nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-22 05:54:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adds files included by torrc and defaults to sandbox filter #22605

Browse Source
This commit is contained in:
Daniel Pinto 2017-08-30 18:20:07 +01:00
parent 6069c829f9
commit 23147dd168
7 changed files with 175 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
src/common/confline.c
View File

@ -12,15 +12,18 @@
static int config_get_lines_aux(const char *string, config_line_t **result,
int extended, int allow_include,
int *has_include, int recursion_level,
config_line_t **last);
static smartlist_t *config_get_file_list(const char *path);
static int config_get_included_list(const char *path, int recursion_level,
int extended, config_line_t **list,
config_line_t **list_last);
int *has_include, smartlist_t *opened_lst,
int recursion_level, config_line_t **last);
static smartlist_t *config_get_file_list(const char *path,
smartlist_t *opened_files);
static int config_get_included_config(const char *path, int recursion_level,
int extended, config_line_t **config,
config_line_t **config_last,
smartlist_t *opened_lst);
static int config_process_include(const char *path, int recursion_level,
int extended, config_line_t **list,
config_line_t **list_last);
config_line_t **list_last,
smartlist_t *opened_lst);
/** Helper: allocate a new configuration option mapping 'key' to 'val',
* append it to *<b>lst</b>. */
@ -80,11 +83,13 @@ config_line_find(const config_line_t *lines,
/** Auxiliary function that does all the work of config_get_lines.
* <b>recursion_level</b> is the count of how many nested %includes we have.
* <b>opened_lst</b> will have a list of opened files if provided.
* Returns the a pointer to the last element of the <b>result</b> in
* <b>last</b>. */
static int
config_get_lines_aux(const char *string, config_line_t **result, int extended,
int allow_include, int *has_include, int recursion_level,
int allow_include, int *has_include,
smartlist_t *opened_lst, int recursion_level,
config_line_t **last)
{
config_line_t *list = NULL, **next, *list_last = NULL;
@ -134,7 +139,7 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended,
config_line_t *include_list;
if (config_process_include(v, recursion_level, extended, &include_list,
&list_last) < 0) {
&list_last, opened_lst) < 0) {
log_warn(LD_CONFIG, "Error reading included configuration "
"file or directory: \"%s\".", v);
config_free_lines(list);
@ -176,24 +181,27 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended,
/** Helper: parse the config string and strdup into key/value
* strings. Set *result to the list, or NULL if parsing the string
* failed. Set *has_include to 1 if <b>result</b> has values from
* %included files. Return 0 on success, -1 on failure. Warn and ignore any
* %included files. <b>opened_lst</b> will have a list of opened files if
* provided. Return 0 on success, -1 on failure. Warn and ignore any
* misformatted lines.
*
* If <b>extended</b> is set, then treat keys beginning with / and with + as
* indicating "clear" and "append" respectively. */
int
config_get_lines_include(const char *string, config_line_t **result,
int extended, int *has_include)
int extended, int *has_include,
smartlist_t *opened_lst)
{
return config_get_lines_aux(string, result, extended, 1, has_include, 1,
NULL);
return config_get_lines_aux(string, result, extended, 1, has_include,
opened_lst, 1, NULL);
}
/** Same as config_get_lines_include but does not allow %include */
int
config_get_lines(const char *string, config_line_t **result, int extended)
{
return config_get_lines_aux(string, result, extended, 0, NULL, 1, NULL);
return config_get_lines_aux(string, result, extended, 0, NULL, NULL, 1,
NULL);
}
/** Adds a list of configuration files present on <b>path</b> to
@ -201,12 +209,18 @@ config_get_lines(const char *string, config_line_t **result, int extended)
* only that file will be added to <b>file_list</b>. If it is a directory,
* all paths for files on that directory root (no recursion) except for files
* whose name starts with a dot will be added to <b>file_list</b>.
* Return 0 on success, -1 on failure. Ignores empty files.
* <b>opened_files</b> will have a list of files opened by this function
* if provided. Return 0 on success, -1 on failure. Ignores empty files.
*/
static smartlist_t *
config_get_file_list(const char *path)
config_get_file_list(const char *path, smartlist_t *opened_files)
{
smartlist_t *file_list = smartlist_new();
if (opened_files) {
smartlist_add_strdup(opened_files, path);
}
file_status_t file_type = file_status(path);
if (file_type == FN_FILE) {
smartlist_add_strdup(file_list, path);
@ -228,6 +242,10 @@ config_get_file_list(const char *path)
tor_asprintf(&fullname, "%s"PATH_SEPARATOR"%s", path, f);
tor_free(f);
if (opened_files) {
smartlist_add_strdup(opened_files, fullname);
}
if (file_status(fullname) != FN_FILE) {
tor_free(fullname);
continue;
@ -245,19 +263,21 @@ config_get_file_list(const char *path)
}
/** Creates a list of config lines present on included <b>path</b>.
* Set <b>list</b> to the list and <b>list_last</b> to the last element of
* <b>list</b>. Return 0 on success, -1 on failure. */
* Set <b>config</b> to the list and <b>config_last</b> to the last element of
* <b>config</b>. <b>opened_lst</b> will have a list of opened files if
* provided. Return 0 on success, -1 on failure. */
static int
config_get_included_list(const char *path, int recursion_level, int extended,
config_line_t **list, config_line_t **list_last)
config_get_included_config(const char *path, int recursion_level, int extended,
config_line_t **config, config_line_t **config_last,
smartlist_t *opened_lst)
{
char *included_conf = read_file_to_str(path, 0, NULL);
if (!included_conf) {
return -1;
}
if (config_get_lines_aux(included_conf, list, extended, 1, NULL,
recursion_level+1, list_last) < 0) {
if (config_get_lines_aux(included_conf, config, extended, 1, NULL,
opened_lst, recursion_level+1, config_last) < 0) {
tor_free(included_conf);
return -1;
}
@ -268,41 +288,31 @@ config_get_included_list(const char *path, int recursion_level, int extended,
/** Process an %include <b>path</b> in a config file. Set <b>list</b> to the
* list of configuration settings obtained and <b>list_last</b> to the last
* element of the same list. Return 0 on success, -1 on failure. */
* element of the same list. <b>opened_lst</b> will have a list of opened
* files if provided. Return 0 on success, -1 on failure. */
static int
config_process_include(const char *path, int recursion_level, int extended,
config_line_t **list, config_line_t **list_last)
config_line_t **list, config_line_t **list_last,
smartlist_t *opened_lst)
{
config_line_t *ret_list = NULL;
config_line_t **next = &ret_list;
#if 0
// Disabled -- we already unescape_string() on the result. */
char *unquoted_path = get_unquoted_path(path);
if (!unquoted_path) {
return -1;
}
smartlist_t *config_files = config_get_file_list(unquoted_path);
if (!config_files) {
tor_free(unquoted_path);
return -1;
}
tor_free(unquoted_path);
#endif
smartlist_t *config_files = config_get_file_list(path);
smartlist_t *config_files = config_get_file_list(path, opened_lst);
if (!config_files) {
return -1;
}
int rv = -1;
SMARTLIST_FOREACH_BEGIN(config_files, const char *, config_file) {
config_line_t *included_list = NULL;
if (config_get_included_list(config_file, recursion_level, extended,
&included_list, list_last) < 0) {
config_line_t *included_config = NULL;
if (config_get_included_config(config_file, recursion_level, extended,
&included_config, list_last,
opened_lst) < 0) {
goto done;
}
*next = included_list;
*next = included_config;
if (*list_last)
next = &(*list_last)->next;

5
src/common/confline.h
View File

@ -7,6 +7,8 @@
#ifndef TOR_CONFLINE_H
#define TOR_CONFLINE_H
#include "container.h"
/** Ordinary configuration line. */
#define CONFIG_LINE_NORMAL 0
/** Appends to previous configuration for the same option, even if we
@ -44,7 +46,8 @@ int config_lines_eq(config_line_t *a, config_line_t *b);
int config_count_key(const config_line_t *a, const char *key);
int config_get_lines(const char *string, config_line_t **result, int extended);
int config_get_lines_include(const char *string, config_line_t **result,
int extended, int *has_include);
int extended, int *has_include,
smartlist_t *opened_lst);
void config_free_lines(config_line_t *front);
const char *parse_config_line_from_str_verbose(const char *line,
char **key_out, char **value_out,

1
src/common/sandbox.c
View File

@ -151,6 +151,7 @@ static int filter_nopar_gen[] = {
SCMP_SYS(fstat64),
#endif
SCMP_SYS(futex),
SCMP_SYS(getdents),
SCMP_SYS(getdents64),
SCMP_SYS(getegid),
#ifdef __NR_getegid32

16
src/or/config.c
View File

@ -895,6 +895,10 @@ or_options_free(or_options_t *options)
rs, routerset_free(rs));
smartlist_free(options->NodeFamilySets);
}
if (options->FilesOpenedByIncludes) {
SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, tor_free(f));
smartlist_free(options->FilesOpenedByIncludes);
}
tor_free(options->BridgePassword_AuthDigest_);
tor_free(options->command_arg);
tor_free(options->master_key_fname);
@ -5071,13 +5075,16 @@ options_init_from_string(const char *cf_defaults, const char *cf,
newoptions->command = command;
newoptions->command_arg = command_arg ? tor_strdup(command_arg) : NULL;
smartlist_t *opened_files = smartlist_new();
for (int i = 0; i < 2; ++i) {
const char *body = i==0 ? cf_defaults : cf;
if (!body)
continue;
/* get config lines, assign them */
retval = config_get_lines_include(body, &cl, 1,
body == cf ? &cf_has_include : NULL);
body == cf ? &cf_has_include : NULL,
opened_files);
if (retval < 0) {
err = SETOPT_ERR_PARSE;
goto err;
@ -5106,6 +5113,7 @@ options_init_from_string(const char *cf_defaults, const char *cf,
}
newoptions->IncludeUsed = cf_has_include;
newoptions->FilesOpenedByIncludes = opened_files;
/* If this is a testing network configuration, change defaults
* for a list of dependent config options, re-initialize newoptions
@ -5145,13 +5153,16 @@ options_init_from_string(const char *cf_defaults, const char *cf,
newoptions->command_arg = command_arg ? tor_strdup(command_arg) : NULL;
/* Assign all options a second time. */
opened_files = smartlist_new();
for (int i = 0; i < 2; ++i) {
const char *body = i==0 ? cf_defaults : cf;
if (!body)
continue;
/* get config lines, assign them */
retval = config_get_lines_include(body, &cl, 1,
body == cf ? &cf_has_include : NULL);
body == cf ? &cf_has_include : NULL,
opened_files);
if (retval < 0) {
err = SETOPT_ERR_PARSE;
goto err;
@ -5175,6 +5186,7 @@ options_init_from_string(const char *cf_defaults, const char *cf,
}
newoptions->IncludeUsed = cf_has_include;
newoptions->FilesOpenedByIncludes = opened_files;
/* Validate newoptions */
if (options_validate(oldoptions, newoptions, newdefaultoptions,

4
src/or/main.c
View File

@ -3493,6 +3493,10 @@ sandbox_init_filter(void)
}
}
SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, {
OPEN(f);
});
#define RENAME_SUFFIX(name, suffix) \
sandbox_cfg_allow_rename(&cfg, \
get_datadir_fname(name suffix), \

3
src/or/or.h
View File

@ -4563,6 +4563,9 @@ typedef struct {
* consensuses around so that we can generate diffs from them. If 0,
* use the default. */
int MaxConsensusAgeForDiffs;
/** List of files that were opened by %include in torrc and torrc-defaults */
smartlist_t *FilesOpenedByIncludes;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */

114
src/test/test_config.c
View File

@ -4832,7 +4832,7 @@ test_config_include_limit(void *data)
torrc_path);
tt_int_op(write_str_to_file(torrc_path, torrc_contents, 0), OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL),
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL, NULL),
OP_EQ, -1);
done:
@ -4862,7 +4862,7 @@ test_config_include_does_not_exist(void *data)
tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include %s",
missing_path);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL),
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL, NULL),
OP_EQ, -1);
done:
@ -4894,7 +4894,7 @@ test_config_include_error_in_included_file(void *data)
tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include %s",
invalid_path);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL),
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, NULL, NULL),
OP_EQ, -1);
done:
@ -4937,8 +4937,8 @@ test_config_include_empty_file_folder(void *data)
folder_path, file_path);
int include_used;
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used,
NULL), OP_EQ, 0);
tt_ptr_op(result, OP_EQ, NULL);
tt_int_op(include_used, OP_EQ, 1);
@ -4989,8 +4989,8 @@ test_config_include_recursion_before_after(void *data)
}
int include_used;
tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used,
NULL), OP_EQ, 0);
tt_ptr_op(result, OP_NE, NULL);
tt_int_op(include_used, OP_EQ, 1);
@ -5052,8 +5052,8 @@ test_config_include_recursion_after_only(void *data)
}
int include_used;
tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(file_contents, &result, 0, &include_used,
NULL), OP_EQ, 0);
tt_ptr_op(result, OP_NE, NULL);
tt_int_op(include_used, OP_EQ, 1);
@ -5136,8 +5136,8 @@ test_config_include_folder_order(void *data)
torrcd);
int include_used;
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, &include_used,
NULL), OP_EQ, 0);
tt_ptr_op(result, OP_NE, NULL);
tt_int_op(include_used, OP_EQ, 1);
@ -5187,8 +5187,8 @@ test_config_include_path_syntax(void *data)
esc_dir_with_pathsep);
int include_used;
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used,
NULL), OP_EQ, 0);
tt_ptr_op(result, OP_EQ, NULL);
tt_int_op(include_used, OP_EQ, 1);
@ -5242,14 +5242,14 @@ test_config_include_has_include(void *data)
char torrc_contents[1000] = "Test 1\n";
int include_used;
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used,
NULL), OP_EQ, 0);
tt_int_op(include_used, OP_EQ, 0);
config_free_lines(result);
tor_snprintf(torrc_contents, sizeof(torrc_contents), "%%include %s\n", dir);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used),
OP_EQ, 0);
tt_int_op(config_get_lines_include(torrc_contents, &result, 0,&include_used,
NULL), OP_EQ, 0);
tt_int_op(include_used, OP_EQ, 1);
done:
@ -5357,6 +5357,85 @@ test_config_include_flag_defaults_only(void *data)
tor_free(dir);
}
static void
test_config_include_opened_file_list(void *data)
{
(void)data;
config_line_t *result = NULL;
smartlist_t *opened_files = smartlist_new();
char *dir = tor_strdup(get_fname("test_include_opened_file_list"));
tt_ptr_op(dir, OP_NE, NULL);
#ifdef _WIN32
tt_int_op(mkdir(dir), OP_EQ, 0);
#else
tt_int_op(mkdir(dir, 0700), OP_EQ, 0);
#endif
char torrcd[PATH_MAX+1];
tor_snprintf(torrcd, sizeof(torrcd), "%s"PATH_SEPARATOR"%s", dir, "torrc.d");
#ifdef _WIN32
tt_int_op(mkdir(torrcd), OP_EQ, 0);
#else
tt_int_op(mkdir(torrcd, 0700), OP_EQ, 0);
#endif
char subfolder[PATH_MAX+1];
tor_snprintf(subfolder, sizeof(subfolder), "%s"PATH_SEPARATOR"%s", torrcd,
"subfolder");
#ifdef _WIN32
tt_int_op(mkdir(subfolder), OP_EQ, 0);
#else
tt_int_op(mkdir(subfolder, 0700), OP_EQ, 0);
#endif
char path[PATH_MAX+1];
tor_snprintf(path, sizeof(path), "%s"PATH_SEPARATOR"%s", subfolder,
"01_file_in_subfolder");
tt_int_op(write_str_to_file(path, "Test 1\n", 0), OP_EQ, 0);
char empty[PATH_MAX+1];
tor_snprintf(empty, sizeof(empty), "%s"PATH_SEPARATOR"%s", torrcd, "empty");
tt_int_op(write_str_to_file(empty, "", 0), OP_EQ, 0);
char file[PATH_MAX+1];
tor_snprintf(file, sizeof(file), "%s"PATH_SEPARATOR"%s", torrcd, "file");
tt_int_op(write_str_to_file(file, "Test 2\n", 0), OP_EQ, 0);
char dot[PATH_MAX+1];
tor_snprintf(dot, sizeof(dot), "%s"PATH_SEPARATOR"%s", torrcd, ".dot");
tt_int_op(write_str_to_file(dot, "Test 3\n", 0), OP_EQ, 0);
char torrc_contents[1000];
tor_snprintf(torrc_contents, sizeof(torrc_contents),
"%%include %s\n",
torrcd);
int include_used;
tt_int_op(config_get_lines_include(torrc_contents, &result, 0, &include_used,
opened_files), OP_EQ, 0);
tt_ptr_op(result, OP_NE, NULL);
tt_int_op(include_used, OP_EQ, 1);
tt_int_op(smartlist_len(opened_files), OP_EQ, 4);
tt_int_op(smartlist_contains_string(opened_files, torrcd), OP_EQ, 1);
tt_int_op(smartlist_contains_string(opened_files, subfolder), OP_EQ, 1);
// files inside subfolders are not opended, only the subfolder is opened
tt_int_op(smartlist_contains_string(opened_files, empty), OP_EQ, 1);
tt_int_op(smartlist_contains_string(opened_files, file), OP_EQ, 1);
// dot files are not opened as we ignore them when we get their name from
// their parent folder
done:
SMARTLIST_FOREACH(opened_files, char *, f, tor_free(f));
smartlist_free(opened_files);
config_free_lines(result);
tor_free(dir);
}
#define CONFIG_TEST(name, flags) \
{ #name, test_config_ ## name, flags, NULL, NULL }
@ -5396,6 +5475,7 @@ struct testcase_t config_tests[] = {
CONFIG_TEST(include_flag_both_without, TT_FORK),
CONFIG_TEST(include_flag_torrc_only, TT_FORK),
CONFIG_TEST(include_flag_defaults_only, TT_FORK),
CONFIG_TEST(include_opened_file_list, 0),
END_OF_TESTCASES
};