static void
test_storagedir_full(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
const char str[] = "enemies of the peephole";
int r;
d = storage_dir_new(dirname, 3);
tt_assert(d);
r = storage_dir_save_string_to_file(d, str, 1, NULL);
tt_int_op(r, OP_EQ, 0);
r = storage_dir_save_string_to_file(d, str, 1, NULL);
tt_int_op(r, OP_EQ, 0);
r = storage_dir_save_string_to_file(d, str, 1, NULL);
tt_int_op(r, OP_EQ, 0);
// These should fail!
r = storage_dir_save_string_to_file(d, str, 1, NULL);
tt_int_op(r, OP_EQ, -1);
r = storage_dir_save_string_to_file(d, str, 1, NULL);
tt_int_op(r, OP_EQ, -1);
tt_u64_op(strlen(str) * 3, OP_EQ, storage_dir_get_usage(d));
done:
tor_free(dirname);
storage_dir_free(d);
}
static void
test_storagedir_empty(void *arg)
{
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
(void)arg;
tt_int_op(FN_NOENT, OP_EQ, file_status(dirname));
d = storage_dir_new(dirname, 10);
tt_assert(d);
tt_int_op(FN_DIR, OP_EQ, file_status(dirname));
tt_int_op(0, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(0, OP_EQ, storage_dir_get_usage(d));
storage_dir_free(d);
d = storage_dir_new(dirname, 10);
tt_assert(d);
tt_int_op(FN_DIR, OP_EQ, file_status(dirname));
tt_int_op(0, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(0, OP_EQ, storage_dir_get_usage(d));
done:
storage_dir_free(d);
tor_free(dirname);
}
static void
test_storagedir_deletion(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
char *fn1 = NULL, *fn2 = NULL;
char *bytes = NULL;
int r;
const char str1[] = "There are nine and sixty ways to disguise communiques";
const char str2[] = "And rather more than one of them is right";
// Make sure the directory is there. */
d = storage_dir_new(dirname, 10);
storage_dir_free(d);
d = NULL;
tor_asprintf(&fn1, "%s/1007", dirname);
r = write_str_to_file(fn1, str1, 0);
tt_int_op(r, OP_EQ, 0);
tor_asprintf(&fn2, "%s/1003.tmp", dirname);
r = write_str_to_file(fn2, str2, 0);
tt_int_op(r, OP_EQ, 0);
// The tempfile should be deleted the next time we list the directory.
d = storage_dir_new(dirname, 10);
tt_int_op(1, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(strlen(str1), OP_EQ, storage_dir_get_usage(d));
tt_int_op(FN_FILE, OP_EQ, file_status(fn1));
tt_int_op(FN_NOENT, OP_EQ, file_status(fn2));
bytes = (char*) storage_dir_read(d, "1007", 1, NULL);
tt_str_op(bytes, OP_EQ, str1);
// Should have no effect; file already gone.
storage_dir_remove_file(d, "1003.tmp");
tt_int_op(1, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(strlen(str1), OP_EQ, storage_dir_get_usage(d));
// Actually remove a file.
storage_dir_remove_file(d, "1007");
tt_int_op(FN_NOENT, OP_EQ, file_status(fn1));
tt_int_op(0, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(0, OP_EQ, storage_dir_get_usage(d));
done:
tor_free(dirname);
tor_free(fn1);
tor_free(fn2);
storage_dir_free(d);
tor_free(bytes);
}
static void
test_storagedir_save_labeled(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
uint8_t *inp = tor_malloc_zero(8192);
config_line_t *labels = NULL;
char *fname = NULL;
uint8_t *saved = NULL;
d = storage_dir_new(dirname, 10);
tt_assert(d);
crypto_rand((char *)inp, 8192);
config_line_append(&labels, "Foo", "bar baz");
config_line_append(&labels, "quux", "quuzXxz");
const char expected[] =
"Foo bar baz\n"
"quux quuzXxz\n";
int r = storage_dir_save_labeled_to_file(d, labels, inp, 8192, &fname);
tt_int_op(r, OP_EQ, 0);
size_t n = 0;
saved = storage_dir_read(d, fname, 1, &n);
tt_assert(memchr(saved, '\0', n));
tt_str_op((char*)saved, OP_EQ, expected); /* NUL guarantees strcmp works */
tt_mem_op(saved+strlen(expected)+1, OP_EQ, inp, 8192);
done:
storage_dir_free(d);
tor_free(dirname);
tor_free(inp);
tor_free(fname);
config_free_lines(labels);
tor_free(saved);
}
/* Test that single onion poisoning works. */
static void
test_single_onion_poisoning(void *arg)
{
or_options_t opt;
mock_options = &opt;
reset_options(mock_options, &mock_get_options_calls);
MOCK(get_options, mock_get_options);
int ret = -1;
intptr_t create_dir_mask = (intptr_t)arg;
/* Get directories with a random suffix so we can repeat the tests */
mock_options->DataDirectory = tor_strdup(get_fname_rnd("test_data_dir"));
rend_service_t *service_1 = tor_malloc_zero(sizeof(rend_service_t));
char *dir1 = tor_strdup(get_fname_rnd("test_hs_dir1"));
rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
smartlist_t *services = smartlist_new();
char *poison_path = NULL;
char *err_msg = NULL;
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
/* Create the data directory, and, if the correct bit in arg is set,
* create a directory for that service.
* The data directory is required for the lockfile, which is used when
* loading keys. */
ret = check_private_dir(mock_options->DataDirectory, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
if (create_dir_mask & CREATE_HS_DIR1) {
ret = check_private_dir(dir1, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
}
if (create_dir_mask & CREATE_HS_DIR2) {
ret = check_private_dir(dir2, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
}
service_1->directory = dir1;
service_2->directory = dir2;
/* The services own the directory pointers now */
dir1 = dir2 = NULL;
/* Add port to service 1 */
service_1->ports = smartlist_new();
service_2->ports = smartlist_new();
rend_service_port_config_t *port1 = rend_service_parse_port_config("80", " ",
&err_msg);
tt_assert(port1);
tt_ptr_op(err_msg, OP_EQ, NULL);
smartlist_add(service_1->ports, port1);
rend_service_port_config_t *port2 = rend_service_parse_port_config("90", " ",
&err_msg);
/* Add port to service 2 */
tt_assert(port2);
tt_ptr_op(err_msg, OP_EQ, NULL);
smartlist_add(service_2->ports, port2);
/* No services, a service to verify, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Add the first service */
ret = hs_check_service_private_dir(mock_options->User, service_1->directory,
service_1->dir_group_readable, 1);
tt_int_op(ret, OP_EQ, 0);
smartlist_add(services, service_1);
/* But don't add the second service yet. */
/* Service directories, but no previous keys, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poison! Poison! Poison!
* This can only be done in HiddenServiceSingleHopMode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoning twice is a no-op. */
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoned service directories, but no previous keys, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now add some keys, and we'll have a problem. */
ret = rend_service_load_all_keys(services);
tt_int_op(ret, OP_EQ, 0);
/* Poisoned service directories with previous keys are not allowed. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But they are allowed if we're in non-anonymous mode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Re-poisoning directories with existing keys is a no-op, because
* directories with existing keys are ignored. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And it keeps the poison. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now add the second service: it has no key and no poison file */
ret = hs_check_service_private_dir(mock_options->User, service_2->directory,
service_2->dir_group_readable, 1);
tt_int_op(ret, OP_EQ, 0);
smartlist_add(services, service_2);
/* A new service, and an existing poisoned service. Not ok. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But ok to add in non-anonymous mode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now remove the poisoning from the first service, and we have the opposite
* problem. */
poison_path = rend_service_sos_poison_path(service_1);
tt_assert(poison_path);
ret = unlink(poison_path);
tt_int_op(ret, OP_EQ, 0);
/* Unpoisoned service directories with previous keys are ok, as are empty
* directories. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But the existing unpoisoned key is not ok in non-anonymous mode, even if
* there is an empty service. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoning directories with existing keys is a no-op, because directories
* with existing keys are ignored. But the new directory should poison. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the old directory remains unpoisoned. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the new directory should be ignored, because it has no key. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Re-poisoning directories without existing keys is a no-op. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the old directory remains unpoisoned. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
done:
/* The test harness deletes the directories at exit */
tor_free(poison_path);
tor_free(dir1);
tor_free(dir2);
smartlist_free(services);
rend_service_free(service_1);
rend_service_free(service_2);
UNMOCK(get_options);
tor_free(mock_options->DataDirectory);
tor_free(err_msg);
}
static void
test_storagedir_basic(void *arg)
{
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
uint8_t *junk = NULL, *bytes = NULL;
const size_t junklen = 1024;
char *fname1 = NULL, *fname2 = NULL;
const char hello_str[] = "then what are we but cold, alone ... ?";
tor_mmap_t *mapping = NULL;
(void)arg;
junk = tor_malloc(junklen);
crypto_rand((void*)junk, junklen);
d = storage_dir_new(dirname, 10);
tt_assert(d);
tt_u64_op(0, OP_EQ, storage_dir_get_usage(d));
int r;
r = storage_dir_save_string_to_file(d, hello_str, 1, &fname1);
tt_int_op(r, OP_EQ, 0);
tt_ptr_op(fname1, OP_NE, NULL);
tt_u64_op(strlen(hello_str), OP_EQ, storage_dir_get_usage(d));
r = storage_dir_save_bytes_to_file(d, junk, junklen, 1, &fname2);
tt_int_op(r, OP_EQ, 0);
tt_ptr_op(fname2, OP_NE, NULL);
tt_str_op(fname1, OP_NE, fname2);
tt_int_op(2, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(junklen + strlen(hello_str), OP_EQ, storage_dir_get_usage(d));
tt_assert(smartlist_contains_string(storage_dir_list(d), fname1));
tt_assert(smartlist_contains_string(storage_dir_list(d), fname2));
storage_dir_free(d);
d = storage_dir_new(dirname, 10);
tt_assert(d);
tt_int_op(2, OP_EQ, smartlist_len(storage_dir_list(d)));
tt_u64_op(junklen + strlen(hello_str), OP_EQ, storage_dir_get_usage(d));
tt_assert(smartlist_contains_string(storage_dir_list(d), fname1));
tt_assert(smartlist_contains_string(storage_dir_list(d), fname2));
size_t n;
bytes = storage_dir_read(d, fname2, 1, &n);
tt_assert(bytes);
tt_u64_op(n, OP_EQ, junklen);
tt_mem_op(bytes, OP_EQ, junk, junklen);
mapping = storage_dir_map(d, fname1);
tt_assert(mapping);
tt_u64_op(mapping->size, OP_EQ, strlen(hello_str));
tt_mem_op(mapping->data, OP_EQ, hello_str, strlen(hello_str));
done:
tor_free(dirname);
tor_free(junk);
tor_free(bytes);
tor_munmap_file(mapping);
storage_dir_free(d);
tor_free(fname1);
tor_free(fname2);
}
static void
test_storagedir_read_labeled(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
uint8_t *inp = tor_malloc_zero(8192);
config_line_t *labels = NULL, *labels2 = NULL;
char *fname = NULL;
tor_mmap_t *map = NULL;
uint8_t *as_read = NULL;
d = storage_dir_new(dirname, 10);
tt_assert(d);
tor_snprintf((char*)inp, 8192,
"Hello world\n"
"This is a test\n"
"Yadda yadda.\n");
size_t bodylen = 8192 - strlen((char*)inp) - 1;
crypto_rand((char *)inp+strlen((char*)inp)+1, bodylen);
int r = storage_dir_save_bytes_to_file(d, inp, 8192, 1, &fname);
tt_int_op(r, OP_EQ, 0);
/* Try mapping */
const uint8_t *datap = NULL;
size_t sz = 0;
map = storage_dir_map_labeled(d, fname, &labels, &datap, &sz);
tt_assert(map);
tt_assert(datap);
tt_u64_op(sz, OP_EQ, bodylen);
tt_mem_op(datap, OP_EQ, inp+strlen((char*)inp)+1, bodylen);
tt_assert(labels);
tt_str_op(labels->key, OP_EQ, "Hello");
tt_str_op(labels->value, OP_EQ, "world");
tt_assert(labels->next);
tt_str_op(labels->next->key, OP_EQ, "This");
tt_str_op(labels->next->value, OP_EQ, "is a test");
tt_assert(labels->next->next);
tt_str_op(labels->next->next->key, OP_EQ, "Yadda");
tt_str_op(labels->next->next->value, OP_EQ, "yadda.");
tt_ptr_op(labels->next->next->next, OP_EQ, NULL);
/* Try reading this time. */
sz = 0;
as_read = storage_dir_read_labeled(d, fname, &labels2, &sz);
tt_assert(as_read);
tt_u64_op(sz, OP_EQ, bodylen);
tt_mem_op(as_read, OP_EQ, inp+strlen((char*)inp)+1, bodylen);
tt_assert(config_lines_eq(labels, labels2));
done:
storage_dir_free(d);
tor_free(dirname);
tor_free(inp);
tor_free(fname);
config_free_lines(labels);
config_free_lines(labels2);
tor_munmap_file(map);
tor_free(as_read);
}
static void
test_storagedir_cleaning(void *arg)
{
(void)arg;
char *dirname = tor_strdup(get_fname_rnd("store_dir"));
storage_dir_t *d = NULL;
const char str[] =
"On a mountain halfway between Reno and Rome / "
"We have a machine in a plexiglass dome / "
"Which listens and looks into everyone's home."
" -- Dr. Seuss";
char *fns[8];
int r, i;
memset(fns, 0, sizeof(fns));
d = storage_dir_new(dirname, 10);
tt_assert(d);
for (i = 0; i < 8; ++i) {
r = storage_dir_save_string_to_file(d, str+i*2, 1, &fns[i]);
tt_int_op(r, OP_EQ, 0);
}
/* Now we're going to make sure all the files have distinct mtimes. */
time_t now = time(NULL);
struct utimbuf ub;
ub.actime = now;
ub.modtime = now - 1000;
for (i = 0; i < 8; ++i) {
char *f = NULL;
tor_asprintf(&f, "%s/%s", dirname, fns[i]);
r = utime(f, &ub);
tor_free(f);
tt_int_op(r, OP_EQ, 0);
ub.modtime += 5;
}
const uint64_t usage_orig = storage_dir_get_usage(d);
/* No changes needed if we are already under target. */
storage_dir_shrink(d, 1024*1024, 0);
tt_u64_op(usage_orig, OP_EQ, storage_dir_get_usage(d));
/* Get rid of at least one byte. This will delete fns[0]. */
storage_dir_shrink(d, usage_orig - 1, 0);
tt_u64_op(usage_orig, OP_GT, storage_dir_get_usage(d));
tt_u64_op(usage_orig - strlen(str), OP_EQ, storage_dir_get_usage(d));
/* Get rid of at least two files. This will delete fns[1] and fns[2]. */
storage_dir_shrink(d, 1024*1024, 2);
tt_u64_op(usage_orig - strlen(str)*3 + 6, OP_EQ, storage_dir_get_usage(d));
/* Get rid of everything. */
storage_dir_remove_all(d);
tt_u64_op(0, OP_EQ, storage_dir_get_usage(d));
done:
tor_free(dirname);
storage_dir_free(d);
for (i = 0; i < 8; ++i) {
tor_free(fns[i]);
}
}
