122 tt_int_op(r, OP_EQ, 0);
123
124 r = config_assign(&options_format, opt, cl, 0, &msg);
125 tt_int_op(r, OP_EQ, 0);
126
127 r = options_validate(NULL, opt, dflt, 0, &msg);
128 if (expect_errmsg && !msg) {
129 TT_DIE(("Expected error message <%s> from <%s>, but got none.",
130 expect_errmsg, configuration));
131 } else if (expect_errmsg && !strstr(msg, expect_errmsg)) {
132 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
133 expect_errmsg, configuration, msg));
134 } else if (!expect_errmsg && msg) {
135 TT_DIE(("Expected no error message from <%s> but got <%s>.",
136 configuration, msg));
137 }
138 tt_int_op((r == 0), OP_EQ, (msg == NULL));
139
140 if (expect_log) {
141 int found = 0;
142 if (messages) {
143 SMARTLIST_FOREACH_BEGIN(messages, logmsg_t *, m) {
144 if (m->severity == expect_log_severity &&
145 strstr(m->msg, expect_log)) {
146 found = 1;
147 break;
148 }
149 } SMARTLIST_FOREACH_END(m);
150 }
151 if (!found) {
152 tor_free(msg);
153 msg = dump_logs();
154 TT_DIE(("Expected log message [%s] %s from <%s>, but got <%s>.",
155 log_level_to_string(expect_log_severity), expect_log,
156 configuration, msg));
157 }
158 }
159
160 done:
161 escaped(NULL);
162 policies_free_all();
163 config_free_lines(cl);
164 or_options_free(opt);
165 or_options_free(dflt);
166 tor_free(msg);
167 clear_log_messages();
168 }
169
170 #define WANT_ERR(config, msg) \
171 test_options_validate_impl((config), (msg), 0, NULL)
172 #define WANT_LOG(config, severity, msg) \
173 test_options_validate_impl((config), NULL, (severity), (msg))
174 #define WANT_ERR_LOG(config, msg, severity, logmsg) \
175 test_options_validate_impl((config), (msg), (severity), (logmsg))
176 #define OK(config) \
177 test_options_validate_impl((config), NULL, 0, NULL)
178
179 static void
180 test_options_validate(void *arg)
181 {
182 (void)arg;
183 setup_log_callback();
184 sandbox_disable_getaddrinfo_cache();
185
186 WANT_ERR("ExtORPort 500000", "Invalid ExtORPort");
187
188 WANT_ERR_LOG("ServerTransportOptions trebuchet",
189 "ServerTransportOptions did not parse",
190 LOG_WARN, "Too few arguments");
191 OK("ServerTransportOptions trebuchet sling=snappy");
192 OK("ServerTransportOptions trebuchet sling=");
193 WANT_ERR_LOG("ServerTransportOptions trebuchet slingsnappy",
194 "ServerTransportOptions did not parse",
195 LOG_WARN, "\"slingsnappy\" is not a k=v");
196
197 WANT_ERR("DirPort 8080\nDirCache 0",
198 "DirPort configured but DirCache disabled.");
199 WANT_ERR("BridgeRelay 1\nDirCache 0",
200 "We're a bridge but DirCache is disabled.");
201
202 close_temp_logs();
203 clear_log_messages();
204 return;
205 }
206
207 #define MEGABYTEIFY(mb) (U64_LITERAL(mb) << 20)
208 static void
209 test_have_enough_mem_for_dircache(void *arg)
210 {
211 (void)arg;
212 or_options_t *opt=NULL;
213 or_options_t *dflt=NULL;
214 config_line_t *cl=NULL;
215 char *msg=NULL;;
216 int r;
217 const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg;
218
219 setup_options(opt, dflt);
220 setup_log_callback();
221 (void)dflt;
222
223 r = config_get_lines(configuration, &cl, 1);
224 tt_int_op(r, OP_EQ, 0);
225
226 r = config_assign(&options_format, opt, cl, 0, &msg);
227 tt_int_op(r, OP_EQ, 0);
228
229 /* 300 MB RAM available, DirCache enabled */
230 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
231 tt_int_op(r, OP_EQ, 0);
232 tt_assert(!msg);
233
234 /* 200 MB RAM available, DirCache enabled */
235 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
236 tt_int_op(r, OP_EQ, -1);
237 expect_errmsg = "Being a directory cache (default) with less than ";
238 if (!strstr(msg, expect_errmsg)) {
239 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
240 expect_errmsg, configuration, msg));
241 }
242 tor_free(msg);
243
244 config_free_lines(cl); cl = NULL;
245 configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1";
246 r = config_get_lines(configuration, &cl, 1);
247 tt_int_op(r, OP_EQ, 0);
248
249 r = config_assign(&options_format, opt, cl, 0, &msg);
250 tt_int_op(r, OP_EQ, 0);
251
252 /* 300 MB RAM available, DirCache enabled, Bridge */
253 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
254 tt_int_op(r, OP_EQ, 0);
255 tt_assert(!msg);
256
257 /* 200 MB RAM available, DirCache enabled, Bridge */
258 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
259 tt_int_op(r, OP_EQ, -1);
260 expect_errmsg = "Running a Bridge with less than ";
261 if (!strstr(msg, expect_errmsg)) {
262 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
263 expect_errmsg, configuration, msg));
264 }
265 tor_free(msg);
266
267 config_free_lines(cl); cl = NULL;
268 configuration = "ORPort 8080\nDirCache 0";
269 r = config_get_lines(configuration, &cl, 1);
270 tt_int_op(r, OP_EQ, 0);
271
272 r = config_assign(&options_format, opt, cl, 0, &msg);
273 tt_int_op(r, OP_EQ, 0);
274
275 /* 200 MB RAM available, DirCache disabled */
276 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
277 tt_int_op(r, OP_EQ, 0);
278 tt_assert(!msg);
279
280 /* 300 MB RAM available, DirCache disabled */
281 r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
282 tt_int_op(r, OP_EQ, -1);
283 expect_errmsg = "DirCache is disabled and we are configured as a ";
284 if (!strstr(msg, expect_errmsg)) {
285 TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
286 expect_errmsg, configuration, msg));
287 }
288 tor_free(msg);
289
290 clear_log_messages();
291
292 done:
293 if (msg)
294 tor_free(msg);
295 or_options_free(dflt);
296 or_options_free(opt);
297 config_free_lines(cl);
298 return;
299 }
300
301 static const char *fixed_get_uname_result = NULL;
302
303 static const char *
304 fixed_get_uname(void)
305 {
306 return fixed_get_uname_result;
307 }
308
309 #define TEST_OPTIONS_OLD_VALUES "TestingV3AuthInitialVotingInterval 1800\n" \
310 "ClientBootstrapConsensusMaxDownloadTries 7\n" \
311 "ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 4\n" \
312 "ClientBootstrapConsensusMaxInProgressTries 3\n" \
313 "TestingV3AuthInitialVoteDelay 300\n" \
314 "TestingV3AuthInitialDistDelay 300\n" \
315 "TestingClientMaxIntervalWithoutRequest 600\n" \
316 "TestingDirConnectionMaxStall 600\n" \
317 "TestingConsensusMaxDownloadTries 8\n" \
318 "TestingDescriptorMaxDownloadTries 8\n" \
319 "TestingMicrodescMaxDownloadTries 8\n" \
320 "TestingCertMaxDownloadTries 8\n"
321
322 #define TEST_OPTIONS_DEFAULT_VALUES TEST_OPTIONS_OLD_VALUES \
323 "MaxClientCircuitsPending 1\n" \
324 "RendPostPeriod 1000\n" \
325 "KeepAlivePeriod 1\n" \
326 "ConnLimit 1\n" \
327 "V3AuthVotingInterval 300\n" \
328 "V3AuthVoteDelay 20\n" \
329 "V3AuthDistDelay 20\n" \
330 "V3AuthNIntervalsValid 3\n" \
331 "ClientUseIPv4 1\n" \
332 "VirtualAddrNetworkIPv4 127.192.0.0/10\n" \
333 "VirtualAddrNetworkIPv6 [FE80::]/10\n" \
334 "SchedulerHighWaterMark__ 42\n" \
335 "SchedulerLowWaterMark__ 10\n"
336
337 typedef struct {
338 or_options_t *old_opt;
339 or_options_t *opt;
340 or_options_t *def_opt;
341 } options_test_data_t;
342
343 static void free_options_test_data(options_test_data_t *td);
344
345 static options_test_data_t *
346 get_options_test_data(const char *conf)
347 {
348 int rv = -1;
349 char *msg = NULL;
350 config_line_t *cl=NULL;
351 options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
352 result->opt = options_new();
353 result->old_opt = options_new();
354 result->def_opt = options_new();
355 rv = config_get_lines(conf, &cl, 1);
356 tt_assert(rv == 0);
357 rv = config_assign(&options_format, result->opt, cl, 0, &msg);
358 if (msg) {
359 /* Display the parse error message by comparing it with an empty string */
360 tt_str_op(msg, OP_EQ, "");
361 }
362 tt_assert(rv == 0);
363 config_free_lines(cl);
364 result->opt->LogTimeGranularity = 1;
365 result->opt->TokenBucketRefillInterval = 1;
366 rv = config_get_lines(TEST_OPTIONS_OLD_VALUES, &cl, 1);
367 tt_assert(rv == 0);
368 rv = config_assign(&options_format, result->def_opt, cl, 0, &msg);
369 if (msg) {
370 /* Display the parse error message by comparing it with an empty string */
371 tt_str_op(msg, OP_EQ, "");
372 }
373 tt_assert(rv == 0);
374
375 done:
376 config_free_lines(cl);
377 if (rv != 0) {
378 free_options_test_data(result);
379 result = NULL;
380 /* Callers expect a non-NULL result, so just die if we can't provide one.
381 */
382 tor_assert(0);
383 }
384 return result;
385 }
386
387 static void
388 free_options_test_data(options_test_data_t *td)
389 {
390 if (!td) return;
391 or_options_free(td->old_opt);
392 or_options_free(td->opt);
393 or_options_free(td->def_opt);
394 tor_free(td);
395 }
396
397 #define expect_log_msg(str) \
398 tt_assert_msg(mock_saved_log_has_message(str), \
399 "expected log to contain " # str);
400
401 #define expect_no_log_msg(str) \
402 tt_assert_msg(!mock_saved_log_has_message(str), \
403 "expected log to not contain " # str);
404
405 static void
406 test_options_validate__uname_for_server(void *ignored)
407 {
408 (void)ignored;
409 char *msg;
410 options_test_data_t *tdata = get_options_test_data(
411 "ORListenAddress 127.0.0.1:5555");
412 int previous_log = setup_capture_of_logs(LOG_WARN);
413
414 MOCK(get_uname, fixed_get_uname);
415 fixed_get_uname_result = "Windows 95";
416 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
417 expect_log_msg("Tor is running as a server, but you"
418 " are running Windows 95; this probably won't work. See https://www"
419 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
420 tor_free(msg);
421
422 fixed_get_uname_result = "Windows 98";
423 mock_clean_saved_logs();
424 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
425 expect_log_msg("Tor is running as a server, but you"
426 " are running Windows 98; this probably won't work. See https://www"
427 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
428 tor_free(msg);
429
430 fixed_get_uname_result = "Windows Me";
431 mock_clean_saved_logs();
432 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
433 expect_log_msg("Tor is running as a server, but you"
434 " are running Windows Me; this probably won't work. See https://www"
435 ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
436 tor_free(msg);
437
438 fixed_get_uname_result = "Windows 2000";
439 mock_clean_saved_logs();
440 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
441 expect_log_entry();
442 tor_free(msg);
443
444 done:
445 UNMOCK(get_uname);
446 free_options_test_data(tdata);
447 tor_free(msg);
448 teardown_capture_of_logs(previous_log);
449 }
450
451 static void
452 test_options_validate__outbound_addresses(void *ignored)
453 {
454 (void)ignored;
455 int ret;
456 char *msg;
457 options_test_data_t *tdata = get_options_test_data(
458 "OutboundBindAddress xxyy!!!sdfaf");
459
460 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
461 tt_int_op(ret, OP_EQ, -1);
462
463 done:
464 free_options_test_data(tdata);
465 tor_free(msg);
466 }
467
468 static void
469 test_options_validate__data_directory(void *ignored)
470 {
471 (void)ignored;
472 int ret;
473 char *msg;
474 options_test_data_t *tdata = get_options_test_data(
475 "DataDirectory longreallyl"
476 "ongLONGLONGlongreallylong"
477 "LONGLONGlongreallylongLON"
478 "GLONGlongreallylongLONGLO"
479 "NGlongreallylongLONGLONGl"
480 "ongreallylongLONGLONGlong"
481 "reallylongLONGLONGlongrea"
482 "llylongLONGLONGlongreally"
483 "longLONGLONGlongreallylon"
484 "gLONGLONGlongreallylongLO"
485 "NGLONGlongreallylongLONGL"
486 "ONGlongreallylongLONGLONG"
487 "longreallylongLONGLONGlon"
488 "greallylongLONGLONGlongre"
489 "allylongLONGLONGlongreall"
490 "ylongLONGLONGlongreallylo"
491 "ngLONGLONGlongreallylongL"
492 "ONGLONGlongreallylongLONG"
493 "LONG"); // 440 characters
494
495 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
496 tt_int_op(ret, OP_EQ, -1);
497 tt_str_op(msg, OP_EQ, "Invalid DataDirectory");
498
499 done:
500 free_options_test_data(tdata);
501 tor_free(msg);
502 }
503
504 static void
505 test_options_validate__nickname(void *ignored)
506 {
507 (void)ignored;
508 int ret;
509 char *msg;
510 options_test_data_t *tdata = get_options_test_data(
511 "Nickname ThisNickNameIsABitTooLong");
512
513 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
514 tt_int_op(ret, OP_EQ, -1);
515 tt_str_op(msg, OP_EQ,
516 "Nickname 'ThisNickNameIsABitTooLong', nicknames must be between "
517 "1 and 19 characters inclusive, and must contain only the "
518 "characters [a-zA-Z0-9].");
519 tor_free(msg);
520
521 free_options_test_data(tdata);
522 tdata = get_options_test_data("Nickname AMoreValidNick");
523 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
524 tt_int_op(ret, OP_EQ, -1);
525 tt_assert(!msg);
526
527 free_options_test_data(tdata);
528 tdata = get_options_test_data("DataDirectory /tmp/somewhere");
529 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
530 tt_int_op(ret, OP_EQ, -1);
531 tt_assert(!msg);
532
533 done:
534 free_options_test_data(tdata);
535 tor_free(msg);
536 }
537
538 static void
539 test_options_validate__contactinfo(void *ignored)
540 {
541 (void)ignored;
542 int ret;
543 char *msg;
544 options_test_data_t *tdata = get_options_test_data(
545 "ORListenAddress 127.0.0.1:5555\nORPort 955");
546 int previous_log = setup_capture_of_logs(LOG_DEBUG);
547 tdata->opt->ContactInfo = NULL;
548
549 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
550 tt_int_op(ret, OP_EQ, -1);
551 expect_log_msg(
552 "Your ContactInfo config option is not"
553 " set. Please consider setting it, so we can contact you if your"
554 " server is misconfigured or something else goes wrong.\n");
555 tor_free(msg);
556
557 free_options_test_data(tdata);
558 tdata = get_options_test_data("ORListenAddress 127.0.0.1:5555\nORPort 955\n"
559 "ContactInfo hella@example.org");
560 mock_clean_saved_logs();
561 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
562 tt_int_op(ret, OP_EQ, -1);
563 expect_no_log_msg(
564 "Your ContactInfo config option is not"
565 " set. Please consider setting it, so we can contact you if your"
566 " server is misconfigured or something else goes wrong.\n");
567 tor_free(msg);
568
569 done:
570 teardown_capture_of_logs(previous_log);
571 free_options_test_data(tdata);
572 tor_free(msg);
573 }
574
575 static void
576 test_options_validate__logs(void *ignored)
577 {
578 (void)ignored;
579 int ret;
580 (void)ret;
581 char *msg;
582 int orig_quiet_level = quiet_level;
583 options_test_data_t *tdata = get_options_test_data("");
584 tdata->opt->Logs = NULL;
585 tdata->opt->RunAsDaemon = 0;
586
587 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
588 tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
589 tt_str_op(tdata->opt->Logs->value, OP_EQ, "notice stdout");
590 tor_free(msg);
591
592 free_options_test_data(tdata);
593 tdata = get_options_test_data("");
594 tdata->opt->Logs = NULL;
595 tdata->opt->RunAsDaemon = 0;
596 quiet_level = 1;
597 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
598 tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
599 tt_str_op(tdata->opt->Logs->value, OP_EQ, "warn stdout");
600 tor_free(msg);
601
602 free_options_test_data(tdata);
603 tdata = get_options_test_data("");
604 tdata->opt->Logs = NULL;
605 tdata->opt->RunAsDaemon = 0;
606 quiet_level = 2;
607 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
608 tt_assert(!tdata->opt->Logs);
609 tor_free(msg);
610
611 free_options_test_data(tdata);
612 tdata = get_options_test_data("");
613 tdata->opt->Logs = NULL;
614 tdata->opt->RunAsDaemon = 0;
615 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 1, &msg);
616 tt_assert(!tdata->opt->Logs);
617 tor_free(msg);
618
619 free_options_test_data(tdata);
620 tdata = get_options_test_data("");
621 tdata->opt->Logs = NULL;
622 tdata->opt->RunAsDaemon = 1;
623 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
624 tt_assert(!tdata->opt->Logs);
625 tor_free(msg);
626
627 free_options_test_data(tdata);
628 tdata = get_options_test_data("");
629 tdata->opt->RunAsDaemon = 0;
630 config_line_t *cl=NULL;
631 config_get_lines("Log foo", &cl, 1);
632 tdata->opt->Logs = cl;
633 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
634 tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl);
635
636 done:
637 quiet_level = orig_quiet_level;
638 free_options_test_data(tdata);
639 tor_free(msg);
640 }
641
642 /* static config_line_t * */
643 /* mock_config_line(const char *key, const char *val) */
644 /* { */
645 /* config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
646 /* memset(config_line, 0, sizeof(config_line_t)); */
647 /* config_line->key = tor_strdup(key); */
648 /* config_line->value = tor_strdup(val); */
649 /* return config_line; */
650 /* } */
651
652 static void
653 test_options_validate__authdir(void *ignored)
654 {
655 (void)ignored;
656 int ret;
657 char *msg;
658 int previous_log = setup_capture_of_logs(LOG_INFO);
659 options_test_data_t *tdata = get_options_test_data(
660 "AuthoritativeDirectory 1\n"
661 "Address this.should.not_exist.example.org");
662
663 sandbox_disable_getaddrinfo_cache();
664
665 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
666 tt_int_op(ret, OP_EQ, -1);
667 tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
668 " details.");
669 expect_log_msg("Could not resolve local Address "
670 "'this.should.not_exist.example.org'. Failing.\n");
671 tor_free(msg);
672
673 free_options_test_data(tdata);
674 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
675 "Address 100.200.10.1");
676 mock_clean_saved_logs();
677 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
678 tt_int_op(ret, OP_EQ, -1);
679 tt_assert(!msg);
680
681 free_options_test_data(tdata);
682 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
683 "Address 100.200.10.1\n"
684 "SchedulerHighWaterMark__ 42\n"
685 "SchedulerLowWaterMark__ 10\n");
686 mock_clean_saved_logs();
687 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
688 tt_int_op(ret, OP_EQ, -1);
689 tt_str_op(msg, OP_EQ,
690 "Authoritative directory servers must set ContactInfo");
691 tor_free(msg);
692
693 free_options_test_data(tdata);
694 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
695 "Address 100.200.10.1\n"
696 "TestingTorNetwork 1\n"
697 "SchedulerHighWaterMark__ 42\n"
698 "SchedulerLowWaterMark__ 10\n");
699 mock_clean_saved_logs();
700 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
701 tt_int_op(ret, OP_EQ, -1);
702 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
703 "AuthoritativeDir is set.");
704 tor_free(msg);
705
706 free_options_test_data(tdata);
707 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
708 "Address 100.200.10.1\n"
709 "ContactInfo hello@hello.com\n"
710 "SchedulerHighWaterMark__ 42\n"
711 "SchedulerLowWaterMark__ 10\n");
712 mock_clean_saved_logs();
713 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
714 tt_int_op(ret, OP_EQ, -1);
715 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
716 "AuthoritativeDir is set.");
717 tor_free(msg);
718
719 free_options_test_data(tdata);
720 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
721 "Address 100.200.10.1\n"
722 "RecommendedVersions 1.2, 3.14\n"
723 "ContactInfo hello@hello.com\n"
724 "SchedulerHighWaterMark__ 42\n"
725 "SchedulerLowWaterMark__ 10\n");
726 mock_clean_saved_logs();
727 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
728 tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14");
729 tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14");
730 tor_free(msg);
731
732 free_options_test_data(tdata);
733 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
734 "Address 100.200.10.1\n"
735 "RecommendedVersions 1.2, 3.14\n"
736 "RecommendedClientVersions 25\n"
737 "RecommendedServerVersions 4.18\n"
738 "ContactInfo hello@hello.com\n"
739 "SchedulerHighWaterMark__ 42\n"
740 "SchedulerLowWaterMark__ 10\n");
741 mock_clean_saved_logs();
742 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
743 tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "25");
744 tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "4.18");
745 tor_free(msg);
746
747 free_options_test_data(tdata);
748 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
749 "Address 100.200.10.1\n"
750 "VersioningAuthoritativeDirectory 1\n"
751 "RecommendedVersions 1.2, 3.14\n"
752 "RecommendedClientVersions 25\n"
753 "RecommendedServerVersions 4.18\n"
754 "ContactInfo hello@hello.com\n"
755 "SchedulerHighWaterMark__ 42\n"
756 "SchedulerLowWaterMark__ 10\n");
757 mock_clean_saved_logs();
758 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
759 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
760 "AuthoritativeDir is set.");
761 tor_free(msg);
762
763 free_options_test_data(tdata);
764 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
765 "Address 100.200.10.1\n"
766 "VersioningAuthoritativeDirectory 1\n"
767 "RecommendedServerVersions 4.18\n"
768 "ContactInfo hello@hello.com\n"
769 "SchedulerHighWaterMark__ 42\n"
770 "SchedulerLowWaterMark__ 10\n");
771 mock_clean_saved_logs();
772 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
773 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
774 "Recommended*Versions.");
775 tor_free(msg);
776
777 free_options_test_data(tdata);
778 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
779 "Address 100.200.10.1\n"
780 "VersioningAuthoritativeDirectory 1\n"
781 "RecommendedClientVersions 4.18\n"
782 "ContactInfo hello@hello.com\n"
783 "SchedulerHighWaterMark__ 42\n"
784 "SchedulerLowWaterMark__ 10\n");
785 mock_clean_saved_logs();
786 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
787 tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
788 "Recommended*Versions.");
789 tor_free(msg);
790
791 free_options_test_data(tdata);
792 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
793 "Address 100.200.10.1\n"
794 "UseEntryGuards 1\n"
795 "ContactInfo hello@hello.com\n"
796 "SchedulerHighWaterMark__ 42\n"
797 "SchedulerLowWaterMark__ 10\n");
798 mock_clean_saved_logs();
799 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
800 expect_log_msg("Authoritative directory servers "
801 "can't set UseEntryGuards. Disabling.\n");
802 tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0);
803 tor_free(msg);
804
805 free_options_test_data(tdata);
806 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
807 "Address 100.200.10.1\n"
808 "V3AuthoritativeDir 1\n"
809 "ContactInfo hello@hello.com\n"
810 "SchedulerHighWaterMark__ 42\n"
811 "SchedulerLowWaterMark__ 10\n");
812 mock_clean_saved_logs();
813 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
814 expect_log_msg("Authoritative directories always try"
815 " to download extra-info documents. Setting DownloadExtraInfo.\n");
816 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
817 tor_free(msg);
818
819 free_options_test_data(tdata);
820 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
821 "Address 100.200.10.1\n"
822 "DownloadExtraInfo 1\n"
823 "V3AuthoritativeDir 1\n"
824 "ContactInfo hello@hello.com\n"
825 "SchedulerHighWaterMark__ 42\n"
826 "SchedulerLowWaterMark__ 10\n");
827 mock_clean_saved_logs();
828 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
829 expect_no_log_msg("Authoritative directories always try"
830 " to download extra-info documents. Setting DownloadExtraInfo.\n");
831 tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
832 tor_free(msg);
833
834 free_options_test_data(tdata);
835 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
836 "Address 100.200.10.1\n"
837 "ContactInfo hello@hello.com\n"
838 "SchedulerHighWaterMark__ 42\n"
839 "SchedulerLowWaterMark__ 10\n");
840 mock_clean_saved_logs();
841 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
842 tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
843 "AuthoritativeDir is set.");
844 tor_free(msg);
845
846 free_options_test_data(tdata);
847 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
848 "Address 100.200.10.1\n"
849 "BridgeAuthoritativeDir 1\n"
850 "ContactInfo hello@hello.com\n"
851 "V3BandwidthsFile non-existant-file\n"
852 "SchedulerHighWaterMark__ 42\n"
853 "SchedulerLowWaterMark__ 10\n");
854 mock_clean_saved_logs();
855 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
856 tt_str_op(msg, OP_EQ,
857 "Running as authoritative directory, but no DirPort set.");
858 tor_free(msg);
859
860 free_options_test_data(tdata);
861 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
862 "Address 100.200.10.1\n"
863 "BridgeAuthoritativeDir 1\n"
864 "ContactInfo hello@hello.com\n"
865 "V3BandwidthsFile non-existant-file\n"
866 "SchedulerHighWaterMark__ 42\n"
867 "SchedulerLowWaterMark__ 10\n");
868 mock_clean_saved_logs();
869 options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
870 tt_str_op(msg, OP_EQ,
871 "Running as authoritative directory, but no DirPort set.");
872 tor_free(msg);
873
874 free_options_test_data(tdata);
875 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
876 "Address 100.200.10.1\n"
877 "BridgeAuthoritativeDir 1\n"
878 "ContactInfo hello@hello.com\n"
879 "GuardfractionFile non-existant-file\n"
880 "SchedulerHighWaterMark__ 42\n"
881 "SchedulerLowWaterMark__ 10\n");
882 mock_clean_saved_logs();
883 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
884 tt_str_op(msg, OP_EQ,
885 "Running as authoritative directory, but no DirPort set.");
886 tor_free(msg);
887
888 free_options_test_data(tdata);
889 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
890 "Address 100.200.10.1\n"
891 "BridgeAuthoritativeDir 1\n"
892 "ContactInfo hello@hello.com\n"
893 "GuardfractionFile non-existant-file\n"
894 "SchedulerHighWaterMark__ 42\n"
895 "SchedulerLowWaterMark__ 10\n");
896 mock_clean_saved_logs();
897 options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
898 tt_str_op(msg, OP_EQ,
899 "Running as authoritative directory, but no DirPort set.");
900 tor_free(msg);
901
902 free_options_test_data(tdata);
903 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
904 "Address 100.200.10.1\n"
905 "BridgeAuthoritativeDir 1\n"
906 "ContactInfo hello@hello.com\n"
907 "SchedulerHighWaterMark__ 42\n"
908 "SchedulerLowWaterMark__ 10\n");
909 mock_clean_saved_logs();
910 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
911 tt_int_op(ret, OP_EQ, -1);
912 tt_str_op(msg, OP_EQ,
913 "Running as authoritative directory, but no DirPort set.");
914 tor_free(msg);
915
916 free_options_test_data(tdata);
917 tdata = get_options_test_data("AuthoritativeDirectory 1\n"
918 "Address 100.200.10.1\n"
919 "DirPort 999\n"
920 "BridgeAuthoritativeDir 1\n"
921 "ContactInfo hello@hello.com\n"
922 "SchedulerHighWaterMark__ 42\n"
923 "SchedulerLowWaterMark__ 10\n");
924 mock_clean_saved_logs();
925 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
926 tt_int_op(ret, OP_EQ, -1);
927 tt_str_op(msg, OP_EQ,
928 "Running as authoritative directory, but no ORPort set.");
929 tor_free(msg);
930
931 // TODO: This case can't be reached, since clientonly is used to
932 // check when parsing port lines as well.
933 /* free_options_test_data(tdata); */
934 /* tdata = get_options_test_data("AuthoritativeDirectory 1\n" */
935 /* "Address 100.200.10.1\n" */
936 /* "DirPort 999\n" */
937 /* "ORPort 888\n" */
938 /* "ClientOnly 1\n" */
939 /* "BridgeAuthoritativeDir 1\n" */
940 /* "ContactInfo hello@hello.com\n" */
941 /* "SchedulerHighWaterMark__ 42\n" */
942 /* "SchedulerLowWaterMark__ 10\n"); */
943 /* mock_clean_saved_logs(); */
944 /* ret = options_validate(tdata->old_opt, tdata->opt, */
945 /* tdata->def_opt, 0, &msg); */
946 /* tt_int_op(ret, OP_EQ, -1); */
947 /* tt_str_op(msg, OP_EQ, "Running as authoritative directory, " */
948 /* "but ClientOnly also set."); */
949
950 done:
951 teardown_capture_of_logs(previous_log);
952 // sandbox_free_getaddrinfo_cache();
953 free_options_test_data(tdata);
954 tor_free(msg);
955 }
956
957 static void
958 test_options_validate__relay_with_hidden_services(void *ignored)
959 {
960 (void)ignored;
961 char *msg;
962 int previous_log = setup_capture_of_logs(LOG_DEBUG);
963 options_test_data_t *tdata = get_options_test_data(
964 "ORListenAddress 127.0.0.1:5555\n"
965 "ORPort 955\n"
966 "HiddenServiceDir "
967 "/Library/Tor/var/lib/tor/hidden_service/\n"
968 "HiddenServicePort 80 127.0.0.1:8080\n"
969 );
970
971 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
972 expect_log_msg(
973 "Tor is currently configured as a relay and a hidden service. "
974 "That's not very secure: you should probably run your hidden servi"
975 "ce in a separate Tor process, at least -- see "
976 "https://trac.torproject.org/8742\n");
977
978 done:
979 teardown_capture_of_logs(previous_log);
980 free_options_test_data(tdata);
981 tor_free(msg);
982 }
983
984 // TODO: it doesn't seem possible to hit the case of having no port lines at
985 // all, since there will be a default created for SocksPort
986 /* static void */
987 /* test_options_validate__ports(void *ignored) */
988 /* { */
989 /* (void)ignored; */
990 /* int ret; */
991 /* char *msg; */
992 /* int previous_log = setup_capture_of_logs(LOG_WARN); */
993 /* options_test_data_t *tdata = get_options_test_data(""); */
994 /* ret = options_validate(tdata->old_opt, tdata->opt, */
995 /* tdata->def_opt, 0, &msg); */
996 /* expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort " */
997 /* "are all undefined, and there aren't any hidden services " */
998 /* "configured. " */
999 /* " Tor will still run, but probably won't do anything.\n"); */
1000 /* done: */
1001 /* teardown_capture_of_logs(previous_log); */
1002 /* free_options_test_data(tdata); */
1003 /* tor_free(msg); */
1004 /* } */
1005
1006 static void
1007 test_options_validate__transproxy(void *ignored)
1008 {
1009 (void)ignored;
1010 int ret;
1011 char *msg;
1012 options_test_data_t *tdata;
1013
1014 #ifdef USE_TRANSPARENT
1015 // Test default trans proxy
1016 tdata = get_options_test_data("TransProxyType default\n");
1017
1018 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1019 tt_int_op(ret, OP_EQ, -1);
1020 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT);
1021 tor_free(msg);
1022
1023 // Test pf-divert trans proxy
1024 free_options_test_data(tdata);
1025 tdata = get_options_test_data("TransProxyType pf-divert\n");
1026 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1027 tt_int_op(ret, OP_EQ, -1);
1028
1029 #if !defined(__OpenBSD__) && !defined( DARWIN )
1030 tt_str_op(msg, OP_EQ,
1031 "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
1032 #else
1033 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT);
1034 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without "
1035 "any valid TransPort or TransListenAddress.");
1036 #endif
1037 tor_free(msg);
1038
1039 // Test tproxy trans proxy
1040 free_options_test_data(tdata);
1041 tdata = get_options_test_data("TransProxyType tproxy\n");
1042 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1043 tt_int_op(ret, OP_EQ, -1);
1044
1045 #if !defined(__linux__)
1046 tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature.");
1047 #else
1048 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY);
1049 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1050 "TransPort or TransListenAddress.");
1051 #endif
1052 tor_free(msg);
1053
1054 // Test ipfw trans proxy
1055 free_options_test_data(tdata);
1056 tdata = get_options_test_data("TransProxyType ipfw\n");
1057 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1058 tt_int_op(ret, OP_EQ, -1);
1059
1060 #ifndef KERNEL_MAY_SUPPORT_IPFW
1061 tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specificand OS X/Darwin-specific "
1062 "feature.");
1063 #else
1064 tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW);
1065 tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
1066 "TransPort or TransListenAddress.");
1067 #endif
1068 tor_free(msg);
1069
1070 // Test unknown trans proxy
1071 free_options_test_data(tdata);
1072 tdata = get_options_test_data("TransProxyType non-existant\n");
1073 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1074 tt_int_op(ret, OP_EQ, -1);
1075 tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType");
1076 tor_free(msg);
1077
1078 // Test trans proxy success
1079 free_options_test_data(tdata);
1080 tdata = NULL;
1081
1082 #if defined(linux)
1083 tdata = get_options_test_data("TransProxyType tproxy\n"
1084 "TransPort 127.0.0.1:123\n");
1085 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1086 tt_int_op(ret, OP_EQ, -1);
1087 tt_assert(!msg);
1088 #endif
1089 #if defined(__FreeBSD_kernel__) || defined( DARWIN )
1090 tdata = get_options_test_data("TransProxyType ipfw\n"
1091 "TransPort 127.0.0.1:123\n");
1092 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1093 tt_int_op(ret, OP_EQ, -1);
1094 tt_assert(!msg);
1095 #endif
1096 #if defined(__OpenBSD__)
1097 tdata = get_options_test_data("TransProxyType pf-divert\n"
1098 "TransPort 127.0.0.1:123\n");
1099 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1100 tt_int_op(ret, OP_EQ, -1);
1101 tt_assert(!msg);
1102 #endif
1103
1104 // Assert that a test has run for some TransProxyType
1105 tt_assert(tdata);
1106
1107 #else
1108 tdata = get_options_test_data("TransPort 127.0.0.1:555\n");
1109
1110 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1111 tt_int_op(ret, OP_EQ, -1);
1112 tt_str_op(msg, OP_EQ, "TransPort and TransListenAddress are disabled in "
1113 "this build.");
1114 tor_free(msg);
1115 #endif
1116
1117 done:
1118 free_options_test_data(tdata);
1119 tor_free(msg);
1120 }
1121
1122 NS_DECL(country_t, geoip_get_country, (const char *country));
1123
1124 static country_t
1125 NS(geoip_get_country)(const char *countrycode)
1126 {
1127 (void)countrycode;
1128 CALLED(geoip_get_country)++;
1129
1130 return 1;
1131 }
1132
1133 static void
1134 test_options_validate__exclude_nodes(void *ignored)
1135 {
1136 (void)ignored;
1137
1138 NS_MOCK(geoip_get_country);
1139
1140 int ret;
1141 char *msg;
1142 int previous_log = setup_capture_of_logs(LOG_WARN);
1143 options_test_data_t *tdata = get_options_test_data(
1144 "ExcludeExitNodes {us}\n");
1145
1146 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1147 tt_int_op(ret, OP_EQ, -1);
1148 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1149 tt_str_op((char *)
1150 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1151 OP_EQ, "{us}");
1152 tor_free(msg);
1153
1154 free_options_test_data(tdata);
1155 tdata = get_options_test_data("ExcludeNodes {cn}\n");
1156 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1157 tt_int_op(ret, OP_EQ, -1);
1158 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
1159 tt_str_op((char *)
1160 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1161 OP_EQ, "{cn}");
1162 tor_free(msg);
1163
1164 free_options_test_data(tdata);
1165 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1166 "ExcludeExitNodes {us} {cn}\n");
1167 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1168 tt_int_op(ret, OP_EQ, -1);
1169 tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2);
1170 tt_str_op((char *)
1171 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
1172 OP_EQ, "{us} {cn}");
1173 tt_str_op((char *)
1174 (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)),
1175 OP_EQ, "{cn}");
1176 tor_free(msg);
1177
1178 free_options_test_data(tdata);
1179 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1180 "StrictNodes 1\n"
1181 "SchedulerHighWaterMark__ 42\n"
1182 "SchedulerLowWaterMark__ 10\n");
1183 mock_clean_saved_logs();
1184 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1185 tt_int_op(ret, OP_EQ, -1);
1186 expect_log_msg(
1187 "You have asked to exclude certain relays from all positions "
1188 "in your circuits. Expect hidden services and other Tor "
1189 "features to be broken in unpredictable ways.\n");
1190 tor_free(msg);
1191
1192 free_options_test_data(tdata);
1193 tdata = get_options_test_data("ExcludeNodes {cn}\n"
1194 "SchedulerHighWaterMark__ 42\n"
1195 "SchedulerLowWaterMark__ 10\n");
1196 mock_clean_saved_logs();
1197 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1198 tt_int_op(ret, OP_EQ, -1);
1199 expect_no_log_msg(
1200 "You have asked to exclude certain relays from all positions "
1201 "in your circuits. Expect hidden services and other Tor "
1202 "features to be broken in unpredictable ways.\n");
1203 tor_free(msg);
1204
1205 done:
1206 NS_UNMOCK(geoip_get_country);
1207 teardown_capture_of_logs(previous_log);
1208 free_options_test_data(tdata);
1209 tor_free(msg);
1210 }
1211
1212 static void
1213 test_options_validate__scheduler(void *ignored)
1214 {
1215 (void)ignored;
1216 int ret;
1217 char *msg;
1218 int previous_log = setup_capture_of_logs(LOG_DEBUG);
1219 options_test_data_t *tdata = get_options_test_data(
1220 "SchedulerLowWaterMark__ 0\n");
1221
1222 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1223 tt_int_op(ret, OP_EQ, -1);
1224 expect_log_msg("Bad SchedulerLowWaterMark__ option\n");
1225 tor_free(msg);
1226
1227 // TODO: this test cannot run on platforms where UINT32_MAX == UINT64_MAX.
1228 // I suspect it's unlikely this branch can actually happen
1229 /* free_options_test_data(tdata); */
1230 /* tdata = get_options_test_data( */
1231 /* "SchedulerLowWaterMark 10000000000000000000\n"); */
1232 /* tdata->opt->SchedulerLowWaterMark__ = (uint64_t)UINT32_MAX; */
1233 /* tdata->opt->SchedulerLowWaterMark__++; */
1234 /* mock_clean_saved_logs(); */
1235 /* ret = options_validate(tdata->old_opt, tdata->opt, */
1236 /* tdata->def_opt, 0, &msg); */
1237 /* tt_int_op(ret, OP_EQ, -1); */
1238 /* expect_log_msg("Bad SchedulerLowWaterMark__ option\n"); */
1239
1240 free_options_test_data(tdata);
1241 tdata = get_options_test_data("SchedulerLowWaterMark__ 42\n"
1242 "SchedulerHighWaterMark__ 42\n");
1243 mock_clean_saved_logs();
1244 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1245 tt_int_op(ret, OP_EQ, -1);
1246 expect_log_msg("Bad SchedulerHighWaterMark option\n");
1247 tor_free(msg);
1248
1249 done:
1250 teardown_capture_of_logs(previous_log);
1251 free_options_test_data(tdata);
1252 tor_free(msg);
1253 }
1254
1255 static void
1256 test_options_validate__node_families(void *ignored)
1257 {
1258 (void)ignored;
1259 int ret;
1260 char *msg;
1261 options_test_data_t *tdata = get_options_test_data(
1262 "NodeFamily flux, flax\n"
1263 "NodeFamily somewhere\n"
1264 "SchedulerHighWaterMark__ 42\n"
1265 "SchedulerLowWaterMark__ 10\n");
1266
1267 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1268 tt_int_op(ret, OP_EQ, -1);
1269 tt_assert(tdata->opt->NodeFamilySets);
1270 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2);
1271 tt_str_op((char *)(smartlist_get(
1272 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)),
1273 OP_EQ, "flux");
1274 tt_str_op((char *)(smartlist_get(
1275 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)),
1276 OP_EQ, "flax");
1277 tt_str_op((char *)(smartlist_get(
1278 ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)),
1279 OP_EQ, "somewhere");
1280 tor_free(msg);
1281
1282 free_options_test_data(tdata);
1283 tdata = get_options_test_data("SchedulerHighWaterMark__ 42\n"
1284 "SchedulerLowWaterMark__ 10\n");
1285
1286 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1287 tt_int_op(ret, OP_EQ, -1);
1288 tt_assert(!tdata->opt->NodeFamilySets);
1289 tor_free(msg);
1290
1291 free_options_test_data(tdata);
1292 tdata = get_options_test_data("NodeFamily !flux\n"
1293 "SchedulerHighWaterMark__ 42\n"
1294 "SchedulerLowWaterMark__ 10\n");
1295
1296 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1297 tt_int_op(ret, OP_EQ, -1);
1298 tt_assert(tdata->opt->NodeFamilySets);
1299 tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0);
1300 tor_free(msg);
1301
1302 done:
1303 free_options_test_data(tdata);
1304 tor_free(msg);
1305 }
1306
1307 static void
1308 test_options_validate__tlsec(void *ignored)
1309 {
1310 (void)ignored;
1311 int ret;
1312 char *msg;
1313 int previous_log = setup_capture_of_logs(LOG_DEBUG);
1314 options_test_data_t *tdata = get_options_test_data(
1315 "TLSECGroup ed25519\n"
1316 "SchedulerHighWaterMark__ 42\n"
1317 "SchedulerLowWaterMark__ 10\n");
1318
1319 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1320 tt_int_op(ret, OP_EQ, -1);
1321 expect_log_msg("Unrecognized TLSECGroup: Falling back to the default.\n");
1322 tt_assert(!tdata->opt->TLSECGroup);
1323 tor_free(msg);
1324
1325 free_options_test_data(tdata);
1326 tdata = get_options_test_data("TLSECGroup P224\n"
1327 "SchedulerHighWaterMark__ 42\n"
1328 "SchedulerLowWaterMark__ 10\n");
1329 mock_clean_saved_logs();
1330 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1331 tt_int_op(ret, OP_EQ, -1);
1332 expect_no_log_msg(
1333 "Unrecognized TLSECGroup: Falling back to the default.\n");
1334 tt_assert(tdata->opt->TLSECGroup);
1335 tor_free(msg);
1336
1337 free_options_test_data(tdata);
1338 tdata = get_options_test_data("TLSECGroup P256\n"
1339 "SchedulerHighWaterMark__ 42\n"
1340 "SchedulerLowWaterMark__ 10\n");
1341 mock_clean_saved_logs();
1342 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1343 tt_int_op(ret, OP_EQ, -1);
1344 expect_no_log_msg(
1345 "Unrecognized TLSECGroup: Falling back to the default.\n");
1346 tt_assert(tdata->opt->TLSECGroup);
1347 tor_free(msg);
1348
1349 done:
1350 teardown_capture_of_logs(previous_log);
1351 free_options_test_data(tdata);
1352 tor_free(msg);
1353 }
1354
1355 static void
1356 test_options_validate__token_bucket(void *ignored)
1357 {
1358 (void)ignored;
1359 int ret;
1360 char *msg;
1361 options_test_data_t *tdata = get_options_test_data("");
1362
1363 tdata->opt->TokenBucketRefillInterval = 0;
1364 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1365 tt_int_op(ret, OP_EQ, -1);
1366 tt_str_op(msg, OP_EQ,
1367 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1368 tor_free(msg);
1369
1370 tdata->opt->TokenBucketRefillInterval = 1001;
1371 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1372 tt_int_op(ret, OP_EQ, -1);
1373 tt_str_op(msg, OP_EQ,
1374 "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
1375 tor_free(msg);
1376
1377 done:
1378 free_options_test_data(tdata);
1379 tor_free(msg);
1380 }
1381
1382 static void
1383 test_options_validate__recommended_packages(void *ignored)
1384 {
1385 (void)ignored;
1386 int ret;
1387 char *msg;
1388 int previous_log = setup_capture_of_logs(LOG_WARN);
1389 options_test_data_t *tdata = get_options_test_data(
1390 "RecommendedPackages foo 1.2 http://foo.com sha1=123123123123\n"
1391 "RecommendedPackages invalid-package-line\n"
1392 "SchedulerHighWaterMark__ 42\n"
1393 "SchedulerLowWaterMark__ 10\n");
1394
1395 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1396 tt_int_op(ret, OP_EQ, -1);
1397 expect_no_log_msg("Invalid RecommendedPackage line "
1398 "invalid-package-line will be ignored\n");
1399
1400 done:
1401 escaped(NULL); // This will free the leaking memory from the previous escaped
1402 teardown_capture_of_logs(previous_log);
1403 free_options_test_data(tdata);
1404 tor_free(msg);
1405 }
1406
1407 static void
1408 test_options_validate__fetch_dir(void *ignored)
1409 {
1410 (void)ignored;
1411 int ret;
1412 char *msg;
1413 options_test_data_t *tdata = get_options_test_data(
1414 "FetchDirInfoExtraEarly 1\n"
1415 "FetchDirInfoEarly 0\n"
1416 "SchedulerHighWaterMark__ 42\n"
1417 "SchedulerLowWaterMark__ 10\n");
1418
1419 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1420 tt_int_op(ret, OP_EQ, -1);
1421 tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you"
1422 " also set FetchDirInfoEarly");
1423 tor_free(msg);
1424
1425 free_options_test_data(tdata);
1426 tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n"
1427 "FetchDirInfoEarly 1\n"
1428 "SchedulerHighWaterMark__ 42\n"
1429 "SchedulerLowWaterMark__ 10\n");
1430
1431 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1432 tt_int_op(ret, OP_EQ, -1);
1433 tt_str_op(msg, OP_NE, "FetchDirInfoExtraEarly requires that you"
1434 " also set FetchDirInfoEarly");
1435 tor_free(msg);
1436
1437 done:
1438 free_options_test_data(tdata);
1439 tor_free(msg);
1440 }
1441
1442 static void
1443 test_options_validate__conn_limit(void *ignored)
1444 {
1445 (void)ignored;
1446 int ret;
1447 char *msg;
1448 options_test_data_t *tdata = get_options_test_data(
1449 "ConnLimit 0\n"
1450 "SchedulerHighWaterMark__ 42\n"
1451 "SchedulerLowWaterMark__ 10\n");
1452
1453 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1454 tt_int_op(ret, OP_EQ, -1);
1455 tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
1456 tor_free(msg);
1457
1458 free_options_test_data(tdata);
1459 tdata = get_options_test_data("ConnLimit 1\n"
1460 "SchedulerHighWaterMark__ 42\n"
1461 "SchedulerLowWaterMark__ 10\n");
1462
1463 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1464 tt_int_op(ret, OP_EQ, -1);
1465 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024, "
1466 "but was set to 0");
1467 tor_free(msg);
1468
1469 done:
1470 free_options_test_data(tdata);
1471 tor_free(msg);
1472 }
1473
1474 static void
1475 test_options_validate__paths_needed(void *ignored)
1476 {
1477 (void)ignored;
1478 int ret;
1479 char *msg;
1480 int previous_log = setup_capture_of_logs(LOG_WARN);
1481 options_test_data_t *tdata = get_options_test_data(
1482 "PathsNeededToBuildCircuits 0.1\n"
1483 "ConnLimit 1\n"
1484 "SchedulerHighWaterMark__ 42\n"
1485 "SchedulerLowWaterMark__ 10\n");
1486
1487 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1488 tt_int_op(ret, OP_EQ, -1);
1489 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 &&
1490 tdata->opt->PathsNeededToBuildCircuits < 0.26);
1491 expect_log_msg("PathsNeededToBuildCircuits is too low. "
1492 "Increasing to 0.25\n");
1493 tor_free(msg);
1494
1495 free_options_test_data(tdata);
1496 mock_clean_saved_logs();
1497 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n"
1498 "ConnLimit 1\n"
1499 "SchedulerHighWaterMark__ 42\n"
1500 "SchedulerLowWaterMark__ 10\n");
1501
1502 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1503 tt_int_op(ret, OP_EQ, -1);
1504 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 &&
1505 tdata->opt->PathsNeededToBuildCircuits < 0.96);
1506 expect_log_msg("PathsNeededToBuildCircuits is "
1507 "too high. Decreasing to 0.95\n");
1508 tor_free(msg);
1509
1510 free_options_test_data(tdata);
1511 mock_clean_saved_logs();
1512 tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n"
1513 "ConnLimit 1\n"
1514 "SchedulerHighWaterMark__ 42\n"
1515 "SchedulerLowWaterMark__ 10\n");
1516
1517 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1518 tt_int_op(ret, OP_EQ, -1);
1519 tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 &&
1520 tdata->opt->PathsNeededToBuildCircuits < 0.92);
1521 expect_no_log_entry();
1522 tor_free(msg);
1523
1524 done:
1525 teardown_capture_of_logs(previous_log);
1526 free_options_test_data(tdata);
1527 tor_free(msg);
1528 }
1529
1530 static void
1531 test_options_validate__max_client_circuits(void *ignored)
1532 {
1533 (void)ignored;
1534 int ret;
1535 char *msg;
1536 options_test_data_t *tdata = get_options_test_data(
1537 "MaxClientCircuitsPending 0\n"
1538 "ConnLimit 1\n"
1539 "SchedulerHighWaterMark__ 42\n"
1540 "SchedulerLowWaterMark__ 10\n");
1541
1542 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1543 tt_int_op(ret, OP_EQ, -1);
1544 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1545 " but was set to 0");
1546 tor_free(msg);
1547
1548 free_options_test_data(tdata);
1549 tdata = get_options_test_data("MaxClientCircuitsPending 1025\n"
1550 "ConnLimit 1\n"
1551 "SchedulerHighWaterMark__ 42\n"
1552 "SchedulerLowWaterMark__ 10\n");
1553
1554 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1555 tt_int_op(ret, OP_EQ, -1);
1556 tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
1557 " but was set to 1025");
1558 tor_free(msg);
1559
1560 free_options_test_data(tdata);
1561 tdata = get_options_test_data("MaxClientCircuitsPending 1\n"
1562 "ConnLimit 1\n"
1563 "SchedulerHighWaterMark__ 42\n"
1564 "SchedulerLowWaterMark__ 10\n");
1565
1566 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1567 tt_int_op(ret, OP_EQ, -1);
1568 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1569 tor_free(msg);
1570
1571 done:
1572 free_options_test_data(tdata);
1573 tor_free(msg);
1574 }
1575
1576 static void
1577 test_options_validate__ports(void *ignored)
1578 {
1579 (void)ignored;
1580 int ret;
1581 char *msg;
1582 options_test_data_t *tdata = get_options_test_data(
1583 "FirewallPorts 65537\n"
1584 "MaxClientCircuitsPending 1\n"
1585 "ConnLimit 1\n"
1586 "SchedulerHighWaterMark__ 42\n"
1587 "SchedulerLowWaterMark__ 10\n");
1588
1589 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1590 tt_int_op(ret, OP_EQ, -1);
1591 tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts");
1592 tor_free(msg);
1593
1594 free_options_test_data(tdata);
1595 tdata = get_options_test_data("FirewallPorts 1\n"
1596 "LongLivedPorts 124444\n"
1597 "MaxClientCircuitsPending 1\n"
1598 "ConnLimit 1\n"
1599 "SchedulerHighWaterMark__ 42\n"
1600 "SchedulerLowWaterMark__ 10\n");
1601
1602 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1603 tt_int_op(ret, OP_EQ, -1);
1604 tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts");
1605 tor_free(msg);
1606
1607 free_options_test_data(tdata);
1608 tdata = get_options_test_data("FirewallPorts 1\n"
1609 "LongLivedPorts 2\n"
1610 "RejectPlaintextPorts 112233\n"
1611 "MaxClientCircuitsPending 1\n"
1612 "ConnLimit 1\n"
1613 "SchedulerHighWaterMark__ 42\n"
1614 "SchedulerLowWaterMark__ 10\n");
1615
1616 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1617 tt_int_op(ret, OP_EQ, -1);
1618 tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts");
1619 tor_free(msg);
1620
1621 free_options_test_data(tdata);
1622 tdata = get_options_test_data("FirewallPorts 1\n"
1623 "LongLivedPorts 2\n"
1624 "RejectPlaintextPorts 3\n"
1625 "WarnPlaintextPorts 65536\n"
1626 "MaxClientCircuitsPending 1\n"
1627 "ConnLimit 1\n"
1628 "SchedulerHighWaterMark__ 42\n"
1629 "SchedulerLowWaterMark__ 10\n");
1630
1631 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1632 tt_int_op(ret, OP_EQ, -1);
1633 tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts");
1634 tor_free(msg);
1635
1636 free_options_test_data(tdata);
1637 tdata = get_options_test_data("FirewallPorts 1\n"
1638 "LongLivedPorts 2\n"
1639 "RejectPlaintextPorts 3\n"
1640 "WarnPlaintextPorts 4\n"
1641 "MaxClientCircuitsPending 1\n"
1642 "ConnLimit 1\n"
1643 "SchedulerHighWaterMark__ 42\n"
1644 "SchedulerLowWaterMark__ 10\n");
1645
1646 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1647 tt_int_op(ret, OP_EQ, -1);
1648 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1649 tor_free(msg);
1650
1651 done:
1652 free_options_test_data(tdata);
1653 tor_free(msg);
1654 }
1655
1656 static void
1657 test_options_validate__reachable_addresses(void *ignored)
1658 {
1659 (void)ignored;
1660 int ret;
1661 char *msg;
1662 int previous_log = setup_capture_of_logs(LOG_NOTICE);
1663 options_test_data_t *tdata = get_options_test_data(
1664 "FascistFirewall 1\n"
1665 "MaxClientCircuitsPending 1\n"
1666 "ConnLimit 1\n"
1667 "SchedulerHighWaterMark__ 42\n"
1668 "SchedulerLowWaterMark__ 10\n");
1669
1670 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1671 tt_int_op(ret, OP_EQ, -1);
1672 expect_log_msg("Converting FascistFirewall config "
1673 "option to new format: \"ReachableDirAddresses *:80\"\n");
1674 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80");
1675 expect_log_msg("Converting FascistFirewall config "
1676 "option to new format: \"ReachableORAddresses *:443\"\n");
1677 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443");
1678 tor_free(msg);
1679
1680 free_options_test_data(tdata);
1681 mock_clean_saved_logs();
1682 tdata = get_options_test_data("FascistFirewall 1\n"
1683 "ReachableDirAddresses *:81\n"
1684 "ReachableORAddresses *:444\n"
1685 "MaxClientCircuitsPending 1\n"
1686 "ConnLimit 1\n"
1687 "SchedulerHighWaterMark__ 42\n"
1688 "SchedulerLowWaterMark__ 10\n");
1689 tdata->opt->FirewallPorts = smartlist_new();
1690 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1691 tt_int_op(ret, OP_EQ, -1);
1692 expect_log_entry();
1693 tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81");
1694 tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444");
1695 tor_free(msg);
1696
1697 free_options_test_data(tdata);
1698 mock_clean_saved_logs();
1699 tdata = get_options_test_data("FascistFirewall 1\n"
1700 "FirewallPort 123\n"
1701 "MaxClientCircuitsPending 1\n"
1702 "ConnLimit 1\n"
1703 "SchedulerHighWaterMark__ 42\n"
1704 "SchedulerLowWaterMark__ 10\n");
1705
1706 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1707 tt_int_op(ret, OP_EQ, -1);
1708 expect_log_msg("Converting FascistFirewall and "
1709 "FirewallPorts config options to new format: "
1710 "\"ReachableAddresses *:123\"\n");
1711 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123");
1712 tor_free(msg);
1713
1714 free_options_test_data(tdata);
1715 mock_clean_saved_logs();
1716 tdata = get_options_test_data("FascistFirewall 1\n"
1717 "ReachableAddresses *:82\n"
1718 "ReachableAddresses *:83\n"
1719 "ReachableAddresses reject *:*\n"
1720 "MaxClientCircuitsPending 1\n"
1721 "ConnLimit 1\n"
1722 "SchedulerHighWaterMark__ 42\n"
1723 "SchedulerLowWaterMark__ 10\n");
1724
1725 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1726 tt_int_op(ret, OP_EQ, -1);
1727 expect_log_entry();
1728 tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
1729 tor_free(msg);
1730
1731 #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
1732 " the rest of the Internet, so they must not set Reachable*Addresses or" \
1733 " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
1734
1735 free_options_test_data(tdata);
1736 tdata = get_options_test_data("ReachableAddresses *:82\n"
1737 "ORListenAddress 127.0.0.1:5555\n"
1738 "ORPort 955\n"
1739 "MaxClientCircuitsPending 1\n"
1740 "ConnLimit 1\n"
1741 "SchedulerHighWaterMark__ 42\n"
1742 "SchedulerLowWaterMark__ 10\n");
1743
1744 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1745 tt_int_op(ret, OP_EQ, -1);
1746 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1747 tor_free(msg);
1748
1749 free_options_test_data(tdata);
1750 tdata = get_options_test_data("ReachableORAddresses *:82\n"
1751 "ORListenAddress 127.0.0.1:5555\n"
1752 "ORPort 955\n"
1753 "MaxClientCircuitsPending 1\n"
1754 "ConnLimit 1\n"
1755 "SchedulerHighWaterMark__ 42\n"
1756 "SchedulerLowWaterMark__ 10\n");
1757
1758 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1759 tt_int_op(ret, OP_EQ, -1);
1760 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1761 tor_free(msg);
1762
1763 free_options_test_data(tdata);
1764 tdata = get_options_test_data("ReachableDirAddresses *:82\n"
1765 "ORListenAddress 127.0.0.1:5555\n"
1766 "ORPort 955\n"
1767 "MaxClientCircuitsPending 1\n"
1768 "ConnLimit 1\n"
1769 "SchedulerHighWaterMark__ 42\n"
1770 "SchedulerLowWaterMark__ 10\n");
1771
1772 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1773 tt_int_op(ret, OP_EQ, -1);
1774 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1775 tor_free(msg);
1776
1777 free_options_test_data(tdata);
1778 tdata = get_options_test_data("ClientUseIPv4 0\n"
1779 "ORListenAddress 127.0.0.1:5555\n"
1780 "ORPort 955\n"
1781 "MaxClientCircuitsPending 1\n"
1782 "ConnLimit 1\n"
1783 "SchedulerHighWaterMark__ 42\n"
1784 "SchedulerLowWaterMark__ 10\n");
1785
1786 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1787 tt_int_op(ret, OP_EQ, -1);
1788 tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
1789 tor_free(msg);
1790
1791 /* Test IPv4-only clients setting IPv6 preferences */
1792
1793 #define WARN_PLEASE_USE_IPV6_OR_LOG_MSG \
1794 "ClientPreferIPv6ORPort 1 is ignored unless tor is using IPv6. " \
1795 "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
1796
1797 #define WARN_PLEASE_USE_IPV6_DIR_LOG_MSG \
1798 "ClientPreferIPv6DirPort 1 is ignored unless tor is using IPv6. " \
1799 "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
1800
1801 free_options_test_data(tdata);
1802 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1803 "ClientUseIPv4 1\n"
1804 "ClientUseIPv6 0\n"
1805 "UseBridges 0\n"
1806 "ClientPreferIPv6ORPort 1\n");
1807
1808 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1809 tt_int_op(ret, OP_EQ, 0);
1810 expect_log_msg(WARN_PLEASE_USE_IPV6_OR_LOG_MSG);
1811 tor_free(msg);
1812
1813 free_options_test_data(tdata);
1814 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1815 "ClientUseIPv4 1\n"
1816 "ClientUseIPv6 0\n"
1817 "UseBridges 0\n"
1818 "ClientPreferIPv6DirPort 1\n");
1819
1820 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1821 tt_int_op(ret, OP_EQ, 0);
1822 expect_log_msg(WARN_PLEASE_USE_IPV6_DIR_LOG_MSG);
1823 tor_free(msg);
1824
1825 /* Now test an IPv4/IPv6 client setting IPv6 preferences */
1826
1827 free_options_test_data(tdata);
1828 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1829 "ClientUseIPv4 1\n"
1830 "ClientUseIPv6 1\n"
1831 "ClientPreferIPv6ORPort 1\n"
1832 "ClientPreferIPv6DirPort 1\n");
1833
1834 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1835 tt_int_op(ret, OP_EQ, 0);
1836 tt_ptr_op(msg, OP_EQ, NULL);
1837
1838 /* Now test an IPv6 client setting IPv6 preferences */
1839
1840 free_options_test_data(tdata);
1841 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1842 "ClientUseIPv6 1\n"
1843 "ClientPreferIPv6ORPort 1\n"
1844 "ClientPreferIPv6DirPort 1\n");
1845
1846 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1847 tt_int_op(ret, OP_EQ, 0);
1848 tt_ptr_op(msg, OP_EQ, NULL);
1849
1850 /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
1851
1852 free_options_test_data(tdata);
1853 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1854 "ClientUseIPv4 0\n"
1855 "ClientPreferIPv6ORPort 1\n"
1856 "ClientPreferIPv6DirPort 1\n");
1857
1858 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1859 tt_int_op(ret, OP_EQ, 0);
1860 tt_ptr_op(msg, OP_EQ, NULL);
1861
1862 /* And an implicit (bridge) client setting IPv6 preferences */
1863
1864 free_options_test_data(tdata);
1865 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1866 "UseBridges 1\n"
1867 "Bridge 127.0.0.1:12345\n"
1868 "ClientPreferIPv6ORPort 1\n"
1869 "ClientPreferIPv6DirPort 1\n");
1870
1871 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1872 tt_int_op(ret, OP_EQ, 0);
1873 tt_ptr_op(msg, OP_EQ, NULL);
1874
1875 done:
1876 teardown_capture_of_logs(previous_log);
1877 free_options_test_data(tdata);
1878 tor_free(msg);
1879 }
1880
1881 static void
1882 test_options_validate__use_bridges(void *ignored)
1883 {
1884 (void)ignored;
1885 int ret;
1886 char *msg;
1887 options_test_data_t *tdata = get_options_test_data(
1888 "UseBridges 1\n"
1889 "ClientUseIPv4 1\n"
1890 "ORListenAddress 127.0.0.1:5555\n"
1891 "ORPort 955\n"
1892 "MaxClientCircuitsPending 1\n"
1893 "ConnLimit 1\n"
1894 "SchedulerHighWaterMark__ 42\n"
1895 "SchedulerLowWaterMark__ 10\n");
1896
1897 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1898 tt_int_op(ret, OP_EQ, -1);
1899 tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
1900 " the Internet, so they must not set UseBridges.");
1901 tor_free(msg);
1902
1903 free_options_test_data(tdata);
1904 tdata = get_options_test_data("UseBridges 1\n"
1905 "MaxClientCircuitsPending 1\n"
1906 "ConnLimit 1\n"
1907 "SchedulerHighWaterMark__ 42\n"
1908 "SchedulerLowWaterMark__ 10\n");
1909
1910 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1911 tt_int_op(ret, OP_EQ, -1);
1912 tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of"
1913 " the Internet, so they must not set UseBridges.");
1914 tor_free(msg);
1915
1916 NS_MOCK(geoip_get_country);
1917 free_options_test_data(tdata);
1918 tdata = get_options_test_data("UseBridges 1\n"
1919 "EntryNodes {cn}\n"
1920 "MaxClientCircuitsPending 1\n"
1921 "ConnLimit 1\n"
1922 "SchedulerHighWaterMark__ 42\n"
1923 "SchedulerLowWaterMark__ 10\n");
1924
1925 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1926 tt_int_op(ret, OP_EQ, -1);
1927 tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes.");
1928 tor_free(msg);
1929
1930 free_options_test_data(tdata);
1931 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1932 "UseBridges 1\n");
1933
1934 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1935 tt_int_op(ret, OP_EQ, -1);
1936 tt_str_op(msg, OP_EQ,
1937 "If you set UseBridges, you must specify at least one bridge.");
1938 tor_free(msg);
1939
1940 free_options_test_data(tdata);
1941 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
1942 "UseBridges 1\n"
1943 "Bridge 10.0.0.1\n"
1944 "Bridge !!!\n"
1945 );
1946
1947 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1948 tt_int_op(ret, OP_EQ, -1);
1949 tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details.");
1950 tor_free(msg);
1951
1952 done:
1953 NS_UNMOCK(geoip_get_country);
1954 policies_free_all();
1955 free_options_test_data(tdata);
1956 tor_free(msg);
1957 }
1958
1959 static void
1960 test_options_validate__entry_nodes(void *ignored)
1961 {
1962 (void)ignored;
1963 int ret;
1964 char *msg;
1965 NS_MOCK(geoip_get_country);
1966 options_test_data_t *tdata = get_options_test_data(
1967 "EntryNodes {cn}\n"
1968 "UseEntryGuards 0\n"
1969 "MaxClientCircuitsPending 1\n"
1970 "ConnLimit 1\n"
1971 "SchedulerHighWaterMark__ 42\n"
1972 "SchedulerLowWaterMark__ 10\n");
1973
1974 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1975 tt_int_op(ret, OP_EQ, -1);
1976 tt_str_op(msg, OP_EQ,
1977 "If EntryNodes is set, UseEntryGuards must be enabled.");
1978 tor_free(msg);
1979
1980 free_options_test_data(tdata);
1981 tdata = get_options_test_data("EntryNodes {cn}\n"
1982 "UseEntryGuards 1\n"
1983 "MaxClientCircuitsPending 1\n"
1984 "ConnLimit 1\n"
1985 "SchedulerHighWaterMark__ 42\n"
1986 "SchedulerLowWaterMark__ 10\n");
1987
1988 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
1989 tt_int_op(ret, OP_EQ, -1);
1990 tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
1991 tor_free(msg);
1992
1993 done:
1994 NS_UNMOCK(geoip_get_country);
1995 free_options_test_data(tdata);
1996 tor_free(msg);
1997 }
1998
1999 static void
2000 test_options_validate__invalid_nodes(void *ignored)
2001 {
2002 (void)ignored;
2003 int ret;
2004 char *msg;
2005 options_test_data_t *tdata = get_options_test_data(
2006 "AllowInvalidNodes something_stupid\n"
2007 "MaxClientCircuitsPending 1\n"
2008 "ConnLimit 1\n"
2009 "SchedulerHighWaterMark__ 42\n"
2010 "SchedulerLowWaterMark__ 10\n");
2011
2012 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2013 tt_int_op(ret, OP_EQ, -1);
2014 tt_str_op(msg, OP_EQ,
2015 "Unrecognized value 'something_stupid' in AllowInvalidNodes");
2016 tor_free(msg);
2017
2018 free_options_test_data(tdata);
2019 tdata = get_options_test_data("AllowInvalidNodes entry, middle, exit\n"
2020 "MaxClientCircuitsPending 1\n"
2021 "ConnLimit 1\n"
2022 "SchedulerHighWaterMark__ 42\n"
2023 "SchedulerLowWaterMark__ 10\n");
2024
2025 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2026 tt_int_op(ret, OP_EQ, -1);
2027 tt_int_op(tdata->opt->AllowInvalid_, OP_EQ, ALLOW_INVALID_ENTRY |
2028 ALLOW_INVALID_EXIT | ALLOW_INVALID_MIDDLE);
2029 tor_free(msg);
2030
2031 free_options_test_data(tdata);
2032 tdata = get_options_test_data("AllowInvalidNodes introduction, rendezvous\n"
2033 "MaxClientCircuitsPending 1\n"
2034 "ConnLimit 1\n"
2035 "SchedulerHighWaterMark__ 42\n"
2036 "SchedulerLowWaterMark__ 10\n");
2037
2038 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2039 tt_int_op(ret, OP_EQ, -1);
2040 tt_int_op(tdata->opt->AllowInvalid_, OP_EQ, ALLOW_INVALID_INTRODUCTION |
2041 ALLOW_INVALID_RENDEZVOUS);
2042 tor_free(msg);
2043
2044 done:
2045 free_options_test_data(tdata);
2046 tor_free(msg);
2047 }
2048
2049 static void
2050 test_options_validate__safe_logging(void *ignored)
2051 {
2052 (void)ignored;
2053 int ret;
2054 char *msg;
2055 options_test_data_t *tdata = get_options_test_data(
2056 "MaxClientCircuitsPending 1\n"
2057 "ConnLimit 1\n"
2058 "SchedulerHighWaterMark__ 42\n"
2059 "SchedulerLowWaterMark__ 10\n");
2060
2061 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2062 tt_int_op(ret, OP_EQ, -1);
2063 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
2064 tor_free(msg);
2065
2066 free_options_test_data(tdata);
2067 tdata = get_options_test_data("SafeLogging 0\n"
2068 "MaxClientCircuitsPending 1\n"
2069 "ConnLimit 1\n"
2070 "SchedulerHighWaterMark__ 42\n"
2071 "SchedulerLowWaterMark__ 10\n");
2072
2073 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2074 tt_int_op(ret, OP_EQ, -1);
2075 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
2076 tor_free(msg);
2077
2078 free_options_test_data(tdata);
2079 tdata = get_options_test_data("SafeLogging Relay\n"
2080 "MaxClientCircuitsPending 1\n"
2081 "ConnLimit 1\n"
2082 "SchedulerHighWaterMark__ 42\n"
2083 "SchedulerLowWaterMark__ 10\n");
2084
2085 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2086 tt_int_op(ret, OP_EQ, -1);
2087 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY);
2088 tor_free(msg);
2089
2090 free_options_test_data(tdata);
2091 tdata = get_options_test_data("SafeLogging 1\n"
2092 "MaxClientCircuitsPending 1\n"
2093 "ConnLimit 1\n"
2094 "SchedulerHighWaterMark__ 42\n"
2095 "SchedulerLowWaterMark__ 10\n");
2096
2097 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2098 tt_int_op(ret, OP_EQ, -1);
2099 tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL);
2100 tor_free(msg);
2101
2102 free_options_test_data(tdata);
2103 tdata = get_options_test_data("SafeLogging stuffy\n"
2104 "MaxClientCircuitsPending 1\n"
2105 "ConnLimit 1\n"
2106 "SchedulerHighWaterMark__ 42\n"
2107 "SchedulerLowWaterMark__ 10\n");
2108
2109 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2110 tt_int_op(ret, OP_EQ, -1);
2111 tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging");
2112 tor_free(msg);
2113
2114 done:
2115 escaped(NULL); // This will free the leaking memory from the previous escaped
2116 free_options_test_data(tdata);
2117 tor_free(msg);
2118 }
2119
2120 static void
2121 test_options_validate__publish_server_descriptor(void *ignored)
2122 {
2123 (void)ignored;
2124 int ret;
2125 char *msg;
2126 int previous_log = setup_capture_of_logs(LOG_WARN);
2127 options_test_data_t *tdata = get_options_test_data(
2128 "PublishServerDescriptor bridge\n" TEST_OPTIONS_DEFAULT_VALUES
2129 );
2130
2131 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2132 tt_int_op(ret, OP_EQ, 0);
2133 tt_assert(!msg);
2134
2135 free_options_test_data(tdata);
2136 tdata = get_options_test_data("PublishServerDescriptor humma\n"
2137 TEST_OPTIONS_DEFAULT_VALUES);
2138
2139 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2140 tt_int_op(ret, OP_EQ, -1);
2141 tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor");
2142 tor_free(msg);
2143
2144 free_options_test_data(tdata);
2145 tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n"
2146 TEST_OPTIONS_DEFAULT_VALUES);
2147
2148 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2149 tt_int_op(ret, OP_EQ, -1);
2150 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
2151 "descriptors to the directory authorities. Please correct your "
2152 "PublishServerDescriptor line.");
2153 tor_free(msg);
2154
2155 free_options_test_data(tdata);
2156 tdata = get_options_test_data("BridgeRelay 1\n"
2157 "PublishServerDescriptor v3\n"
2158 TEST_OPTIONS_DEFAULT_VALUES);
2159
2160 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2161 tt_int_op(ret, OP_EQ, -1);
2162 tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
2163 "descriptors to the directory authorities. Please correct your "
2164 "PublishServerDescriptor line.");
2165 tor_free(msg);
2166
2167 free_options_test_data(tdata);
2168 tdata = get_options_test_data("BridgeRelay 1\n" TEST_OPTIONS_DEFAULT_VALUES);
2169
2170 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2171 tt_int_op(ret, OP_EQ, -1);
2172 tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router "
2173 "descriptors to the directory authorities. Please correct your "
2174 "PublishServerDescriptor line.");
2175 tor_free(msg);
2176
2177 free_options_test_data(tdata);
2178 tdata = get_options_test_data("BridgeRelay 1\n"
2179 "DirPort 999\n" TEST_OPTIONS_DEFAULT_VALUES);
2180
2181 mock_clean_saved_logs();
2182 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2183 tt_int_op(ret, OP_EQ, -1);
2184 expect_log_msg("Can't set a DirPort on a bridge "
2185 "relay; disabling DirPort\n");
2186 tt_assert(!tdata->opt->DirPort_lines);
2187 tt_assert(!tdata->opt->DirPort_set);
2188
2189 done:
2190 teardown_capture_of_logs(previous_log);
2191 policies_free_all();
2192 free_options_test_data(tdata);
2193 tor_free(msg);
2194 }
2195
2196 static void
2197 test_options_validate__testing(void *ignored)
2198 {
2199 (void)ignored;
2200 int ret;
2201 char *msg;
2202 options_test_data_t *tdata = NULL;
2203
2204 #define ENSURE_DEFAULT(varname, varval) \
2205 STMT_BEGIN \
2206 free_options_test_data(tdata); \
2207 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2208 #varname " " #varval "\n"); \
2209 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2210 tt_str_op(msg, OP_EQ, \
2211 #varname " may only be changed in testing Tor networks!"); \
2212 tt_int_op(ret, OP_EQ, -1); \
2213 tor_free(msg); \
2214 \
2215 free_options_test_data(tdata); \
2216 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2217 #varname " " #varval "\n" \
2218 VALID_DIR_AUTH \
2219 "TestingTorNetwork 1\n"); \
2220 \
2221 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2222 if (msg) { \
2223 tt_str_op(msg, OP_NE, \
2224 #varname " may only be changed in testing Tor networks!"); \
2225 tor_free(msg); \
2226 } \
2227 \
2228 free_options_test_data(tdata); \
2229 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
2230 #varname " " #varval "\n" \
2231 "___UsingTestNetworkDefaults 1\n"); \
2232 \
2233 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2234 if (msg) { \
2235 tt_str_op(msg, OP_NE, \
2236 #varname " may only be changed in testing Tor networks!"); \
2237 tor_free(msg); \
2238 } \
2239 STMT_END
2240
2241 ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600);
2242 ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000);
2243 ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000);
2244 ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000);
2245 ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000);
2246 ENSURE_DEFAULT(TestingEstimatedDescriptorPropagationTime, 3000);
2247 ENSURE_DEFAULT(TestingServerDownloadSchedule, 3000);
2248 ENSURE_DEFAULT(TestingClientDownloadSchedule, 3000);
2249 ENSURE_DEFAULT(TestingServerConsensusDownloadSchedule, 3000);
2250 ENSURE_DEFAULT(TestingClientConsensusDownloadSchedule, 3000);
2251 ENSURE_DEFAULT(TestingBridgeDownloadSchedule, 3000);
2252 ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
2253 ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
2254 ENSURE_DEFAULT(TestingConsensusMaxDownloadTries, 3000);
2255 ENSURE_DEFAULT(TestingDescriptorMaxDownloadTries, 3000);
2256 ENSURE_DEFAULT(TestingMicrodescMaxDownloadTries, 3000);
2257 ENSURE_DEFAULT(TestingCertMaxDownloadTries, 3000);
2258 ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000);
2259 ENSURE_DEFAULT(TestingLinkCertLifetime, 3000);
2260 ENSURE_DEFAULT(TestingSigningKeySlop, 3000);
2261 ENSURE_DEFAULT(TestingAuthKeySlop, 3000);
2262 ENSURE_DEFAULT(TestingLinkKeySlop, 3000);
2263
2264 done:
2265 escaped(NULL); // This will free the leaking memory from the previous escaped
2266 policies_free_all();
2267 free_options_test_data(tdata);
2268 tor_free(msg);
2269 }
2270
2271 static void
2272 test_options_validate__hidserv(void *ignored)
2273 {
2274 (void)ignored;
2275 int ret;
2276 char *msg;
2277 int previous_log = setup_capture_of_logs(LOG_WARN);
2278
2279 options_test_data_t *tdata = get_options_test_data(
2280 TEST_OPTIONS_DEFAULT_VALUES);
2281 tdata->opt->MinUptimeHidServDirectoryV2 = -1;
2282 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2283 tt_int_op(ret, OP_EQ, 0);
2284 expect_log_msg("MinUptimeHidServDirectoryV2 "
2285 "option must be at least 0 seconds. Changing to 0.\n");
2286 tt_int_op(tdata->opt->MinUptimeHidServDirectoryV2, OP_EQ, 0);
2287 tor_free(msg);
2288
2289 free_options_test_data(tdata);
2290 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2291 "RendPostPeriod 1\n" );
2292 mock_clean_saved_logs();
2293 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2294 tt_int_op(ret, OP_EQ, 0);
2295 expect_log_msg("RendPostPeriod option is too short;"
2296 " raising to 600 seconds.\n");
2297 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
2298 tor_free(msg);
2299
2300 free_options_test_data(tdata);
2301 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2302 "RendPostPeriod 302401\n" );
2303 mock_clean_saved_logs();
2304 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2305 tt_int_op(ret, OP_EQ, 0);
2306 expect_log_msg("RendPostPeriod is too large; "
2307 "clipping to 302400s.\n");
2308 tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
2309 tor_free(msg);
2310
2311 done:
2312 teardown_capture_of_logs(previous_log);
2313 policies_free_all();
2314 free_options_test_data(tdata);
2315 tor_free(msg);
2316 }
2317
2318 static void
2319 test_options_validate__predicted_ports(void *ignored)
2320 {
2321 (void)ignored;
2322 int ret;
2323 char *msg;
2324 int previous_log = setup_capture_of_logs(LOG_WARN);
2325
2326 options_test_data_t *tdata = get_options_test_data(
2327 "PredictedPortsRelevanceTime 100000000\n"
2328 TEST_OPTIONS_DEFAULT_VALUES);
2329 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2330 tt_int_op(ret, OP_EQ, 0);
2331 expect_log_msg("PredictedPortsRelevanceTime is too "
2332 "large; clipping to 3600s.\n");
2333 tt_int_op(tdata->opt->PredictedPortsRelevanceTime, OP_EQ, 3600);
2334
2335 done:
2336 teardown_capture_of_logs(previous_log);
2337 policies_free_all();
2338 free_options_test_data(tdata);
2339 tor_free(msg);
2340 }
2341
2342 static void
2343 test_options_validate__path_bias(void *ignored)
2344 {
2345 (void)ignored;
2346 int ret;
2347 char *msg;
2348
2349 options_test_data_t *tdata = get_options_test_data(
2350 TEST_OPTIONS_DEFAULT_VALUES
2351 "PathBiasNoticeRate 1.1\n");
2352 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2353 tt_int_op(ret, OP_EQ, -1);
2354 tt_str_op(msg, OP_EQ,
2355 "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
2356 tor_free(msg);
2357
2358 free_options_test_data(tdata);
2359 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2360 "PathBiasWarnRate 1.1\n");
2361 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2362 tt_int_op(ret, OP_EQ, -1);
2363 tt_str_op(msg, OP_EQ,
2364 "PathBiasWarnRate is too high. It must be between 0 and 1.0");
2365 tor_free(msg);
2366
2367 free_options_test_data(tdata);
2368 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2369 "PathBiasExtremeRate 1.1\n");
2370 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2371 tt_int_op(ret, OP_EQ, -1);
2372 tt_str_op(msg, OP_EQ,
2373 "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
2374 tor_free(msg);
2375
2376 free_options_test_data(tdata);
2377 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2378 "PathBiasNoticeUseRate 1.1\n");
2379 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2380 tt_int_op(ret, OP_EQ, -1);
2381 tt_str_op(msg, OP_EQ,
2382 "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
2383 tor_free(msg);
2384
2385 free_options_test_data(tdata);
2386 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2387 "PathBiasExtremeUseRate 1.1\n");
2388 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2389 tt_int_op(ret, OP_EQ, -1);
2390 tt_str_op(msg, OP_EQ,
2391 "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
2392 tor_free(msg);
2393
2394 done:
2395 free_options_test_data(tdata);
2396 tor_free(msg);
2397 }
2398
2399 static void
2400 test_options_validate__bandwidth(void *ignored)
2401 {
2402 (void)ignored;
2403 int ret;
2404 char *msg;
2405 options_test_data_t *tdata = NULL;
2406
2407 #define ENSURE_BANDWIDTH_PARAM(p) \
2408 STMT_BEGIN \
2409 free_options_test_data(tdata); \
2410 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES #p " 3Gb\n"); \
2411 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
2412 tt_int_op(ret, OP_EQ, -1); \
2413 tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
2414 tor_free(msg); \
2415 STMT_END
2416
2417 ENSURE_BANDWIDTH_PARAM(BandwidthRate);
2418 ENSURE_BANDWIDTH_PARAM(BandwidthBurst);
2419 ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth);
2420 ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate);
2421 ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst);
2422 ENSURE_BANDWIDTH_PARAM(PerConnBWRate);
2423 ENSURE_BANDWIDTH_PARAM(PerConnBWBurst);
2424 ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee);
2425 ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee);
2426
2427 free_options_test_data(tdata);
2428 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2429 "RelayBandwidthRate 1000\n");
2430 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2431 tt_int_op(ret, OP_EQ, 0);
2432 tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000);
2433 tor_free(msg);
2434
2435 free_options_test_data(tdata);
2436 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2437 "RelayBandwidthBurst 1001\n");
2438 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2439 tt_int_op(ret, OP_EQ, 0);
2440 tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001);
2441 tor_free(msg);
2442
2443 free_options_test_data(tdata);
2444 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2445 "RelayBandwidthRate 1001\n"
2446 "RelayBandwidthBurst 1000\n");
2447 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2448 tt_int_op(ret, OP_EQ, -1);
2449 tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to "
2450 "RelayBandwidthRate.");
2451 tor_free(msg);
2452
2453 free_options_test_data(tdata);
2454 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2455 "BandwidthRate 1001\n"
2456 "BandwidthBurst 1000\n");
2457 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2458 tt_int_op(ret, OP_EQ, -1);
2459 tt_str_op(msg, OP_EQ,
2460 "BandwidthBurst must be at least equal to BandwidthRate.");
2461 tor_free(msg);
2462
2463 free_options_test_data(tdata);
2464 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2465 "RelayBandwidthRate 1001\n"
2466 "BandwidthRate 1000\n"
2467 "BandwidthBurst 1000\n"
2468 );
2469 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2470 tt_int_op(ret, OP_EQ, 0);
2471 tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001);
2472 tor_free(msg);
2473
2474 free_options_test_data(tdata);
2475 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2476 "RelayBandwidthRate 1001\n"
2477 "BandwidthRate 1000\n"
2478 "RelayBandwidthBurst 1001\n"
2479 "BandwidthBurst 1000\n"
2480 );
2481 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2482 tt_int_op(ret, OP_EQ, 0);
2483 tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001);
2484 tor_free(msg);
2485
2486 free_options_test_data(tdata);
2487 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2488 "ORListenAddress 127.0.0.1:5555\n"
2489 "ORPort 955\n"
2490 "BandwidthRate 1\n"
2491 );
2492 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2493 tt_int_op(ret, OP_EQ, -1);
2494 tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers,"
2495 " it must be at least 76800.");
2496 tor_free(msg);
2497
2498 free_options_test_data(tdata);
2499 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2500 "ORListenAddress 127.0.0.1:5555\n"
2501 "ORPort 955\n"
2502 "BandwidthRate 76800\n"
2503 "MaxAdvertisedBandwidth 30000\n"
2504 );
2505 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2506 tt_int_op(ret, OP_EQ, -1);
2507 tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
2508 " For servers, it must be at least 38400.");
2509 tor_free(msg);
2510
2511 free_options_test_data(tdata);
2512 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2513 "ORListenAddress 127.0.0.1:5555\n"
2514 "ORPort 955\n"
2515 "BandwidthRate 76800\n"
2516 "RelayBandwidthRate 1\n"
2517 "MaxAdvertisedBandwidth 38400\n"
2518 );
2519 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2520 tt_int_op(ret, OP_EQ, -1);
2521 tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For "
2522 "servers, it must be at least 76800.");
2523 tor_free(msg);
2524
2525 free_options_test_data(tdata);
2526 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2527 "ORListenAddress 127.0.0.1:5555\n"
2528 "ORPort 955\n"
2529 "BandwidthRate 76800\n"
2530 "BandwidthBurst 76800\n"
2531 "RelayBandwidthRate 76800\n"
2532 "MaxAdvertisedBandwidth 38400\n"
2533 );
2534 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2535 tt_int_op(ret, OP_EQ, 0);
2536 tor_free(msg);
2537
2538 done:
2539 policies_free_all();
2540 free_options_test_data(tdata);
2541 tor_free(msg);
2542 }
2543
2544 static void
2545 test_options_validate__circuits(void *ignored)
2546 {
2547 (void)ignored;
2548 char *msg;
2549 options_test_data_t *tdata = NULL;
2550 int previous_log = setup_capture_of_logs(LOG_WARN);
2551
2552 free_options_test_data(tdata);
2553 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2554 "MaxCircuitDirtiness 2592001\n");
2555 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2556 expect_log_msg("MaxCircuitDirtiness option is too "
2557 "high; setting to 30 days.\n");
2558 tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000);
2559 tor_free(msg);
2560
2561 free_options_test_data(tdata);
2562 mock_clean_saved_logs();
2563 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2564 "CircuitStreamTimeout 1\n");
2565 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2566 expect_log_msg("CircuitStreamTimeout option is too"
2567 " short; raising to 10 seconds.\n");
2568 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10);
2569 tor_free(msg);
2570
2571 free_options_test_data(tdata);
2572 mock_clean_saved_logs();
2573 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2574 "CircuitStreamTimeout 111\n");
2575 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2576 expect_no_log_msg("CircuitStreamTimeout option is too"
2577 " short; raising to 10 seconds.\n");
2578 tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111);
2579 tor_free(msg);
2580
2581 free_options_test_data(tdata);
2582 mock_clean_saved_logs();
2583 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2584 "HeartbeatPeriod 1\n");
2585 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2586 expect_log_msg("HeartbeatPeriod option is too short;"
2587 " raising to 1800 seconds.\n");
2588 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800);
2589 tor_free(msg);
2590
2591 free_options_test_data(tdata);
2592 mock_clean_saved_logs();
2593 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2594 "HeartbeatPeriod 1982\n");
2595 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2596 expect_no_log_msg("HeartbeatPeriod option is too short;"
2597 " raising to 1800 seconds.\n");
2598 tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982);
2599 tor_free(msg);
2600
2601 free_options_test_data(tdata);
2602 mock_clean_saved_logs();
2603 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2604 "CircuitBuildTimeout 1\n"
2605 );
2606 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2607 expect_log_msg("CircuitBuildTimeout is shorter (1"
2608 " seconds) than the recommended minimum (10 seconds), and "
2609 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2610 "raise this value or enable LearnCircuitBuildTimeout.\n");
2611 tor_free(msg);
2612
2613 free_options_test_data(tdata);
2614 mock_clean_saved_logs();
2615 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2616 "CircuitBuildTimeout 11\n"
2617 );
2618 options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2619 expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
2620 "seconds) than the recommended minimum (10 seconds), and "
2621 "LearnCircuitBuildTimeout is disabled. If tor isn't working, "
2622 "raise this value or enable LearnCircuitBuildTimeout.\n");
2623 tor_free(msg);
2624
2625 done:
2626 policies_free_all();
2627 teardown_capture_of_logs(previous_log);
2628 free_options_test_data(tdata);
2629 tor_free(msg);
2630 }
2631
2632 static void
2633 test_options_validate__port_forwarding(void *ignored)
2634 {
2635 (void)ignored;
2636 int ret;
2637 char *msg;
2638 options_test_data_t *tdata = NULL;
2639
2640 free_options_test_data(tdata);
2641 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2642 "PortForwarding 1\nSandbox 1\n");
2643 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2644 tt_int_op(ret, OP_EQ, -1);
2645 tt_str_op(msg, OP_EQ, "PortForwarding is not compatible with Sandbox;"
2646 " at most one can be set");
2647 tor_free(msg);
2648
2649 free_options_test_data(tdata);
2650 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2651 "PortForwarding 1\nSandbox 0\n");
2652 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2653 tt_int_op(ret, OP_EQ, 0);
2654 tt_assert(!msg);
2655 tor_free(msg);
2656
2657 done:
2658 free_options_test_data(tdata);
2659 policies_free_all();
2660 tor_free(msg);
2661 }
2662
2663 static void
2664 test_options_validate__tor2web(void *ignored)
2665 {
2666 (void)ignored;
2667 int ret;
2668 char *msg;
2669 options_test_data_t *tdata = NULL;
2670
2671 free_options_test_data(tdata);
2672 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2673 "Tor2webRendezvousPoints 1\n");
2674 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2675 tt_int_op(ret, OP_EQ, -1);
2676 tt_str_op(msg, OP_EQ,
2677 "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
2678 tor_free(msg);
2679
2680 free_options_test_data(tdata);
2681 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2682 "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
2683 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2684 tt_int_op(ret, OP_EQ, 0);
2685 tor_free(msg);
2686
2687 done:
2688 policies_free_all();
2689 free_options_test_data(tdata);
2690 tor_free(msg);
2691 }
2692
2693 static void
2694 test_options_validate__rend(void *ignored)
2695 {
2696 (void)ignored;
2697 int ret;
2698 char *msg;
2699 options_test_data_t *tdata = NULL;
2700 int previous_log = setup_capture_of_logs(LOG_WARN);
2701
2702 free_options_test_data(tdata);
2703 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2704 "UseEntryGuards 0\n"
2705 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2706 "HiddenServicePort 80 127.0.0.1:8080\n"
2707 );
2708 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2709 tt_int_op(ret, OP_EQ, 0);
2710 expect_log_msg("UseEntryGuards is disabled, but you"
2711 " have configured one or more hidden services on this Tor "
2712 "instance. Your hidden services will be very easy to locate using"
2713 " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
2714 "attack06 for details.\n");
2715 tor_free(msg);
2716
2717 free_options_test_data(tdata);
2718 tdata = get_options_test_data(
2719 TEST_OPTIONS_DEFAULT_VALUES
2720 "UseEntryGuards 1\n"
2721 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2722 "HiddenServicePort 80 127.0.0.1:8080\n"
2723 );
2724 mock_clean_saved_logs();
2725 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2726 tt_int_op(ret, OP_EQ, 0);
2727 expect_no_log_msg("UseEntryGuards is disabled, but you"
2728 " have configured one or more hidden services on this Tor "
2729 "instance. Your hidden services will be very easy to locate using"
2730 " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
2731 "attack06 for details.\n");
2732
2733 free_options_test_data(tdata);
2734 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2735 "HiddenServicePort 80 127.0.0.1:8080\n"
2736 );
2737 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2738 tt_int_op(ret, OP_EQ, -1);
2739 tt_str_op(msg, OP_EQ,
2740 "Failed to configure rendezvous options. See logs for details.");
2741 tor_free(msg);
2742
2743 free_options_test_data(tdata);
2744 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2745 "HidServAuth failed\n"
2746 );
2747 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2748 tt_int_op(ret, OP_EQ, -1);
2749 tt_str_op(msg, OP_EQ, "Failed to configure client authorization for hidden "
2750 "services. See logs for details.");
2751 tor_free(msg);
2752
2753 done:
2754 policies_free_all();
2755 teardown_capture_of_logs(previous_log);
2756 free_options_test_data(tdata);
2757 tor_free(msg);
2758 }
2759
2760 static void
2761 test_options_validate__single_onion(void *ignored)
2762 {
2763 (void)ignored;
2764 int ret;
2765 char *msg;
2766 options_test_data_t *tdata = NULL;
2767 int previous_log = setup_capture_of_logs(LOG_WARN);
2768
2769 /* Test that HiddenServiceSingleHopMode must come with
2770 * HiddenServiceNonAnonymousMode */
2771 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2772 "SOCKSPort 0\n"
2773 "HiddenServiceSingleHopMode 1\n"
2774 );
2775 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2776 tt_int_op(ret, OP_EQ, -1);
2777 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2778 "server anonymity. It must be used with "
2779 "HiddenServiceNonAnonymousMode set to 1.");
2780 tor_free(msg);
2781 free_options_test_data(tdata);
2782
2783 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2784 "SOCKSPort 0\n"
2785 "HiddenServiceSingleHopMode 1\n"
2786 "HiddenServiceNonAnonymousMode 0\n"
2787 );
2788 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2789 tt_int_op(ret, OP_EQ, -1);
2790 tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
2791 "server anonymity. It must be used with "
2792 "HiddenServiceNonAnonymousMode set to 1.");
2793 tor_free(msg);
2794 free_options_test_data(tdata);
2795
2796 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2797 "SOCKSPort 0\n"
2798 "HiddenServiceSingleHopMode 1\n"
2799 "HiddenServiceNonAnonymousMode 1\n"
2800 );
2801 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2802 tt_int_op(ret, OP_EQ, 0);
2803 tt_ptr_op(msg, OP_EQ, NULL);
2804 free_options_test_data(tdata);
2805
2806 /* Test that SOCKSPort must come with Tor2webMode if
2807 * HiddenServiceSingleHopMode is 1 */
2808 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2809 "SOCKSPort 5000\n"
2810 "HiddenServiceSingleHopMode 1\n"
2811 "HiddenServiceNonAnonymousMode 1\n"
2812 "Tor2webMode 0\n"
2813 );
2814 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2815 tt_int_op(ret, OP_EQ, -1);
2816 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with "
2817 "using Tor as an anonymous client. Please set "
2818 "Socks/Trans/NATD/DNSPort to 0, or HiddenServiceNonAnonymousMode "
2819 "to 0, or use the non-anonymous Tor2webMode.");
2820 tor_free(msg);
2821 free_options_test_data(tdata);
2822
2823 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2824 "SOCKSPort 0\n"
2825 "HiddenServiceSingleHopMode 1\n"
2826 "HiddenServiceNonAnonymousMode 1\n"
2827 "Tor2webMode 0\n"
2828 );
2829 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2830 tt_int_op(ret, OP_EQ, 0);
2831 tt_ptr_op(msg, OP_EQ, NULL);
2832 free_options_test_data(tdata);
2833
2834 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2835 "SOCKSPort 5000\n"
2836 "HiddenServiceSingleHopMode 0\n"
2837 "Tor2webMode 0\n"
2838 );
2839 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2840 tt_int_op(ret, OP_EQ, 0);
2841 tt_ptr_op(msg, OP_EQ, NULL);
2842 free_options_test_data(tdata);
2843
2844 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2845 "SOCKSPort 5000\n"
2846 "HiddenServiceSingleHopMode 1\n"
2847 "HiddenServiceNonAnonymousMode 1\n"
2848 "Tor2webMode 1\n"
2849 );
2850 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2851 tt_int_op(ret, OP_EQ, 0);
2852 tt_ptr_op(msg, OP_EQ, NULL);
2853 free_options_test_data(tdata);
2854
2855 /* Test that a hidden service can't be run with Tor2web
2856 * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
2857 * Tor2webMode requires a compilation #define */
2858 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2859 "HiddenServiceNonAnonymousMode 1\n"
2860 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2861 "HiddenServicePort 80 127.0.0.1:8080\n"
2862 );
2863 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2864 tt_int_op(ret, OP_EQ, -1);
2865 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2866 "server anonymity. It must be used with "
2867 "HiddenServiceSingleHopMode set to 1.");
2868 tor_free(msg);
2869 free_options_test_data(tdata);
2870
2871 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2872 "HiddenServiceNonAnonymousMode 1\n"
2873 );
2874 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2875 tt_int_op(ret, OP_EQ, -1);
2876 tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
2877 "server anonymity. It must be used with "
2878 "HiddenServiceSingleHopMode set to 1.");
2879 free_options_test_data(tdata);
2880
2881 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2882 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2883 "HiddenServicePort 80 127.0.0.1:8080\n"
2884 );
2885 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2886 tt_int_op(ret, OP_EQ, 0);
2887 tt_ptr_op(msg, OP_EQ, NULL);
2888 free_options_test_data(tdata);
2889
2890 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2891 "HiddenServiceNonAnonymousMode 1\n"
2892 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2893 "HiddenServicePort 80 127.0.0.1:8080\n"
2894 "HiddenServiceSingleHopMode 1\n"
2895 "SOCKSPort 0\n"
2896 );
2897 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2898 tt_int_op(ret, OP_EQ, 0);
2899 tt_ptr_op(msg, OP_EQ, NULL);
2900
2901 done:
2902 policies_free_all();
2903 teardown_capture_of_logs(previous_log);
2904 free_options_test_data(tdata);
2905 tor_free(msg);
2906 }
2907
2908 static void
2909 test_options_validate__accounting(void *ignored)
2910 {
2911 (void)ignored;
2912 int ret;
2913 char *msg;
2914 options_test_data_t *tdata = NULL;
2915 int previous_log = setup_capture_of_logs(LOG_WARN);
2916
2917 free_options_test_data(tdata);
2918 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2919 "AccountingRule something_bad\n"
2920 );
2921 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2922 tt_int_op(ret, OP_EQ, -1);
2923 tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
2924 tor_free(msg);
2925
2926 free_options_test_data(tdata);
2927 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2928 "AccountingRule sum\n"
2929 );
2930 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2931 tt_int_op(ret, OP_EQ, 0);
2932 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM);
2933 tor_free(msg);
2934
2935 free_options_test_data(tdata);
2936 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2937 "AccountingRule max\n"
2938 );
2939 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2940 tt_int_op(ret, OP_EQ, 0);
2941 tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX);
2942 tor_free(msg);
2943
2944 free_options_test_data(tdata);
2945 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2946 "AccountingStart fail\n"
2947 );
2948 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2949 tt_int_op(ret, OP_EQ, -1);
2950 tt_str_op(msg, OP_EQ,
2951 "Failed to parse accounting options. See logs for details.");
2952 tor_free(msg);
2953
2954 free_options_test_data(tdata);
2955 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
2956 "AccountingMax 10\n"
2957 );
2958 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2959 tt_int_op(ret, OP_EQ, 0);
2960 tor_free(msg);
2961
2962 free_options_test_data(tdata);
2963 tdata = get_options_test_data(
2964 TEST_OPTIONS_DEFAULT_VALUES
2965 "ORListenAddress 127.0.0.1:5555\n"
2966 "ORPort 955\n"
2967 "BandwidthRate 76800\n"
2968 "BandwidthBurst 76800\n"
2969 "MaxAdvertisedBandwidth 38400\n"
2970 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2971 "HiddenServicePort 80 127.0.0.1:8080\n"
2972 "AccountingMax 10\n"
2973 );
2974 mock_clean_saved_logs();
2975 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2976 tt_int_op(ret, OP_EQ, 0);
2977 expect_log_msg("Using accounting with a hidden "
2978 "service and an ORPort is risky: your hidden service(s) and "
2979 "your public address will all turn off at the same time, "
2980 "which may alert observers that they are being run by the "
2981 "same party.\n");
2982 tor_free(msg);
2983
2984 free_options_test_data(tdata);
2985 tdata = get_options_test_data(
2986 TEST_OPTIONS_DEFAULT_VALUES
2987 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
2988 "HiddenServicePort 80 127.0.0.1:8080\n"
2989 "AccountingMax 10\n"
2990 );
2991 mock_clean_saved_logs();
2992 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
2993 tt_int_op(ret, OP_EQ, 0);
2994 expect_no_log_msg("Using accounting with a hidden "
2995 "service and an ORPort is risky: your hidden service(s) and "
2996 "your public address will all turn off at the same time, "
2997 "which may alert observers that they are being run by the "
2998 "same party.\n");
2999 tor_free(msg);
3000
3001 free_options_test_data(tdata);
3002 tdata = get_options_test_data(
3003 TEST_OPTIONS_DEFAULT_VALUES
3004 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
3005 "HiddenServicePort 80 127.0.0.1:8080\n"
3006 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
3007 "HiddenServicePort 81 127.0.0.1:8081\n"
3008 "AccountingMax 10\n"
3009 );
3010 mock_clean_saved_logs();
3011 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3012 tt_int_op(ret, OP_EQ, 0);
3013 expect_log_msg("Using accounting with multiple "
3014 "hidden services is risky: they will all turn off at the same"
3015 " time, which may alert observers that they are being run by "
3016 "the same party.\n");
3017 tor_free(msg);
3018
3019 done:
3020 teardown_capture_of_logs(previous_log);
3021 policies_free_all();
3022 free_options_test_data(tdata);
3023 tor_free(msg);
3024 }
3025
3026 static void
3027 test_options_validate__proxy(void *ignored)
3028 {
3029 (void)ignored;
3030 int ret;
3031 char *msg;
3032 options_test_data_t *tdata = NULL;
3033 sandbox_disable_getaddrinfo_cache();
3034 int previous_log = setup_capture_of_logs(LOG_WARN);
3035
3036 free_options_test_data(tdata);
3037 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3038 "HttpProxy 127.0.42.1\n"
3039 );
3040 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3041 tt_int_op(ret, OP_EQ, 0);
3042 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80);
3043 tor_free(msg);
3044
3045 free_options_test_data(tdata);
3046 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3047 "HttpProxy 127.0.42.1:444\n"
3048 );
3049 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3050 tt_int_op(ret, OP_EQ, 0);
3051 tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444);
3052 tor_free(msg);
3053
3054 free_options_test_data(tdata);
3055 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3056 "HttpProxy not_so_valid!\n"
3057 );
3058 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3059 tt_int_op(ret, OP_EQ, -1);
3060 tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix.");
3061 tor_free(msg);
3062
3063 free_options_test_data(tdata);
3064 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3065 "HttpProxyAuthenticator "
3066 "onetwothreonetwothreonetwothreonetwothreonetw"
3067 "othreonetwothreonetwothreonetwothreonetwothre"
3068 "onetwothreonetwothreonetwothreonetwothreonetw"
3069 "othreonetwothreonetwothreonetwothreonetwothre"
3070 "onetwothreonetwothreonetwothreonetwothreonetw"
3071 "othreonetwothreonetwothreonetwothreonetwothre"
3072 "onetwothreonetwothreonetwothreonetwothreonetw"
3073 "othreonetwothreonetwothreonetwothreonetwothre"
3074 "onetwothreonetwothreonetwothreonetwothreonetw"
3075 "othreonetwothreonetwothreonetwothreonetwothre"
3076 "onetwothreonetwothreonetwothreonetwothreonetw"
3077 "othreonetwothreeonetwothreeonetwothree"
3078
3079 );
3080 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3081 tt_int_op(ret, OP_EQ, -1);
3082 tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars).");
3083 tor_free(msg);
3084
3085 free_options_test_data(tdata);
3086 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3087 "HttpProxyAuthenticator validauth\n"
3088
3089 );
3090 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3091 tt_int_op(ret, OP_EQ, 0);
3092 tor_free(msg);
3093
3094 free_options_test_data(tdata);
3095 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3096 "HttpsProxy 127.0.42.1\n"
3097 );
3098 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3099 tt_int_op(ret, OP_EQ, 0);
3100 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443);
3101 tor_free(msg);
3102
3103 free_options_test_data(tdata);
3104 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3105 "HttpsProxy 127.0.42.1:444\n"
3106 );
3107 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3108 tt_int_op(ret, OP_EQ, 0);
3109 tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444);
3110 tor_free(msg);
3111
3112 free_options_test_data(tdata);
3113 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3114 "HttpsProxy not_so_valid!\n"
3115 );
3116 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3117 tt_int_op(ret, OP_EQ, -1);
3118 tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix.");
3119 tor_free(msg);
3120
3121 free_options_test_data(tdata);
3122 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3123 "HttpsProxyAuthenticator "
3124 "onetwothreonetwothreonetwothreonetwothreonetw"
3125 "othreonetwothreonetwothreonetwothreonetwothre"
3126 "onetwothreonetwothreonetwothreonetwothreonetw"
3127 "othreonetwothreonetwothreonetwothreonetwothre"
3128 "onetwothreonetwothreonetwothreonetwothreonetw"
3129 "othreonetwothreonetwothreonetwothreonetwothre"
3130 "onetwothreonetwothreonetwothreonetwothreonetw"
3131 "othreonetwothreonetwothreonetwothreonetwothre"
3132 "onetwothreonetwothreonetwothreonetwothreonetw"
3133 "othreonetwothreonetwothreonetwothreonetwothre"
3134 "onetwothreonetwothreonetwothreonetwothreonetw"
3135 "othreonetwothreeonetwothreeonetwothree"
3136
3137 );
3138 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3139 tt_int_op(ret, OP_EQ, -1);
3140 tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
3141 tor_free(msg);
3142
3143 free_options_test_data(tdata);
3144 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3145 "HttpsProxyAuthenticator validauth\n"
3146 );
3147 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3148 tt_int_op(ret, OP_EQ, 0);
3149 tor_free(msg);
3150
3151 free_options_test_data(tdata);
3152 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3153 "Socks4Proxy 127.0.42.1\n"
3154 );
3155 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3156 tt_int_op(ret, OP_EQ, 0);
3157 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080);
3158 tor_free(msg);
3159
3160 free_options_test_data(tdata);
3161 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3162 "Socks4Proxy 127.0.42.1:444\n"
3163 );
3164 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3165 tt_int_op(ret, OP_EQ, 0);
3166 tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444);
3167 tor_free(msg);
3168
3169 free_options_test_data(tdata);
3170 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3171 "Socks4Proxy not_so_valid!\n"
3172 );
3173 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3174 tt_int_op(ret, OP_EQ, -1);
3175 tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix.");
3176 tor_free(msg);
3177
3178 free_options_test_data(tdata);
3179 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3180 "Socks5Proxy 127.0.42.1\n"
3181 );
3182 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3183 tt_int_op(ret, OP_EQ, 0);
3184 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080);
3185 tor_free(msg);
3186
3187 free_options_test_data(tdata);
3188 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3189 "Socks5Proxy 127.0.42.1:444\n"
3190 );
3191 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3192 tt_int_op(ret, OP_EQ, 0);
3193 tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444);
3194 tor_free(msg);
3195
3196 free_options_test_data(tdata);
3197 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3198 "Socks5Proxy not_so_valid!\n"
3199 );
3200 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3201 tt_int_op(ret, OP_EQ, -1);
3202 tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix.");
3203 tor_free(msg);
3204
3205 free_options_test_data(tdata);
3206 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3207 "Socks4Proxy 215.1.1.1\n"
3208 "Socks5Proxy 215.1.1.2\n"
3209 );
3210 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3211 tt_int_op(ret, OP_EQ, -1);
3212 tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
3213 "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
3214 tor_free(msg);
3215
3216 free_options_test_data(tdata);
3217 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3218 "HttpProxy 215.1.1.1\n"
3219 );
3220 mock_clean_saved_logs();
3221 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3222 tt_int_op(ret, OP_EQ, 0);
3223 expect_log_msg("HTTPProxy configured, but no SOCKS "
3224 "proxy or HTTPS proxy configured. Watch out: this configuration "
3225 "will proxy unencrypted directory connections only.\n");
3226 tor_free(msg);
3227
3228 free_options_test_data(tdata);
3229 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3230 "HttpProxy 215.1.1.1\n"
3231 "Socks4Proxy 215.1.1.1\n"
3232 );
3233 mock_clean_saved_logs();
3234 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3235 tt_int_op(ret, OP_EQ, 0);
3236 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
3237 "proxy or HTTPS proxy configured. Watch out: this configuration "
3238 "will proxy unencrypted directory connections only.\n");
3239 tor_free(msg);
3240
3241 free_options_test_data(tdata);
3242 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3243 "HttpProxy 215.1.1.1\n"
3244 "Socks5Proxy 215.1.1.1\n"
3245 );
3246 mock_clean_saved_logs();
3247 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3248 tt_int_op(ret, OP_EQ, 0);
3249 expect_no_log_msg("HTTPProxy configured, but no SOCKS "
3250 "proxy or HTTPS proxy configured. Watch out: this configuration "
3251 "will proxy unencrypted directory connections only.\n");
3252 tor_free(msg);
3253
3254 free_options_test_data(tdata);
3255 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3256 "HttpProxy 215.1.1.1\n"
3257 "HttpsProxy 215.1.1.1\n"
3258 );
3259 mock_clean_saved_logs();
3260 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3261 tt_int_op(ret, OP_EQ, 0);
3262 expect_no_log_msg(
3263 "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
3264 "configured. Watch out: this configuration will proxy "
3265 "unencrypted directory connections only.\n");
3266 tor_free(msg);
3267
3268 free_options_test_data(tdata);
3269 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3270 );
3271 tdata->opt->Socks5ProxyUsername = tor_strdup("");
3272 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3273 tt_int_op(ret, OP_EQ, -1);
3274 tt_str_op(msg, OP_EQ,
3275 "Socks5ProxyUsername must be between 1 and 255 characters.");
3276 tor_free(msg);
3277
3278 free_options_test_data(tdata);
3279 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3280 );
3281 tdata->opt->Socks5ProxyUsername =
3282 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
3283 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
3284 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
3285 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
3286 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
3287 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3288 tt_int_op(ret, OP_EQ, -1);
3289 tt_str_op(msg, OP_EQ,
3290 "Socks5ProxyUsername must be between 1 and 255 characters.");
3291 tor_free(msg);
3292
3293 free_options_test_data(tdata);
3294 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3295 "Socks5ProxyUsername hello_world\n"
3296 );
3297 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3298 tt_int_op(ret, OP_EQ, -1);
3299 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
3300 "Socks5ProxyUsername.");
3301 tor_free(msg);
3302
3303 free_options_test_data(tdata);
3304 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3305 "Socks5ProxyUsername hello_world\n"
3306 );
3307 tdata->opt->Socks5ProxyPassword = tor_strdup("");
3308 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3309 tt_int_op(ret, OP_EQ, -1);
3310 tt_str_op(msg, OP_EQ,
3311 "Socks5ProxyPassword must be between 1 and 255 characters.");
3312 tor_free(msg);
3313
3314 free_options_test_data(tdata);
3315 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3316 "Socks5ProxyUsername hello_world\n"
3317 );
3318 tdata->opt->Socks5ProxyPassword =
3319 tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
3320 "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
3321 "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
3322 "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
3323 "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
3324 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3325 tt_int_op(ret, OP_EQ, -1);
3326 tt_str_op(msg, OP_EQ,
3327 "Socks5ProxyPassword must be between 1 and 255 characters.");
3328 tor_free(msg);
3329
3330 free_options_test_data(tdata);
3331 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3332 "Socks5ProxyUsername hello_world\n"
3333 "Socks5ProxyPassword world_hello\n"
3334 );
3335 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3336 tt_int_op(ret, OP_EQ, 0);
3337 tor_free(msg);
3338
3339 free_options_test_data(tdata);
3340 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3341 "Socks5ProxyPassword hello_world\n"
3342 );
3343 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3344 tt_int_op(ret, OP_EQ, -1);
3345 tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
3346 "Socks5ProxyUsername.");
3347 tor_free(msg);
3348
3349 done:
3350 teardown_capture_of_logs(previous_log);
3351 free_options_test_data(tdata);
3352 policies_free_all();
3353 // sandbox_free_getaddrinfo_cache();
3354 tor_free(msg);
3355 }
3356
3357 static void
3358 test_options_validate__control(void *ignored)
3359 {
3360 (void)ignored;
3361 int ret;
3362 char *msg;
3363 options_test_data_t *tdata = NULL;
3364 int previous_log = setup_capture_of_logs(LOG_WARN);
3365
3366 free_options_test_data(tdata);
3367 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3368 "HashedControlPassword something_incorrect\n"
3369 );
3370 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3371 tt_int_op(ret, OP_EQ, -1);
3372 tt_str_op(msg, OP_EQ,
3373 "Bad HashedControlPassword: wrong length or bad encoding");
3374 tor_free(msg);
3375
3376 free_options_test_data(tdata);
3377 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3378 "HashedControlPassword 16:872860B76453A77D60CA"
3379 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3380 );
3381 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3382 tt_int_op(ret, OP_EQ, 0);
3383 tor_free(msg);
3384
3385 free_options_test_data(tdata);
3386 tdata = get_options_test_data(
3387 TEST_OPTIONS_DEFAULT_VALUES
3388 "__HashedControlSessionPassword something_incorrect\n"
3389 );
3390 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3391 tt_int_op(ret, OP_EQ, -1);
3392 tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or "
3393 "bad encoding");
3394 tor_free(msg);
3395
3396 free_options_test_data(tdata);
3397 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3398 "__HashedControlSessionPassword 16:872860B7645"
3399 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3400 "4C\n"
3401 );
3402 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3403 tt_int_op(ret, OP_EQ, 0);
3404 tor_free(msg);
3405
3406 free_options_test_data(tdata);
3407 tdata = get_options_test_data(
3408 TEST_OPTIONS_DEFAULT_VALUES
3409 "__OwningControllerProcess something_incorrect\n"
3410 );
3411 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3412 tt_int_op(ret, OP_EQ, -1);
3413 tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID");
3414 tor_free(msg);
3415
3416 free_options_test_data(tdata);
3417 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3418 "__OwningControllerProcess 123\n"
3419 );
3420 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3421 tt_int_op(ret, OP_EQ, 0);
3422 tor_free(msg);
3423
3424 free_options_test_data(tdata);
3425 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3426 "ControlPort 127.0.0.1:1234\n"
3427 );
3428 mock_clean_saved_logs();
3429 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3430 tt_int_op(ret, OP_EQ, 0);
3431 expect_log_msg(
3432 "ControlPort is open, but no authentication method has been "
3433 "configured. This means that any program on your computer can "
3434 "reconfigure your Tor. That's bad! You should upgrade your Tor"
3435 " controller as soon as possible.\n");
3436 tor_free(msg);
3437
3438 free_options_test_data(tdata);
3439 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3440 "ControlPort 127.0.0.1:1234\n"
3441 "HashedControlPassword 16:872860B76453A77D60CA"
3442 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3443 );
3444 mock_clean_saved_logs();
3445 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3446 tt_int_op(ret, OP_EQ, 0);
3447 expect_no_log_msg(
3448 "ControlPort is open, but no authentication method has been "
3449 "configured. This means that any program on your computer can "
3450 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3451 "controller as soon as possible.\n");
3452 tor_free(msg);
3453
3454 free_options_test_data(tdata);
3455 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3456 "ControlPort 127.0.0.1:1234\n"
3457 "__HashedControlSessionPassword 16:872860B7645"
3458 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3459 "4C\n"
3460 );
3461 mock_clean_saved_logs();
3462 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3463 tt_int_op(ret, OP_EQ, 0);
3464 expect_no_log_msg(
3465 "ControlPort is open, but no authentication method has been "
3466 "configured. This means that any program on your computer can "
3467 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3468 "controller as soon as possible.\n");
3469 tor_free(msg);
3470
3471 free_options_test_data(tdata);
3472 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3473 "ControlPort 127.0.0.1:1234\n"
3474 "CookieAuthentication 1\n"
3475 );
3476 mock_clean_saved_logs();
3477 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3478 tt_int_op(ret, OP_EQ, 0);
3479 expect_no_log_msg(
3480 "ControlPort is open, but no authentication method has been "
3481 "configured. This means that any program on your computer can "
3482 "reconfigure your Tor. That's bad! You should upgrade your Tor "
3483 "controller as soon as possible.\n");
3484 tor_free(msg);
3485
3486 #ifdef HAVE_SYS_UN_H
3487 free_options_test_data(tdata);
3488 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3489 "ControlSocket unix:/tmp WorldWritable\n"
3490 );
3491 mock_clean_saved_logs();
3492 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3493 tt_int_op(ret, OP_EQ, 0);
3494 expect_log_msg(
3495 "ControlSocket is world writable, but no authentication method has"
3496 " been configured. This means that any program on your computer "
3497 "can reconfigure your Tor. That's bad! You should upgrade your "
3498 "Tor controller as soon as possible.\n");
3499 tor_free(msg);
3500
3501 free_options_test_data(tdata);
3502 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3503 "ControlSocket unix:/tmp WorldWritable\n"
3504 "HashedControlPassword 16:872860B76453A77D60CA"
3505 "2BB8C1A7042072093276A3D701AD684053EC4C\n"
3506 );
3507 mock_clean_saved_logs();
3508 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3509 tt_int_op(ret, OP_EQ, 0);
3510 expect_no_log_msg(
3511 "ControlSocket is world writable, but no authentication method has"
3512 " been configured. This means that any program on your computer "
3513 "can reconfigure your Tor. That's bad! You should upgrade your "
3514 "Tor controller as soon as possible.\n");
3515 tor_free(msg);
3516
3517 free_options_test_data(tdata);
3518 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3519 "ControlSocket unix:/tmp WorldWritable\n"
3520 "__HashedControlSessionPassword 16:872860B7645"
3521 "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
3522 "4C\n"
3523 );
3524 mock_clean_saved_logs();
3525 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3526 tt_int_op(ret, OP_EQ, 0);
3527 expect_no_log_msg(
3528 "ControlSocket is world writable, but no authentication method has"
3529 " been configured. This means that any program on your computer "
3530 "can reconfigure your Tor. That's bad! You should upgrade your "
3531 "Tor controller as soon as possible.\n");
3532 tor_free(msg);
3533
3534 free_options_test_data(tdata);
3535 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3536 "ControlSocket unix:/tmp WorldWritable\n"
3537 "CookieAuthentication 1\n"
3538 );
3539 mock_clean_saved_logs();
3540 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3541 tt_int_op(ret, OP_EQ, 0);
3542 expect_no_log_msg(
3543 "ControlSocket is world writable, but no authentication method has"
3544 " been configured. This means that any program on your computer "
3545 "can reconfigure your Tor. That's bad! You should upgrade your "
3546 "Tor controller as soon as possible.\n");
3547 tor_free(msg);
3548 #endif
3549
3550 free_options_test_data(tdata);
3551 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3552 "CookieAuthFileGroupReadable 1\n"
3553 );
3554 mock_clean_saved_logs();
3555 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3556 tt_int_op(ret, OP_EQ, 0);
3557 expect_log_msg(
3558 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3559 "must specify an explicit CookieAuthFile to have it "
3560 "group-readable.\n");
3561 tor_free(msg);
3562
3563 free_options_test_data(tdata);
3564 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3565 "CookieAuthFileGroupReadable 1\n"
3566 "CookieAuthFile /tmp/somewhere\n"
3567 );
3568 mock_clean_saved_logs();
3569 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3570 tt_int_op(ret, OP_EQ, 0);
3571 expect_no_log_msg(
3572 "CookieAuthFileGroupReadable is set, but will have no effect: you "
3573 "must specify an explicit CookieAuthFile to have it "
3574 "group-readable.\n");
3575 tor_free(msg);
3576
3577 done:
3578 teardown_capture_of_logs(previous_log);
3579 policies_free_all();
3580 free_options_test_data(tdata);
3581 tor_free(msg);
3582 }
3583
3584 static void
3585 test_options_validate__families(void *ignored)
3586 {
3587 (void)ignored;
3588 int ret;
3589 char *msg;
3590 options_test_data_t *tdata = NULL;
3591 int previous_log = setup_capture_of_logs(LOG_WARN);
3592
3593 free_options_test_data(tdata);
3594 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3595 "MyFamily home\n"
3596 "BridgeRelay 1\n"
3597 "ORListenAddress 127.0.0.1:5555\n"
3598 "ORPort 955\n"
3599 "BandwidthRate 51300\n"
3600 "BandwidthBurst 51300\n"
3601 "MaxAdvertisedBandwidth 25700\n"
3602 "DirCache 1\n"
3603 );
3604 mock_clean_saved_logs();
3605 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3606 tt_int_op(ret, OP_EQ, 0);
3607 expect_log_msg(
3608 "Listing a family for a bridge relay is not supported: it can "
3609 "reveal bridge fingerprints to censors. You should also make sure "
3610 "you aren't listing this bridge's fingerprint in any other "
3611 "MyFamily.\n");
3612 tor_free(msg);
3613
3614 free_options_test_data(tdata);
3615 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3616 "MyFamily home\n"
3617 );
3618 mock_clean_saved_logs();
3619 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3620 tt_int_op(ret, OP_EQ, 0);
3621 expect_no_log_msg(
3622 "Listing a family for a bridge relay is not supported: it can "
3623 "reveal bridge fingerprints to censors. You should also make sure "
3624 "you aren't listing this bridge's fingerprint in any other "
3625 "MyFamily.\n");
3626 tor_free(msg);
3627
3628 free_options_test_data(tdata);
3629 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3630 "MyFamily !\n"
3631 );
3632 mock_clean_saved_logs();
3633 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3634 tt_int_op(ret, OP_EQ, -1);
3635 tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line");
3636 tor_free(msg);
3637
3638 free_options_test_data(tdata);
3639 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3640 "NodeFamily foo\n"
3641 "NodeFamily !\n"
3642 );
3643 mock_clean_saved_logs();
3644 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3645 tt_int_op(ret, OP_EQ, -1);
3646 tt_assert(!msg);
3647 tor_free(msg);
3648
3649 done:
3650 teardown_capture_of_logs(previous_log);
3651 policies_free_all();
3652 free_options_test_data(tdata);
3653 tor_free(msg);
3654 }
3655
3656 static void
3657 test_options_validate__addr_policies(void *ignored)
3658 {
3659 (void)ignored;
3660 int ret;
3661 char *msg;
3662 options_test_data_t *tdata = NULL;
3663
3664 free_options_test_data(tdata);
3665 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3666 "ExitPolicy !!!\n"
3667 "ExitRelay 1\n"
3668 );
3669 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3670 tt_int_op(ret, OP_EQ, -1);
3671 tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry.");
3672 tor_free(msg);
3673
3674 done:
3675 policies_free_all();
3676 free_options_test_data(tdata);
3677 tor_free(msg);
3678 }
3679
3680 static void
3681 test_options_validate__dir_auth(void *ignored)
3682 {
3683 (void)ignored;
3684 int ret;
3685 char *msg;
3686 options_test_data_t *tdata = NULL;
3687 int previous_log = setup_capture_of_logs(LOG_WARN);
3688
3689 free_options_test_data(tdata);
3690 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3691 VALID_DIR_AUTH
3692 VALID_ALT_DIR_AUTH
3693 );
3694 mock_clean_saved_logs();
3695 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3696 tt_int_op(ret, OP_EQ, -1);
3697 tt_str_op(msg, OP_EQ,
3698 "Directory authority/fallback line did not parse. See logs for "
3699 "details.");
3700 expect_log_msg(
3701 "You cannot set both DirAuthority and Alternate*Authority.\n");
3702 tor_free(msg);
3703
3704 free_options_test_data(tdata);
3705 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3706 "TestingTorNetwork 1\n"
3707 );
3708 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3709 tt_int_op(ret, OP_EQ, -1);
3710 tt_str_op(msg, OP_EQ,
3711 "TestingTorNetwork may only be configured in combination with a "
3712 "non-default set of DirAuthority or both of AlternateDirAuthority "
3713 "and AlternateBridgeAuthority configured.");
3714 tor_free(msg);
3715
3716 free_options_test_data(tdata);
3717 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3718 VALID_DIR_AUTH
3719 "TestingTorNetwork 1\n"
3720 );
3721 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3722 tt_int_op(ret, OP_EQ, 0);
3723 tor_free(msg);
3724
3725 free_options_test_data(tdata);
3726 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3727 "TestingTorNetwork 1\n"
3728 VALID_ALT_DIR_AUTH
3729 );
3730 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3731 tt_int_op(ret, OP_EQ, -1);
3732 tt_str_op(msg, OP_EQ,
3733 "TestingTorNetwork may only be configured in combination with a "
3734 "non-default set of DirAuthority or both of AlternateDirAuthority "
3735 "and AlternateBridgeAuthority configured.");
3736 tor_free(msg);
3737
3738 free_options_test_data(tdata);
3739 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3740 "TestingTorNetwork 1\n"
3741 VALID_ALT_BRIDGE_AUTH
3742 );
3743 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3744 tt_int_op(ret, OP_EQ, -1);
3745 tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in "
3746 "combination with a non-default set of DirAuthority or both of "
3747 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3748 tor_free(msg);
3749
3750 free_options_test_data(tdata);
3751 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3752 VALID_ALT_DIR_AUTH
3753 VALID_ALT_BRIDGE_AUTH
3754 "TestingTorNetwork 1\n"
3755 );
3756 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3757 tt_int_op(ret, OP_EQ, 0);
3758 tor_free(msg);
3759
3760 done:
3761 policies_free_all();
3762 teardown_capture_of_logs(previous_log);
3763 free_options_test_data(tdata);
3764 tor_free(msg);
3765 }
3766
3767 static void
3768 test_options_validate__transport(void *ignored)
3769 {
3770 (void)ignored;
3771 int ret;
3772 char *msg;
3773 options_test_data_t *tdata = NULL;
3774 int previous_log = setup_capture_of_logs(LOG_NOTICE);
3775
3776 free_options_test_data(tdata);
3777 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3778 "ClientTransportPlugin !!\n"
3779 );
3780 mock_clean_saved_logs();
3781 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3782 tt_int_op(ret, OP_EQ, -1);
3783 tt_str_op(msg, OP_EQ,
3784 "Invalid client transport line. See logs for details.");
3785 expect_log_msg(
3786 "Too few arguments on ClientTransportPlugin line.\n");
3787 tor_free(msg);
3788
3789 free_options_test_data(tdata);
3790 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3791 "ClientTransportPlugin foo exec bar\n"
3792 );
3793 mock_clean_saved_logs();
3794 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3795 tt_int_op(ret, OP_EQ, 0);
3796 tor_free(msg);
3797
3798 free_options_test_data(tdata);
3799 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3800 "ServerTransportPlugin !!\n"
3801 );
3802 mock_clean_saved_logs();
3803 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3804 tt_int_op(ret, OP_EQ, -1);
3805 tt_str_op(msg, OP_EQ,
3806 "Invalid server transport line. See logs for details.");
3807 expect_log_msg(
3808 "Too few arguments on ServerTransportPlugin line.\n");
3809 tor_free(msg);
3810
3811 free_options_test_data(tdata);
3812 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3813 "ServerTransportPlugin foo exec bar\n"
3814 );
3815 mock_clean_saved_logs();
3816 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3817 tt_int_op(ret, OP_EQ, 0);
3818 expect_log_msg(
3819 "Tor is not configured as a relay but you specified a "
3820 "ServerTransportPlugin line (\"foo exec bar\"). The "
3821 "ServerTransportPlugin line will be ignored.\n");
3822 tor_free(msg);
3823
3824 free_options_test_data(tdata);
3825 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3826 "ServerTransportPlugin foo exec bar\n"
3827 "ORListenAddress 127.0.0.1:5555\n"
3828 "ORPort 955\n"
3829 "BandwidthRate 76900\n"
3830 "BandwidthBurst 76900\n"
3831 "MaxAdvertisedBandwidth 38500\n"
3832 );
3833 mock_clean_saved_logs();
3834 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3835 tt_int_op(ret, OP_EQ, 0);
3836 expect_no_log_msg(
3837 "Tor is not configured as a relay but you specified a "
3838 "ServerTransportPlugin line (\"foo exec bar\"). The "
3839 "ServerTransportPlugin line will be ignored.\n");
3840 tor_free(msg);
3841
3842 free_options_test_data(tdata);
3843 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3844 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3845 "ServerTransportListenAddr !\n"
3846 );
3847 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3848 tt_int_op(ret, OP_EQ, -1);
3849 tt_str_op(msg, OP_EQ,
3850 "ServerTransportListenAddr did not parse. See logs for details.");
3851 tor_free(msg);
3852
3853 free_options_test_data(tdata);
3854 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3855 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3856 );
3857 mock_clean_saved_logs();
3858 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3859 tt_int_op(ret, OP_EQ, 0);
3860 expect_log_msg(
3861 "You need at least a single managed-proxy to specify a transport "
3862 "listen address. The ServerTransportListenAddr line will be "
3863 "ignored.\n");
3864 tor_free(msg);
3865
3866 free_options_test_data(tdata);
3867 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3868 "ServerTransportListenAddr foo 127.0.0.42:55\n"
3869 "ServerTransportPlugin foo exec bar\n"
3870 "ORListenAddress 127.0.0.1:5555\n"
3871 "ORPort 955\n"
3872 "BandwidthRate 76900\n"
3873 "BandwidthBurst 76900\n"
3874 "MaxAdvertisedBandwidth 38500\n"
3875 );
3876 mock_clean_saved_logs();
3877 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3878 tt_int_op(ret, OP_EQ, 0);
3879 expect_no_log_msg(
3880 "You need at least a single managed-proxy to specify a transport "
3881 "listen address. The ServerTransportListenAddr line will be "
3882 "ignored.\n");
3883
3884 done:
3885 escaped(NULL); // This will free the leaking memory from the previous escaped
3886 policies_free_all();
3887 teardown_capture_of_logs(previous_log);
3888 free_options_test_data(tdata);
3889 tor_free(msg);
3890 }
3891
3892 static void
3893 test_options_validate__constrained_sockets(void *ignored)
3894 {
3895 (void)ignored;
3896 int ret;
3897 char *msg;
3898 options_test_data_t *tdata = NULL;
3899 int previous_log = setup_capture_of_logs(LOG_WARN);
3900
3901 free_options_test_data(tdata);
3902 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3903 "ConstrainedSockets 1\n"
3904 "ConstrainedSockSize 0\n"
3905 );
3906 mock_clean_saved_logs();
3907 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3908 tt_int_op(ret, OP_EQ, -1);
3909 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3910 "between 2048 and 262144 in 1024 byte increments.");
3911 tor_free(msg);
3912
3913 free_options_test_data(tdata);
3914 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3915 "ConstrainedSockets 1\n"
3916 "ConstrainedSockSize 263168\n"
3917 );
3918 mock_clean_saved_logs();
3919 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3920 tt_int_op(ret, OP_EQ, -1);
3921 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3922 "between 2048 and 262144 in 1024 byte increments.");
3923 tor_free(msg);
3924
3925 free_options_test_data(tdata);
3926 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3927 "ConstrainedSockets 1\n"
3928 "ConstrainedSockSize 2047\n"
3929 );
3930 mock_clean_saved_logs();
3931 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3932 tt_int_op(ret, OP_EQ, -1);
3933 tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid. Must be a value "
3934 "between 2048 and 262144 in 1024 byte increments.");
3935 tor_free(msg);
3936
3937 free_options_test_data(tdata);
3938 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3939 "ConstrainedSockets 1\n"
3940 "ConstrainedSockSize 2048\n"
3941 "DirPort 999\n"
3942 "DirCache 1\n"
3943 );
3944 mock_clean_saved_logs();
3945 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3946 tt_int_op(ret, OP_EQ, 0);
3947 expect_log_msg("You have requested constrained "
3948 "socket buffers while also serving directory entries via DirPort."
3949 " It is strongly suggested that you disable serving directory"
3950 " requests when system TCP buffer resources are scarce.\n");
3951 tor_free(msg);
3952
3953 free_options_test_data(tdata);
3954 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3955 "ConstrainedSockets 1\n"
3956 "ConstrainedSockSize 2048\n"
3957 );
3958 mock_clean_saved_logs();
3959 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3960 tt_int_op(ret, OP_EQ, 0);
3961 expect_no_log_msg(
3962 "You have requested constrained socket buffers while also serving"
3963 " directory entries via DirPort. It is strongly suggested that "
3964 "you disable serving directory requests when system TCP buffer "
3965 "resources are scarce.\n");
3966 tor_free(msg);
3967
3968 done:
3969 policies_free_all();
3970 teardown_capture_of_logs(previous_log);
3971 free_options_test_data(tdata);
3972 tor_free(msg);
3973 }
3974
3975 static void
3976 test_options_validate__v3_auth(void *ignored)
3977 {
3978 (void)ignored;
3979 int ret;
3980 char *msg;
3981 options_test_data_t *tdata = NULL;
3982 int previous_log = setup_capture_of_logs(LOG_WARN);
3983
3984 free_options_test_data(tdata);
3985 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3986 "V3AuthVoteDelay 1000\n"
3987 "V3AuthDistDelay 1000\n"
3988 "V3AuthVotingInterval 1000\n"
3989 );
3990 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
3991 tt_int_op(ret, OP_EQ, -1);
3992 tt_str_op(msg, OP_EQ,
3993 "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3994 "V3AuthVotingInterval");
3995 tor_free(msg);
3996
3997 free_options_test_data(tdata);
3998 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
3999 "V3AuthVoteDelay 1\n"
4000 );
4001 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4002 tt_int_op(ret, OP_EQ, -1);
4003 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
4004 tor_free(msg);
4005
4006 free_options_test_data(tdata);
4007 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4008 "V3AuthVoteDelay 1\n"
4009 "TestingTorNetwork 1\n"
4010 );
4011 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4012 tt_int_op(ret, OP_EQ, -1);
4013 tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
4014 tor_free(msg);
4015
4016 // TODO: we can't reach the case of v3authvotedelay lower
4017 // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
4018 // since they are the same
4019
4020 free_options_test_data(tdata);
4021 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4022 "V3AuthDistDelay 1\n"
4023 );
4024 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4025 tt_int_op(ret, OP_EQ, -1);
4026 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
4027 tor_free(msg);
4028
4029 free_options_test_data(tdata);
4030 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4031 "V3AuthDistDelay 1\n"
4032 "TestingTorNetwork 1\n"
4033 );
4034 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4035 tt_int_op(ret, OP_EQ, -1);
4036 tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
4037 tor_free(msg);
4038
4039 // TODO: we can't reach the case of v3authdistdelay lower than
4040 // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
4041 // since they are the same
4042
4043 free_options_test_data(tdata);
4044 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4045 "V3AuthNIntervalsValid 1\n"
4046 );
4047 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4048 tt_int_op(ret, OP_EQ, -1);
4049 tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2.");
4050 tor_free(msg);
4051
4052 free_options_test_data(tdata);
4053 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4054 "V3AuthVoteDelay 49\n"
4055 "V3AuthDistDelay 49\n"
4056 "V3AuthVotingInterval 200\n"
4057 );
4058 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4059 tt_int_op(ret, OP_EQ, -1);
4060 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low.");
4061 tor_free(msg);
4062
4063 free_options_test_data(tdata);
4064 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4065 "V3AuthVoteDelay 49\n"
4066 "V3AuthDistDelay 49\n"
4067 "V3AuthVotingInterval 200000\n"
4068 );
4069 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4070 tt_int_op(ret, OP_EQ, -1);
4071 tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high.");
4072 tor_free(msg);
4073
4074 free_options_test_data(tdata);
4075 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4076 "V3AuthVoteDelay 49\n"
4077 "V3AuthDistDelay 49\n"
4078 "V3AuthVotingInterval 1441\n"
4079 );
4080 mock_clean_saved_logs();
4081 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4082 tt_int_op(ret, OP_EQ, 0);
4083 expect_log_msg("V3AuthVotingInterval does not divide"
4084 " evenly into 24 hours.\n");
4085 tor_free(msg);
4086
4087 free_options_test_data(tdata);
4088 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4089 "V3AuthVoteDelay 49\n"
4090 "V3AuthDistDelay 49\n"
4091 "V3AuthVotingInterval 1440\n"
4092 );
4093 mock_clean_saved_logs();
4094 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4095 tt_int_op(ret, OP_EQ, 0);
4096 expect_no_log_msg("V3AuthVotingInterval does not divide"
4097 " evenly into 24 hours.\n");
4098 tor_free(msg);
4099
4100 free_options_test_data(tdata);
4101 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4102 "V3AuthVoteDelay 49\n"
4103 "V3AuthDistDelay 49\n"
4104 "V3AuthVotingInterval 299\n"
4105 VALID_DIR_AUTH
4106 "TestingTorNetwork 1\n"
4107 );
4108 mock_clean_saved_logs();
4109 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4110 tt_int_op(ret, OP_EQ, 0);
4111 expect_log_msg("V3AuthVotingInterval is very low. "
4112 "This may lead to failure to synchronise for a consensus.\n");
4113 tor_free(msg);
4114
4115 // TODO: It is impossible to reach the case of testingtor network, with
4116 // v3authvotinginterval too low
4117 /* free_options_test_data(tdata); */
4118 /* tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES */
4119 /* "V3AuthVoteDelay 1\n" */
4120 /* "V3AuthDistDelay 1\n" */
4121 /* "V3AuthVotingInterval 9\n" */
4122 /* VALID_DIR_AUTH */
4123 /* "TestingTorNetwork 1\n" */
4124 /* ); */
4125 /* ret = options_validate(tdata->old_opt, tdata->opt, */
4126 /* tdata->def_opt, 0, &msg); */
4127 /* tt_int_op(ret, OP_EQ, -1); */
4128 /* tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low."); */
4129
4130 free_options_test_data(tdata);
4131 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4132 "TestingV3AuthInitialVoteDelay 1\n"
4133 VALID_DIR_AUTH
4134 "TestingTorNetwork 1\n"
4135 );
4136 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4137 tt_int_op(ret, OP_EQ, -1);
4138 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low.");
4139 tor_free(msg);
4140
4141 free_options_test_data(tdata);
4142 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4143 "TestingV3AuthInitialDistDelay 1\n"
4144 VALID_DIR_AUTH
4145 "TestingTorNetwork 1\n"
4146 );
4147 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4148 tt_int_op(ret, OP_EQ, -1);
4149 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low.");
4150 tor_free(msg);
4151
4152 free_options_test_data(tdata);
4153 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4154 VALID_DIR_AUTH
4155 "TestingTorNetwork 1\n"
4156 );
4157 tdata->opt->TestingV3AuthVotingStartOffset = 100000;
4158 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4159 tt_int_op(ret, OP_EQ, -1);
4160 tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the "
4161 "voting interval.");
4162 tor_free(msg);
4163
4164 free_options_test_data(tdata);
4165 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4166 VALID_DIR_AUTH
4167 "TestingTorNetwork 1\n"
4168 );
4169 tdata->opt->TestingV3AuthVotingStartOffset = -1;
4170 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4171 tt_int_op(ret, OP_EQ, -1);
4172 tt_str_op(msg, OP_EQ,
4173 "TestingV3AuthVotingStartOffset must be non-negative.");
4174 tor_free(msg);
4175
4176 free_options_test_data(tdata);
4177 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4178 VALID_DIR_AUTH
4179 "TestingTorNetwork 1\n"
4180 "TestingV3AuthInitialVotingInterval 4\n"
4181 );
4182 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4183 tt_int_op(ret, OP_EQ, -1);
4184 tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low.");
4185 tor_free(msg);
4186
4187 done:
4188 policies_free_all();
4189 teardown_capture_of_logs(previous_log);
4190 free_options_test_data(tdata);
4191 tor_free(msg);
4192 }
4193
4194 static void
4195 test_options_validate__virtual_addr(void *ignored)
4196 {
4197 (void)ignored;
4198 int ret;
4199 char *msg;
4200 options_test_data_t *tdata = NULL;
4201
4202 free_options_test_data(tdata);
4203 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4204 "VirtualAddrNetworkIPv4 !!"
4205 );
4206 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4207 tt_int_op(ret, OP_EQ, -1);
4208 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!");
4209 tor_free(msg);
4210
4211 free_options_test_data(tdata);
4212 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4213 "VirtualAddrNetworkIPv6 !!"
4214 );
4215 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4216 tt_int_op(ret, OP_EQ, -1);
4217 tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!");
4218 tor_free(msg);
4219
4220 done:
4221 escaped(NULL); // This will free the leaking memory from the previous escaped
4222 policies_free_all();
4223 free_options_test_data(tdata);
4224 tor_free(msg);
4225 }
4226
4227 static void
4228 test_options_validate__exits(void *ignored)
4229 {
4230 (void)ignored;
4231 int ret;
4232 char *msg;
4233 options_test_data_t *tdata = NULL;
4234 int previous_log = setup_capture_of_logs(LOG_WARN);
4235
4236 free_options_test_data(tdata);
4237 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4238 "AllowSingleHopExits 1"
4239 );
4240 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4241 tt_int_op(ret, OP_EQ, 0);
4242 expect_log_msg("You have set AllowSingleHopExits; "
4243 "now your relay will allow others to make one-hop exits. However,"
4244 " since by default most clients avoid relays that set this option,"
4245 " most clients will ignore you.\n");
4246 tor_free(msg);
4247
4248 free_options_test_data(tdata);
4249 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4250 "AllowSingleHopExits 1\n"
4251 VALID_DIR_AUTH
4252 );
4253 mock_clean_saved_logs();
4254 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4255 tt_int_op(ret, OP_EQ, 0);
4256 expect_no_log_msg("You have set AllowSingleHopExits; "
4257 "now your relay will allow others to make one-hop exits. However,"
4258 " since by default most clients avoid relays that set this option,"
4259 " most clients will ignore you.\n");
4260 tor_free(msg);
4261
4262 done:
4263 policies_free_all();
4264 teardown_capture_of_logs(previous_log);
4265 free_options_test_data(tdata);
4266 tor_free(msg);
4267 }
4268
4269 static void
4270 test_options_validate__testing_options(void *ignored)
4271 {
4272 (void)ignored;
4273 int ret;
4274 char *msg;
4275 options_test_data_t *tdata = NULL;
4276 int previous_log = setup_capture_of_logs(LOG_WARN);
4277
4278 #define TEST_TESTING_OPTION(name, low_val, high_val, err_low) \
4279 STMT_BEGIN \
4280 free_options_test_data(tdata); \
4281 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
4282 VALID_DIR_AUTH \
4283 "TestingTorNetwork 1\n" \
4284 ); \
4285 tdata->opt-> name = low_val; \
4286 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
4287 tt_int_op(ret, OP_EQ, -1); \
4288 tt_str_op(msg, OP_EQ, #name " " err_low); \
4289 tor_free(msg); \
4290 \
4291 free_options_test_data(tdata); \
4292 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
4293 VALID_DIR_AUTH \
4294 "TestingTorNetwork 1\n" \
4295 ); \
4296 tdata->opt-> name = high_val; \
4297 mock_clean_saved_logs(); \
4298 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
4299 tt_int_op(ret, OP_EQ, 0); \
4300 expect_log_msg( #name " is insanely high.\n"); \
4301 tor_free(msg); \
4302 STMT_END
4303
4304 TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, -1, 8000,
4305 "must be non-negative.");
4306 TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601,
4307 "must be non-negative.");
4308 TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601,
4309 "is way too low.");
4310 TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601,
4311 "is way too low.");
4312 // TODO: I think this points to a bug/regression in options_validate
4313 TEST_TESTING_OPTION(TestingConsensusMaxDownloadTries, 1, 801,
4314 "must be greater than 2.");
4315 TEST_TESTING_OPTION(TestingDescriptorMaxDownloadTries, 1, 801,
4316 "must be greater than 1.");
4317 TEST_TESTING_OPTION(TestingMicrodescMaxDownloadTries, 1, 801,
4318 "must be greater than 1.");
4319 TEST_TESTING_OPTION(TestingCertMaxDownloadTries, 1, 801,
4320 "must be greater than 1.");
4321
4322 free_options_test_data(tdata);
4323 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4324 "TestingEnableConnBwEvent 1\n"
4325 );
4326 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4327 tt_int_op(ret, OP_EQ, -1);
4328 tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in "
4329 "testing Tor networks!");
4330 tor_free(msg);
4331
4332 free_options_test_data(tdata);
4333 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4334 "TestingEnableConnBwEvent 1\n"
4335 VALID_DIR_AUTH
4336 "TestingTorNetwork 1\n"
4337 "___UsingTestNetworkDefaults 0\n"
4338 );
4339
4340 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4341 tt_int_op(ret, OP_EQ, 0);
4342 tt_assert(!msg);
4343 tor_free(msg);
4344
4345 free_options_test_data(tdata);
4346 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4347 "TestingEnableConnBwEvent 1\n"
4348 VALID_DIR_AUTH
4349 "TestingTorNetwork 0\n"
4350 "___UsingTestNetworkDefaults 1\n"
4351 );
4352
4353 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4354 tt_int_op(ret, OP_EQ, 0);
4355 tt_assert(!msg);
4356 tor_free(msg);
4357
4358 free_options_test_data(tdata);
4359 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4360 "TestingEnableCellStatsEvent 1\n"
4361 );
4362 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4363 tt_int_op(ret, OP_EQ, -1);
4364 tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in "
4365 "testing Tor networks!");
4366 tor_free(msg);
4367
4368 free_options_test_data(tdata);
4369 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4370 "TestingEnableCellStatsEvent 1\n"
4371 VALID_DIR_AUTH
4372 "TestingTorNetwork 1\n"
4373 "___UsingTestNetworkDefaults 0\n"
4374 );
4375
4376 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4377 tt_int_op(ret, OP_EQ, 0);
4378 tt_assert(!msg);
4379 tor_free(msg);
4380
4381 free_options_test_data(tdata);
4382 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4383 "TestingEnableCellStatsEvent 1\n"
4384 VALID_DIR_AUTH
4385 "TestingTorNetwork 0\n"
4386 "___UsingTestNetworkDefaults 1\n"
4387 );
4388
4389 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4390 tt_int_op(ret, OP_EQ, 0);
4391 tt_assert(!msg);
4392 tor_free(msg);
4393
4394 free_options_test_data(tdata);
4395 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4396 "TestingEnableTbEmptyEvent 1\n"
4397 );
4398 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4399 tt_int_op(ret, OP_EQ, -1);
4400 tt_str_op(msg, OP_EQ, "TestingEnableTbEmptyEvent may only be changed "
4401 "in testing Tor networks!");
4402 tor_free(msg);
4403
4404 free_options_test_data(tdata);
4405 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4406 "TestingEnableTbEmptyEvent 1\n"
4407 VALID_DIR_AUTH
4408 "TestingTorNetwork 1\n"
4409 "___UsingTestNetworkDefaults 0\n"
4410 );
4411
4412 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4413 tt_int_op(ret, OP_EQ, 0);
4414 tt_assert(!msg);
4415 tor_free(msg);
4416
4417 free_options_test_data(tdata);
4418 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4419 "TestingEnableTbEmptyEvent 1\n"
4420 VALID_DIR_AUTH
4421 "TestingTorNetwork 0\n"
4422 "___UsingTestNetworkDefaults 1\n"
4423 );
4424
4425 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4426 tt_int_op(ret, OP_EQ, 0);
4427 tt_assert(!msg);
4428 tor_free(msg);
4429
4430 done:
4431 policies_free_all();
4432 teardown_capture_of_logs(previous_log);
4433 free_options_test_data(tdata);
4434 tor_free(msg);
4435 }
4436
4437 static void
4438 test_options_validate__accel(void *ignored)
4439 {
4440 (void)ignored;
4441 int ret;
4442 char *msg;
4443 options_test_data_t *tdata = NULL;
4444
4445 free_options_test_data(tdata);
4446 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4447 "AccelName foo\n"
4448 );
4449 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4450 tt_int_op(ret, OP_EQ, 0);
4451 tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 1);
4452 tor_free(msg);
4453
4454 free_options_test_data(tdata);
4455 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4456 "AccelName foo\n"
4457 );
4458 tdata->opt->HardwareAccel = 2;
4459 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4460 tt_int_op(ret, OP_EQ, 0);
4461 tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 2);
4462 tor_free(msg);
4463
4464 free_options_test_data(tdata);
4465 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4466 "AccelDir 1\n"
4467 );
4468 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4469 tt_int_op(ret, OP_EQ, -1);
4470 tt_str_op(msg, OP_EQ,
4471 "Can't use hardware crypto accelerator dir without engine name.");
4472 tor_free(msg);
4473
4474 free_options_test_data(tdata);
4475 tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
4476 "AccelDir 1\n"
4477 "AccelName something\n"
4478 );
4479 ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
4480 tt_int_op(ret, OP_EQ, 0);
4481 tor_free(msg);
4482
4483 done:
4484 policies_free_all();
4485 free_options_test_data(tdata);
4486 tor_free(msg);
4487 }
4488
4489 #define LOCAL_VALIDATE_TEST(name) \
4490 { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
4491
4492 struct testcase_t options_tests[] = {
4493 { "validate", test_options_validate, TT_FORK, NULL, NULL },
4494 { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL },
4495 LOCAL_VALIDATE_TEST(uname_for_server),
4496 LOCAL_VALIDATE_TEST(outbound_addresses),
4497 LOCAL_VALIDATE_TEST(data_directory),
4498 LOCAL_VALIDATE_TEST(nickname),
4499 LOCAL_VALIDATE_TEST(contactinfo),
4500 LOCAL_VALIDATE_TEST(logs),
4501 LOCAL_VALIDATE_TEST(authdir),
4502 LOCAL_VALIDATE_TEST(relay_with_hidden_services),
4503 LOCAL_VALIDATE_TEST(transproxy),
4504 LOCAL_VALIDATE_TEST(exclude_nodes),
4505 LOCAL_VALIDATE_TEST(scheduler),
4506 LOCAL_VALIDATE_TEST(node_families),
4507 LOCAL_VALIDATE_TEST(tlsec),
4508 LOCAL_VALIDATE_TEST(token_bucket),
4509 LOCAL_VALIDATE_TEST(recommended_packages),
4510 LOCAL_VALIDATE_TEST(fetch_dir),
4511 LOCAL_VALIDATE_TEST(conn_limit),
4512 LOCAL_VALIDATE_TEST(paths_needed),
4513 LOCAL_VALIDATE_TEST(max_client_circuits),
4514 LOCAL_VALIDATE_TEST(ports),
4515 LOCAL_VALIDATE_TEST(reachable_addresses),
4516 LOCAL_VALIDATE_TEST(use_bridges),
4517 LOCAL_VALIDATE_TEST(entry_nodes),
4518 LOCAL_VALIDATE_TEST(invalid_nodes),
4519 LOCAL_VALIDATE_TEST(safe_logging),
4520 LOCAL_VALIDATE_TEST(publish_server_descriptor),
4521 LOCAL_VALIDATE_TEST(testing),
4522 LOCAL_VALIDATE_TEST(hidserv),
4523 LOCAL_VALIDATE_TEST(predicted_ports),
4524 LOCAL_VALIDATE_TEST(path_bias),
4525 LOCAL_VALIDATE_TEST(bandwidth),
4526 LOCAL_VALIDATE_TEST(circuits),
4527 LOCAL_VALIDATE_TEST(port_forwarding),
4528 LOCAL_VALIDATE_TEST(tor2web),
4529 LOCAL_VALIDATE_TEST(rend),
4530 LOCAL_VALIDATE_TEST(single_onion),
4531 LOCAL_VALIDATE_TEST(accounting),
4532 LOCAL_VALIDATE_TEST(proxy),
4533 LOCAL_VALIDATE_TEST(control),
4534 LOCAL_VALIDATE_TEST(families),
4535 LOCAL_VALIDATE_TEST(addr_policies),
4536 LOCAL_VALIDATE_TEST(dir_auth),
4537 LOCAL_VALIDATE_TEST(transport),
4538 LOCAL_VALIDATE_TEST(constrained_sockets),
4539 LOCAL_VALIDATE_TEST(v3_auth),
4540 LOCAL_VALIDATE_TEST(virtual_addr),
4541 LOCAL_VALIDATE_TEST(exits),
4542 LOCAL_VALIDATE_TEST(testing_options),
4543 LOCAL_VALIDATE_TEST(accel),
4544 END_OF_TESTCASES /* */
4545 };
4546
The Onion Router