/** Remove all TRACKEXIT mappings from the addressmap for which the target
* host is unknown or no longer allowed, or for which the source address
* is no longer in trackexithosts. */
void
addressmap_clear_excluded_trackexithosts(const or_options_t *options)
{
const routerset_t *allow_nodes = options->ExitNodes;
const routerset_t *exclude_nodes = options->ExcludeExitNodesUnion_;
if (!addressmap)
return;
if (routerset_is_empty(allow_nodes))
allow_nodes = NULL;
if (allow_nodes == NULL && routerset_is_empty(exclude_nodes))
return;
STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) {
size_t len;
const char *target = ent->new_address, *dot;
char *nodename;
const node_t *node;
if (!target) {
/* DNS resolving in progress */
continue;
} else if (strcmpend(target, ".exit")) {
/* Not a .exit mapping */
continue;
} else if (ent->source != ADDRMAPSRC_TRACKEXIT) {
/* Not a trackexit mapping. */
continue;
}
len = strlen(target);
if (len < 6)
continue; /* malformed. */
dot = target + len - 6; /* dot now points to just before .exit */
while (dot > target && *dot != '.')
dot--;
if (*dot == '.') dot++;
nodename = tor_strndup(dot, len-5-(dot-target));;
node = node_get_by_nickname(nodename, 0);
tor_free(nodename);
if (!node ||
(allow_nodes && !routerset_contains_node(allow_nodes, node)) ||
routerset_contains_node(exclude_nodes, node) ||
!hostname_in_track_host_exits(options, address)) {
/* We don't know this one, or we want to be rid of it. */
addressmap_ent_remove(address, ent);
MAP_DEL_CURRENT(address);
}
} STRMAP_FOREACH_END;
/** Select and create the temporary directory we'll use to run our unit tests.
* Store it in <b>temp_dir</b>. Exit immediately if we can't create it.
* idempotent. */
static void
setup_directory(void)
{
static int is_setup = 0;
int r;
char rnd[256], rnd32[256];
if (is_setup) return;
/* Due to base32 limitation needs to be a multiple of 5. */
#define RAND_PATH_BYTES 5
crypto_rand(rnd, RAND_PATH_BYTES);
base32_encode(rnd32, sizeof(rnd32), rnd, RAND_PATH_BYTES);
#ifdef _WIN32
{
char buf[MAX_PATH];
const char *tmp = buf;
const char *extra_backslash = "";
/* If this fails, we're probably screwed anyway */
if (!GetTempPathA(sizeof(buf),buf))
tmp = "c:\\windows\\temp\\";
if (strcmpend(tmp, "\\")) {
/* According to MSDN, it should be impossible for GetTempPath to give us
* an answer that doesn't end with \. But let's make sure. */
extra_backslash = "\\";
}
tor_snprintf(temp_dir, sizeof(temp_dir),
"%s%stor_test_%d_%s", tmp, extra_backslash,
(int)getpid(), rnd32);
r = mkdir(temp_dir);
}
#else /* !(defined(_WIN32)) */
tor_snprintf(temp_dir, sizeof(temp_dir), "/tmp/tor_test_%d_%s",
(int) getpid(), rnd32);
r = mkdir(temp_dir, 0700);
if (!r) {
/* undo sticky bit so tests don't get confused. */
r = chown(temp_dir, getuid(), getgid());
}
#endif /* defined(_WIN32) */
if (r) {
fprintf(stderr, "Can't create directory %s:", temp_dir);
perror("");
exit(1);
}
is_setup = 1;
temp_dir_setup_in_pid = getpid();
}
/** Unregister all TrackHostExits mappings from any address to
* *.exitname.exit. */
void
clear_trackexithost_mappings(const char *exitname)
{
char *suffix = NULL;
if (!addressmap || !exitname)
return;
tor_asprintf(&suffix, ".%s.exit", exitname);
tor_strlower(suffix);
STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) {
if (ent->source == ADDRMAPSRC_TRACKEXIT &&
!strcmpend(ent->new_address, suffix)) {
addressmap_ent_remove(address, ent);
MAP_DEL_CURRENT(address);
}
} STRMAP_FOREACH_END;
tor_free(suffix);
}
/** Run unit tests for our random number generation function and its wrappers.
*/
static void
test_crypto_rng(void)
{
int i, j, allok;
char data1[100], data2[100];
double d;
/* Try out RNG. */
test_assert(! crypto_seed_rng(0));
crypto_rand(data1, 100);
crypto_rand(data2, 100);
test_memneq(data1,data2,100);
allok = 1;
for (i = 0; i < 100; ++i) {
uint64_t big;
char *host;
j = crypto_rand_int(100);
if (j < 0 || j >= 100)
allok = 0;
big = crypto_rand_uint64(U64_LITERAL(1)<<40);
if (big >= (U64_LITERAL(1)<<40))
allok = 0;
big = crypto_rand_uint64(U64_LITERAL(5));
if (big >= 5)
allok = 0;
d = crypto_rand_double();
test_assert(d >= 0);
test_assert(d < 1.0);
host = crypto_random_hostname(3,8,"www.",".onion");
if (strcmpstart(host,"www.") ||
strcmpend(host,".onion") ||
strlen(host) < 13 ||
strlen(host) > 18)
allok = 0;
tor_free(host);
}
test_assert(allok);
done:
;
}
static void
test_virtaddrmap_persist(void *data)
{
(void)data;
const char *a, *b, *c;
tor_addr_t addr;
char *ones = NULL;
addressmap_init();
// Try a hostname.
a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpend(a, ".virtual"));
// mock crypto_rand to repeat the same result twice; make sure we get
// different outcomes. (Because even though the odds for receiving the
// same 80-bit address twice is only 1/2^40, it could still happen for
// some user -- but running our test through 2^40 iterations isn't
// reasonable.)
canned_data = "1234567890" // the first call returns this.
"1234567890" // the second call returns this.
"abcdefghij"; // the third call returns this.
canned_data_len = 30;
MOCK(crypto_rand, crypto_canned);
a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("quuxit.baz"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("nescio.baz"));
tt_assert(a);
tt_assert(b);
tt_str_op(a, OP_EQ, "gezdgnbvgy3tqojq.virtual");
tt_str_op(b, OP_EQ, "mfrggzdfmztwq2lk.virtual");
// Now try something to get us an ipv4 address
UNMOCK(crypto_rand);
tt_int_op(0,OP_EQ, parse_virtual_addr_network("192.168.0.0/16",
AF_INET, 0, NULL));
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpstart(a, "192.168."));
tor_addr_parse(&addr, a);
tt_int_op(AF_INET, OP_EQ, tor_addr_family(&addr));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("quuxit.baz"));
tt_str_op(b, OP_NE, a);
tt_assert(!strcmpstart(b, "192.168."));
// Try some canned entropy and verify all the we discard duplicates,
// addresses that end with 0, and addresses that end with 255.
MOCK(crypto_rand, crypto_canned);
canned_data = "\x01\x02\x03\x04" // okay
"\x01\x02\x03\x04" // duplicate
"\x03\x04\x00\x00" // bad ending 1
"\x05\x05\x00\xff" // bad ending 2
"\x05\x06\x07\xf0"; // okay
canned_data_len = 20;
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wumble.onion"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wumpus.onion"));
tt_str_op(a, OP_EQ, "192.168.3.4");
tt_str_op(b, OP_EQ, "192.168.7.240");
// Now try IPv6!
UNMOCK(crypto_rand);
tt_int_op(0,OP_EQ, parse_virtual_addr_network("1010:F000::/20",
AF_INET6, 0, NULL));
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpstart(a, "[1010:f"));
tor_addr_parse(&addr, a);
tt_int_op(AF_INET6, OP_EQ, tor_addr_family(&addr));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("quuxit.baz"));
tt_str_op(b, OP_NE, a);
tt_assert(!strcmpstart(b, "[1010:f"));
// Try IPv6 with canned entropy, to make sure we detect duplicates.
MOCK(crypto_rand, crypto_canned);
canned_data = "acanthopterygian" // okay
"cinematographist" // okay
"acanthopterygian" // duplicate
"acanthopterygian" // duplicate
"acanthopterygian" // duplicate
"cinematographist" // duplicate
"coadministration"; // okay
canned_data_len = 16 * 7;
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("wuffle.baz"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("gribble.baz"));
c = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("surprisingly-legible.baz"));
tt_str_op(a, OP_EQ, "[1010:f16e:7468:6f70:7465:7279:6769:616e]");
tt_str_op(b, OP_EQ, "[1010:fe65:6d61:746f:6772:6170:6869:7374]");
tt_str_op(c, OP_EQ, "[1010:f164:6d69:6e69:7374:7261:7469:6f6e]");
// Try address exhaustion: make sure we can actually fail if we
// get too many already-existing addresses.
canned_data_len = 128*1024;
canned_data = ones = tor_malloc(canned_data_len);
memset(ones, 1, canned_data_len);
// There is some chance this one will fail if a previous random
// allocation gave out the address already.
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("might-work.onion"));
if (a) {
tt_str_op(a, OP_EQ, "192.168.1.1");
}
setup_capture_of_logs(LOG_WARN);
// This one will definitely fail, since we've set up the RNG to hand
// out "1" forever.
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wont-work.onion"));
tt_assert(b == NULL);
expect_single_log_msg_containing("Ran out of virtual addresses!");
done:
UNMOCK(crypto_rand);
tor_free(ones);
addressmap_free_all();
teardown_capture_of_logs();
}
