static void
test_conn_edge_ap_handshake_rewrite_and_attach_closes_conn_with_error(void *data)
{
entry_connection_t *conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
addressmap_init();
origin_circuit_t *circuit = NULL;
crypt_path_t *path = NULL;
(void) data;
MOCK(connection_ap_handshake_rewrite, connection_ap_handshake_rewrite_mock);
MOCK(connection_mark_unattached_ap_, connection_mark_unattached_ap_mock);
init_rewrite_mock();
rewrite_mock->should_close = 1;
rewrite_mock->end_reason = END_STREAM_REASON_MISC;
int res = connection_ap_handshake_rewrite_and_attach(conn, circuit, path);
tt_int_op(res, OP_EQ, -1);
done:
UNMOCK(connection_ap_handshake_rewrite);
UNMOCK(connection_mark_unattached_ap_);
destroy_rewrite_mock();
tor_free(circuit);
tor_free(path);
}
static void
test_conn_edge_ap_handshake_rewrite_and_attach_closes_conn_for_excluded_exit(void *data)
{
entry_connection_t *conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
addressmap_init();
origin_circuit_t *circuit = NULL;
crypt_path_t *path = NULL;
(void) data;
MOCK(get_options, get_options_mock);
MOCK(connection_ap_handshake_rewrite, connection_ap_handshake_rewrite_mock);
MOCK(connection_mark_unattached_ap_, connection_mark_unattached_ap_mock);
MOCK(node_get_by_nickname, node_get_by_nickname_mock);
init_rewrite_mock();
init_exit_node_mock();
init_mock_options();
rewrite_mock->should_close = 0;
rewrite_mock->exit_source = ADDRMAPSRC_NONE;
SET_SOCKS_ADDRESS(conn->socks_request, "http://www.wellformed.exit");
conn->socks_request->command = SOCKS_COMMAND_CONNECT;
strlcpy(exit_node_mock->rs->nickname, "wellformed", MAX_NICKNAME_LEN+1);
options_mock->AllowDotExit = 1;
options_mock->StrictNodes = 0;
options_mock->SafeLogging_ = SAFELOG_SCRUB_NONE;
excluded_nodes = routerset_new();
smartlist_add(excluded_nodes->list, tor_strdup("wellformed"));
strmap_set(excluded_nodes->names, tor_strdup("wellformed"), exit_node_mock);
options_mock->ExcludeExitNodes = excluded_nodes;
int prev_log = setup_capture_of_logs(LOG_INFO);
int res = connection_ap_handshake_rewrite_and_attach(conn, circuit, path);
tt_int_op(unattachment_reason_spy, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
tt_int_op(res, OP_EQ, -1);
tt_str_op(mock_saved_log_at(-1), OP_EQ, "Excluded relay in exit address 'http://www.exit'. Refusing.\n");
done:
UNMOCK(get_options);
UNMOCK(connection_ap_handshake_rewrite);
UNMOCK(connection_mark_unattached_ap_);
UNMOCK(node_get_by_nickname);
destroy_rewrite_mock();
destroy_mock_options();
destroy_exit_node_mock();
tor_free(excluded_nodes);
tor_free(circuit);
tor_free(path);
teardown_capture_of_logs(prev_log);
}
static void
test_conn_edge_ap_handshake_rewrite_and_attach_closes_conn_for_unrecognized_exit_address(void *data)
{
entry_connection_t *conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
addressmap_init();
origin_circuit_t *circuit = NULL;
crypt_path_t *path = NULL;
(void) data;
MOCK(get_options, get_options_mock);
MOCK(connection_ap_handshake_rewrite, connection_ap_handshake_rewrite_mock);
MOCK(connection_mark_unattached_ap_, connection_mark_unattached_ap_mock);
init_rewrite_mock();
init_mock_options();
rewrite_mock->should_close = 0;
rewrite_mock->exit_source = ADDRMAPSRC_NONE;
SET_SOCKS_ADDRESS(conn->socks_request, "http://www.wellformed.exit");
conn->socks_request->command = SOCKS_COMMAND_CONNECT;
options_mock->AllowDotExit = 1;
options_mock->SafeLogging_ = SAFELOG_SCRUB_NONE;
int prev_log = setup_capture_of_logs(LOG_INFO);
int res = connection_ap_handshake_rewrite_and_attach(conn, circuit, path);
tt_int_op(unattachment_reason_spy, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
tt_int_op(res, OP_EQ, -1);
tt_str_op(mock_saved_log_at(-1), OP_EQ, "Unrecognized relay in exit address 'http://www.exit'. Refusing.\n");
done:
UNMOCK(get_options);
UNMOCK(connection_ap_handshake_rewrite);
UNMOCK(connection_mark_unattached_ap_);
destroy_rewrite_mock();
destroy_mock_options();
tor_free(circuit);
tor_free(path);
teardown_capture_of_logs(prev_log);
}
static void
test_conn_edge_ap_handshake_rewrite_and_attach_closes_conn_when_hostname_is_bogus(void *data)
{
entry_connection_t *conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
addressmap_init();
origin_circuit_t *circuit = NULL;
crypt_path_t *path = NULL;
(void) data;
MOCK(get_options, get_options_mock);
MOCK(connection_ap_handshake_rewrite, connection_ap_handshake_rewrite_mock);
MOCK(connection_mark_unattached_ap_, connection_mark_unattached_ap_mock);
init_mock_options();
init_rewrite_mock();
options_mock->SafeLogging_ = SAFELOG_SCRUB_NONE;
rewrite_mock->should_close = 0;
SET_SOCKS_ADDRESS(conn->socks_request, "http://www.bogus.onion");
conn->socks_request->command = SOCKS_COMMAND_CONNECT;
int prev_log = setup_capture_of_logs(LOG_INFO);
int res = connection_ap_handshake_rewrite_and_attach(conn, circuit, path);
tt_int_op(unattachment_reason_spy, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
tt_int_op(res, OP_EQ, -1);
tt_str_op(mock_saved_log_at(-1), OP_EQ, "Invalid onion hostname bogus; rejecting\n");
done:
UNMOCK(get_options);
UNMOCK(connection_ap_handshake_rewrite);
UNMOCK(connection_mark_unattached_ap_);
destroy_rewrite_mock();
tor_free(circuit);
tor_free(path);
destroy_mock_options();
teardown_capture_of_logs(prev_log);
}
static void
test_virtaddrmap_persist(void *data)
{
(void)data;
const char *a, *b, *c;
tor_addr_t addr;
char *ones = NULL;
addressmap_init();
// Try a hostname.
a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpend(a, ".virtual"));
// mock crypto_rand to repeat the same result twice; make sure we get
// different outcomes. (Because even though the odds for receiving the
// same 80-bit address twice is only 1/2^40, it could still happen for
// some user -- but running our test through 2^40 iterations isn't
// reasonable.)
canned_data = "1234567890" // the first call returns this.
"1234567890" // the second call returns this.
"abcdefghij"; // the third call returns this.
canned_data_len = 30;
MOCK(crypto_rand, crypto_canned);
a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("quuxit.baz"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME,
tor_strdup("nescio.baz"));
tt_assert(a);
tt_assert(b);
tt_str_op(a, OP_EQ, "gezdgnbvgy3tqojq.virtual");
tt_str_op(b, OP_EQ, "mfrggzdfmztwq2lk.virtual");
// Now try something to get us an ipv4 address
UNMOCK(crypto_rand);
tt_int_op(0,OP_EQ, parse_virtual_addr_network("192.168.0.0/16",
AF_INET, 0, NULL));
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpstart(a, "192.168."));
tor_addr_parse(&addr, a);
tt_int_op(AF_INET, OP_EQ, tor_addr_family(&addr));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("quuxit.baz"));
tt_str_op(b, OP_NE, a);
tt_assert(!strcmpstart(b, "192.168."));
// Try some canned entropy and verify all the we discard duplicates,
// addresses that end with 0, and addresses that end with 255.
MOCK(crypto_rand, crypto_canned);
canned_data = "\x01\x02\x03\x04" // okay
"\x01\x02\x03\x04" // duplicate
"\x03\x04\x00\x00" // bad ending 1
"\x05\x05\x00\xff" // bad ending 2
"\x05\x06\x07\xf0"; // okay
canned_data_len = 20;
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wumble.onion"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wumpus.onion"));
tt_str_op(a, OP_EQ, "192.168.3.4");
tt_str_op(b, OP_EQ, "192.168.7.240");
// Now try IPv6!
UNMOCK(crypto_rand);
tt_int_op(0,OP_EQ, parse_virtual_addr_network("1010:F000::/20",
AF_INET6, 0, NULL));
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("foobar.baz"));
tt_assert(a);
tt_assert(!strcmpstart(a, "[1010:f"));
tor_addr_parse(&addr, a);
tt_int_op(AF_INET6, OP_EQ, tor_addr_family(&addr));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("quuxit.baz"));
tt_str_op(b, OP_NE, a);
tt_assert(!strcmpstart(b, "[1010:f"));
// Try IPv6 with canned entropy, to make sure we detect duplicates.
MOCK(crypto_rand, crypto_canned);
canned_data = "acanthopterygian" // okay
"cinematographist" // okay
"acanthopterygian" // duplicate
"acanthopterygian" // duplicate
"acanthopterygian" // duplicate
"cinematographist" // duplicate
"coadministration"; // okay
canned_data_len = 16 * 7;
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("wuffle.baz"));
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("gribble.baz"));
c = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6,
tor_strdup("surprisingly-legible.baz"));
tt_str_op(a, OP_EQ, "[1010:f16e:7468:6f70:7465:7279:6769:616e]");
tt_str_op(b, OP_EQ, "[1010:fe65:6d61:746f:6772:6170:6869:7374]");
tt_str_op(c, OP_EQ, "[1010:f164:6d69:6e69:7374:7261:7469:6f6e]");
// Try address exhaustion: make sure we can actually fail if we
// get too many already-existing addresses.
canned_data_len = 128*1024;
canned_data = ones = tor_malloc(canned_data_len);
memset(ones, 1, canned_data_len);
// There is some chance this one will fail if a previous random
// allocation gave out the address already.
a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("might-work.onion"));
if (a) {
tt_str_op(a, OP_EQ, "192.168.1.1");
}
setup_capture_of_logs(LOG_WARN);
// This one will definitely fail, since we've set up the RNG to hand
// out "1" forever.
b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4,
tor_strdup("wont-work.onion"));
tt_assert(b == NULL);
expect_single_log_msg_containing("Ran out of virtual addresses!");
done:
UNMOCK(crypto_rand);
tor_free(ones);
addressmap_free_all();
teardown_capture_of_logs();
}
