static void
test_rend_service_parse_port_config(void *arg)
{
const char *sep = ",";
rend_service_port_config_t *cfg = NULL;
char *err_msg = NULL;
(void)arg;
/* Test "VIRTPORT" only. */
cfg = rend_service_parse_port_config("80", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is IPv4:port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,192.0.2.1:8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is IPv6:port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,[2001:db8::1]:8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* XXX: Someone should add tests for AF_UNIX targets if supported. */
/* Test empty config. */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("", sep, &err_msg);
tt_assert(!cfg);
tt_assert(err_msg);
/* Test invalid port. */
tor_free(err_msg);
cfg = rend_service_parse_port_config("90001", sep, &err_msg);
tt_assert(!cfg);
tt_assert(err_msg);
done:
rend_service_port_config_free(cfg);
tor_free(err_msg);
}
/* Test that single onion poisoning works. */
static void
test_single_onion_poisoning(void *arg)
{
or_options_t opt;
mock_options = &opt;
reset_options(mock_options, &mock_get_options_calls);
MOCK(get_options, mock_get_options);
int ret = -1;
intptr_t create_dir_mask = (intptr_t)arg;
/* Get directories with a random suffix so we can repeat the tests */
mock_options->DataDirectory = tor_strdup(get_fname_rnd("test_data_dir"));
rend_service_t *service_1 = tor_malloc_zero(sizeof(rend_service_t));
char *dir1 = tor_strdup(get_fname_rnd("test_hs_dir1"));
rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t));
char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2"));
smartlist_t *services = smartlist_new();
char *poison_path = NULL;
char *err_msg = NULL;
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
/* Create the data directory, and, if the correct bit in arg is set,
* create a directory for that service.
* The data directory is required for the lockfile, which is used when
* loading keys. */
ret = check_private_dir(mock_options->DataDirectory, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
if (create_dir_mask & CREATE_HS_DIR1) {
ret = check_private_dir(dir1, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
}
if (create_dir_mask & CREATE_HS_DIR2) {
ret = check_private_dir(dir2, CPD_CREATE, NULL);
tt_int_op(ret, OP_EQ, 0);
}
service_1->directory = dir1;
service_2->directory = dir2;
/* The services own the directory pointers now */
dir1 = dir2 = NULL;
/* Add port to service 1 */
service_1->ports = smartlist_new();
service_2->ports = smartlist_new();
rend_service_port_config_t *port1 = rend_service_parse_port_config("80", " ",
&err_msg);
tt_assert(port1);
tt_ptr_op(err_msg, OP_EQ, NULL);
smartlist_add(service_1->ports, port1);
rend_service_port_config_t *port2 = rend_service_parse_port_config("90", " ",
&err_msg);
/* Add port to service 2 */
tt_assert(port2);
tt_ptr_op(err_msg, OP_EQ, NULL);
smartlist_add(service_2->ports, port2);
/* No services, a service to verify, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Add the first service */
ret = hs_check_service_private_dir(mock_options->User, service_1->directory,
service_1->dir_group_readable, 1);
tt_int_op(ret, OP_EQ, 0);
smartlist_add(services, service_1);
/* But don't add the second service yet. */
/* Service directories, but no previous keys, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poison! Poison! Poison!
* This can only be done in HiddenServiceSingleHopMode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoning twice is a no-op. */
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoned service directories, but no previous keys, no problem! */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Either way, no problem. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now add some keys, and we'll have a problem. */
ret = rend_service_load_all_keys(services);
tt_int_op(ret, OP_EQ, 0);
/* Poisoned service directories with previous keys are not allowed. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But they are allowed if we're in non-anonymous mode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Re-poisoning directories with existing keys is a no-op, because
* directories with existing keys are ignored. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And it keeps the poison. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now add the second service: it has no key and no poison file */
ret = hs_check_service_private_dir(mock_options->User, service_2->directory,
service_2->dir_group_readable, 1);
tt_int_op(ret, OP_EQ, 0);
smartlist_add(services, service_2);
/* A new service, and an existing poisoned service. Not ok. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But ok to add in non-anonymous mode. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Now remove the poisoning from the first service, and we have the opposite
* problem. */
poison_path = rend_service_sos_poison_path(service_1);
tt_assert(poison_path);
ret = unlink(poison_path);
tt_int_op(ret, OP_EQ, 0);
/* Unpoisoned service directories with previous keys are ok, as are empty
* directories. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* But the existing unpoisoned key is not ok in non-anonymous mode, even if
* there is an empty service. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Poisoning directories with existing keys is a no-op, because directories
* with existing keys are ignored. But the new directory should poison. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the old directory remains unpoisoned. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the new directory should be ignored, because it has no key. */
mock_options->HiddenServiceSingleHopMode = 0;
mock_options->HiddenServiceNonAnonymousMode = 0;
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* Re-poisoning directories without existing keys is a no-op. */
mock_options->HiddenServiceSingleHopMode = 1;
mock_options->HiddenServiceNonAnonymousMode = 1;
ret = rend_service_poison_new_single_onion_dir(service_1, mock_options);
tt_int_op(ret, OP_EQ, 0);
ret = rend_service_poison_new_single_onion_dir(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
/* And the old directory remains unpoisoned. */
ret = rend_service_verify_single_onion_poison(service_1, mock_options);
tt_int_op(ret, OP_LT, 0);
ret = rend_service_verify_single_onion_poison(service_2, mock_options);
tt_int_op(ret, OP_EQ, 0);
done:
/* The test harness deletes the directories at exit */
tor_free(poison_path);
tor_free(dir1);
tor_free(dir2);
smartlist_free(services);
rend_service_free(service_1);
rend_service_free(service_2);
UNMOCK(get_options);
tor_free(mock_options->DataDirectory);
tor_free(err_msg);
}
static void
test_rend_service_parse_port_config(void *arg)
{
const char *sep = ",";
rend_service_port_config_t *cfg = NULL;
char *err_msg = NULL;
(void)arg;
/* Test "VIRTPORT" only. */
cfg = rend_service_parse_port_config("80", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is IPv4:port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,192.0.2.1:8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
/* Test "VIRTPORT,TARGET" (Target is IPv6:port). */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("80,[2001:db8::1]:8080", sep, &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
rend_service_port_config_free(cfg);
cfg = NULL;
/* XXX: Someone should add tests for AF_UNIX targets if supported. */
/* Test empty config. */
rend_service_port_config_free(cfg);
cfg = rend_service_parse_port_config("", sep, &err_msg);
tt_assert(!cfg);
tt_assert(err_msg);
/* Test invalid port. */
tor_free(err_msg);
cfg = rend_service_parse_port_config("90001", sep, &err_msg);
tt_assert(!cfg);
tt_assert(err_msg);
tor_free(err_msg);
/* unix port */
cfg = NULL;
/* quoted unix port */
tor_free(err_msg);
cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar\"",
" ", &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
rend_service_port_config_free(cfg);
cfg = NULL;
/* quoted unix port */
tor_free(err_msg);
cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar\"",
" ", &err_msg);
tt_assert(cfg);
tt_assert(!err_msg);
rend_service_port_config_free(cfg);
cfg = NULL;
/* quoted unix port, missing end quote */
cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar",
" ", &err_msg);
tt_assert(!cfg);
tt_str_op(err_msg, OP_EQ, "Couldn't process address <unix:\"/tmp/foo bar> "
"from hidden service configuration");
tor_free(err_msg);
/* bogus IP address */
cfg = rend_service_parse_port_config("100 1.2.3.4.5:9000",
" ", &err_msg);
tt_assert(!cfg);
tt_str_op(err_msg, OP_EQ, "Unparseable address in hidden service port "
"configuration.");
tor_free(err_msg);
/* bogus port port */
cfg = rend_service_parse_port_config("100 99999",
" ", &err_msg);
tt_assert(!cfg);
tt_str_op(err_msg, OP_EQ, "Unparseable or out-of-range port \"99999\" "
"in hidden service port configuration.");
tor_free(err_msg);
done:
rend_service_port_config_free(cfg);
tor_free(err_msg);
}
/* Configure a service using the given options in line_ and options. This is
* called for any service regardless of its version which means that all
* directives in this function are generic to any service version. This
* function will also check the validity of the service directory path.
*
* The line_ must be pointing to the directive directly after a
* HiddenServiceDir. That way, when hitting the next HiddenServiceDir line or
* reaching the end of the list of lines, we know that we have to stop looking
* for more options.
*
* Return 0 on success else -1. */
static int
config_generic_service(const config_line_t *line_,
const or_options_t *options,
hs_service_t *service)
{
int dir_seen = 0;
const config_line_t *line;
hs_service_config_t *config;
/* If this is set, we've seen a duplicate of this option. Keep the string
* so we can log the directive. */
const char *dup_opt_seen = NULL;
/* These variables will tell us if we ever have duplicate. */
int have_version = 0, have_allow_unknown_ports = 0;
int have_dir_group_read = 0, have_max_streams = 0;
int have_max_streams_close = 0;
tor_assert(line_);
tor_assert(options);
tor_assert(service);
/* Makes thing easier. */
config = &service->config;
/* The first line starts with HiddenServiceDir so we consider what's next is
* the configuration of the service. */
for (line = line_; line ; line = line->next) {
int ok = 0;
/* This indicate that we have a new service to configure. */
if (!strcasecmp(line->key, "HiddenServiceDir")) {
/* This function only configures one service at a time so if we've
* already seen one, stop right now. */
if (dir_seen) {
break;
}
/* Ok, we've seen one and we are about to configure it. */
dir_seen = 1;
config->directory_path = tor_strdup(line->value);
log_info(LD_CONFIG, "HiddenServiceDir=%s. Configuring...",
escaped(config->directory_path));
continue;
}
if (BUG(!dir_seen)) {
goto err;
}
/* Version of the service. */
if (!strcasecmp(line->key, "HiddenServiceVersion")) {
service->config.version =
(uint32_t) helper_parse_uint64(line->key, line->value, HS_VERSION_MIN,
HS_VERSION_MAX, &ok);
if (!ok || have_version) {
if (have_version)
dup_opt_seen = line->key;
goto err;
}
have_version = service->config.hs_version_explicitly_set = 1;
continue;
}
/* Virtual port. */
if (!strcasecmp(line->key, "HiddenServicePort")) {
char *err_msg = NULL;
/* XXX: Can we rename this? */
rend_service_port_config_t *portcfg =
rend_service_parse_port_config(line->value, " ", &err_msg);
if (!portcfg) {
if (err_msg) {
log_warn(LD_CONFIG, "%s", err_msg);
}
tor_free(err_msg);
goto err;
}
tor_assert(!err_msg);
smartlist_add(config->ports, portcfg);
log_info(LD_CONFIG, "HiddenServicePort=%s for %s",
line->value, escaped(config->directory_path));
continue;
}
/* Do we allow unknown ports. */
if (!strcasecmp(line->key, "HiddenServiceAllowUnknownPorts")) {
config->allow_unknown_ports =
(unsigned int) helper_parse_uint64(line->key, line->value, 0, 1, &ok);
if (!ok || have_allow_unknown_ports) {
if (have_allow_unknown_ports)
dup_opt_seen = line->key;
goto err;
}
have_allow_unknown_ports = 1;
continue;
}
/* Directory group readable. */
if (!strcasecmp(line->key, "HiddenServiceDirGroupReadable")) {
config->dir_group_readable =
(unsigned int) helper_parse_uint64(line->key, line->value, 0, 1, &ok);
if (!ok || have_dir_group_read) {
if (have_dir_group_read)
dup_opt_seen = line->key;
goto err;
}
have_dir_group_read = 1;
continue;
}
/* Maximum streams per circuit. */
if (!strcasecmp(line->key, "HiddenServiceMaxStreams")) {
config->max_streams_per_rdv_circuit =
helper_parse_uint64(line->key, line->value, 0,
HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT, &ok);
if (!ok || have_max_streams) {
if (have_max_streams)
dup_opt_seen = line->key;
goto err;
}
have_max_streams = 1;
continue;
}
/* Maximum amount of streams before we close the circuit. */
if (!strcasecmp(line->key, "HiddenServiceMaxStreamsCloseCircuit")) {
config->max_streams_close_circuit =
(unsigned int) helper_parse_uint64(line->key, line->value, 0, 1, &ok);
if (!ok || have_max_streams_close) {
if (have_max_streams_close)
dup_opt_seen = line->key;
goto err;
}
have_max_streams_close = 1;
continue;
}
}
/* Check if we are configured in non anonymous mode meaning every service
* becomes a single onion service. */
if (rend_service_non_anonymous_mode_enabled(options)) {
config->is_single_onion = 1;
/* We will add support for IPv6-only v3 single onion services in a future
* Tor version. This won't catch "ReachableAddresses reject *4", but that
* option doesn't work anyway. */
if (options->ClientUseIPv4 == 0 && config->version == HS_VERSION_THREE) {
log_warn(LD_CONFIG, "IPv6-only v3 single onion services are not "
"supported. Set HiddenServiceSingleHopMode 0 and "
"HiddenServiceNonAnonymousMode 0, or set ClientUseIPv4 1.");
goto err;
}
}
/* Success */
return 0;
err:
if (dup_opt_seen) {
log_warn(LD_CONFIG, "Duplicate directive %s.", dup_opt_seen);
}
return -1;
}
