51 Commits

Author	SHA1	Message	Date
David Goulet	90b840af60	control: Fix NULL pointer access in HS desc event ... This was introduced 90562fc23a adding a code path where we pass a NULL pointer for the HSDir fingerprint to the control event subsystem. The HS desc failed function wasn't handling properly that pointer for a NULL value. Two unit tests are also added in this commit to make sure we handle properly the case of a NULL hsdir fingerprint and a NULL content as well. Fixes #22138 Signed-off-by: David Goulet <dgoulet@torproject.org>	2017-05-03 09:26:17 -04:00
David Goulet	0565f5a3bb	hs: Make the service list pruning function public ... The reason for making the temporary list public is to keep it encapsulated in the rendservice subsystem so the prop224 code does not have direct access to it and can only affect it through the rendservice pruning function. It also has been modified to not take list as arguments but rather use the global lists (main and temporary ones) because prop224 code will call it to actually prune the rendservice's lists. The function does the needed rotation of pointers between those lists and then prune if needed. In order to make the unit test work and not completely horrible, there is a "impl_" version of the function that doesn't free memory, it simply moves pointers around. It is directly used in the unit test and two setter functions for those lists' pointer have been added only for unit test. Signed-off-by: David Goulet <dgoulet@torproject.org>	2017-04-13 16:25:49 -04:00
Nick Mathewson	7505f452c8	Run the copyright update script.	2017-03-15 16:13:17 -04:00
David Goulet	2d1fa58fb4	test: Add unit test for prune_services_on_reload() ... Signed-off-by: David Goulet <dgoulet@torproject.org>	2016-12-21 15:00:19 -05:00
Nick Mathewson	3e4a1ed7bb	Merge branch 'maint-0.2.9'	2016-12-11 20:40:12 -05:00
David Goulet	f3c040e33e	test: fix memory leak in single onion poisoning ... Closes #20938 Signed-off-by: David Goulet <dgoulet@torproject.org>	2016-12-09 12:59:40 -05:00
Nick Mathewson	f7e8bd640a	Merge branch 'maint-0.2.9'	2016-12-05 08:13:14 -05:00
teor	e8ce57e6e8	Move a comment in test_single_onion_poisoning	2016-12-03 06:30:58 +11:00
teor	8d42aab3f6	Add a missing return value check in test_single_onion_poisoning	2016-12-03 06:30:06 +11:00
teor	fdd368d656	Remove a double-free in test_single_onion_poisoning ... We were freeing both dir{1,2} directly, and service_{1,2}->directory via rend_service_free, even though they are the same pointer.	2016-12-03 06:27:32 +11:00
teor	c100c5c69b	Refactor poison_dir allocation and free in test_single_onion_poisoning ... This pattern is much less error-prone when future changes are made.	2016-12-03 06:25:46 +11:00
Nick Mathewson	6f101f96a6	Merge branch 'maint-0.2.9'	2016-12-02 07:40:53 -05:00
Nick Mathewson	1221c5aa02	test_single_onion_poisoning: Free dir[12] on all paths ... Coverity doesn't like it when there are paths to the end of the function where something doesn't get freed, even when those paths are only reachable on unit test failure. Fixes CID 1372899 and CID 1372900. Bug not in any released Tor.	2016-12-02 07:39:14 -05:00
Nick Mathewson	5efbd41daa	Merge branch 'maint-0.2.9'	2016-12-01 09:50:17 -05:00
teor	f80a43d16f	Stop ignoring hidden service key anonymity when first starting tor ... Instead, refuse to start tor if any hidden service key has been used in a different hidden service anonymity mode. Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. The original single onion service poisoning code checked poisoning state in options_validate, and poisoned in options_act. This was problematic, because the global array of hidden services had not been populated in options_validate (and there were ordrering issues with hidden service directory creation). This patch fixes this issue in rend_service_check_dir_and_add, which: * creates the directory, or checks permissions on an existing directory, then * checks the poisoning state of the directory, then * poisons the directory. When validating, only the permissions checks and the poisoning state checks are perfomed (the directory is not modified).	2016-12-01 09:44:53 -05:00
teor	91abd60cad	Update unit tests for 20484, 20529 ... Add extra logging and extra validity checks for hidden services.	2016-12-01 09:44:53 -05:00
Nick Mathewson	3e3040a5d9	Merge branch 'maint-0.2.9' ... Conflicts: src/or/rendservice.c	2016-11-07 16:31:40 -05:00
Nick Mathewson	c35c43d7d9	Merge branch 'ticket17238_029_02-resquash' ... Conflicts: src/or/rendclient.c src/or/rendcommon.c src/or/routerparse.c src/test/test_dir.c src/trunnel/ed25519_cert.h	2016-11-04 13:26:37 -04:00
George Kadianakis	d795ed5871	Make check-spaces happy :) ... Signed-off-by: David Goulet <dgoulet@torproject.org> Signed-off-by: George Kadianakis <desnacked@riseup.net>	2016-11-04 10:32:50 -04:00
David Goulet	8293356ad9	hs: Refactor rend_data_t for multi version support ... In order to implement proposal 224, we need the data structure rend_data_t to be able to accomodate versionning that is the current version of hidden service (2) and the new version (3) and future version. For that, we implement a series of accessors and a downcast function to get the v2 data structure. rend_data_t becomes a top level generic place holder. The entire rend_data_t API has been moved to hs_common.{c|h} in order to seperate code that is shared from between HS versions and unshared code (in rendcommon.c). Closes #19024 Signed-off-by: David Goulet <dgoulet@torproject.org> Signed-off-by: George Kadianakis <desnacked@riseup.net>	2016-11-04 10:29:26 -04:00
teor	01fe039b78	Test single onion service configs where the directory does not exist ... Runs a test for each combination of create/don't create directories. Tests #20484.	2016-11-02 14:17:52 +11:00
teor	fedafe7c0e	Use check_private_dir in test_single_onion_poisoning ... This avoids Win32 conditionals for mkdir.	2016-11-02 11:37:11 +11:00
Nick Mathewson	b08ddb60c9	Ensure that dir1 and dir2 are freed at the end of poisoning test ... Found by coverity.	2016-09-14 11:01:21 -04:00
teor	f311c9ffa2	Replace OnionService* with HiddenService* in option names ... And make consequential line-length adjustments.	2016-09-13 10:13:57 -04:00
teor (Tim Wilson-Brown)	b560f852f2	Implement Prop #260: Single Onion Services ... Add experimental OnionServiceSingleHopMode and OnionServiceNonAnonymousMode options. When both are set to 1, every hidden service on a tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and renzedvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current tor network without any changes to older relays or clients. Implements proposal #260, completes ticket #17178. Patch by teor & asn. squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services Redesign single onion service poisoning. When in OnionServiceSingleHopMode, each hidden service key is poisoned (marked as non-anonymous) on creation by creating a poison file in the hidden service directory. Existing keys are considered non-anonymous if this file exists, and anonymous if it does not. Tor refuses to launch in OnionServiceSingleHopMode if any existing keys are anonymous. Similarly, it refuses to launch in anonymous client mode if any existing keys are non-anonymous. Rewrite the unit tests to match and be more comprehensive. Adds a bonus unit test for rend_service_load_all_keys().	2016-09-13 10:10:54 -04:00
Nick Mathewson	33d3572a1d	Merge branch 'feature15588_squashed'	2016-05-09 14:41:36 -04:00
John Brooks	d5a23ce115	Move rend auth cookie en-/decoding to a function ... Tor stores client authorization cookies in two slightly different forms. The service's client_keys file has the standard base64-encoded cookie, including two chars of padding. The hostname file and the client remove the two padding chars, and store an auth type flag in the unused bits. The distinction makes no sense. Refactor all decoding to use the same function, which will accept either form, and use a helper function for encoding the truncated format.	2016-05-09 14:28:08 -04:00
Nick Mathewson	57699de005	Update the copyright year.	2016-02-27 18:48:19 +01:00
Nick Mathewson	bab221f113	Refactor our logic for sending events to controllers ... Previously we'd put these strings right on the controllers' outbufs. But this could cause some trouble, for these reasons: 1) Calling the network stack directly here would make a huge portion of our networking code (from which so much of the rest of Tor is reachable) reachable from everything that potentially generated controller events. 2) Since _some_ events (EVENT_ERR for instance) would cause us to call connection_flush(), every control_event_* function would appear to be able to reach even _more_ of the network stack in our cllgraph. 3) Every time we generated an event, we'd have to walk the whole connection list, which isn't exactly fast. This is an attempt to break down the "blob" described in http://archives.seul.org/tor/dev/Mar-2015/msg00197.html -- the set of functions from which nearly all the other functions in Tor are reachable. Closes ticket 16695.	2015-08-18 08:55:28 -04:00
Andrea Shepard	0e0b65db4f	Appease make check-spaces	2015-06-01 12:59:14 +00:00
Nick Mathewson	97a2dbb3e3	There sure are a lot of these in test_hs.c. CID 1301385	2015-05-28 13:17:24 -04:00
Nick Mathewson	9f289e3b9e	Another test_hs leak. CID 1301383.	2015-05-28 13:13:15 -04:00
Nick Mathewson	0585d4e94b	Memory leak in test_hs_rend_data ... CID 1301377	2015-05-28 13:01:48 -04:00
Nick Mathewson	d5e4a63436	Fix some compilation warnings	2015-05-18 15:57:21 -04:00
David Goulet	a324d7e8e1	Test: add unit test for rend_data_t object and functions ... Closes #16021 Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-05-14 12:08:54 -04:00
David Goulet	acfa374048	Test: fix HS_DESC to expect descriptor ID ... With #15881 implemented, this adds the missing descriptor ID at the end of the expected control message. Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-05-14 10:46:38 -04:00
David Goulet	c1ffeadff4	Add missing descriptor ID to HS_DESC control event ... For FAILED and RECEIVED action of the HS_DESC event, we now sends back the descriptor ID at the end like specified in the control-spec section 4.1.25. Fixes #15881 Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-05-14 10:46:38 -04:00
David Goulet	dd07c78524	Test: fix HSFETCH control command with latest change ... The expected message of the command now expects "650+" and "650 OK". Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-04-21 14:22:54 -04:00
David Goulet	28cf9f2186	Control: unbolt rend_data from HS desc event ... The HS_DESC event was using rend_data_t from the dir connection to reply the onion address and authentication type. With the new HSFETCH command, it's now possible to fetch a descriptor only using the descriptor id thus resulting in not having an onion address in any HS_DESC event. This patch removes rend_query from the hs desc control functions and replace it by an onion address string and an auth type. On a successful fetch, the service id is taken from the fetched descriptor. For that, an extra parameter is added to "store as a client" function that contains the cache entry stored. This will make the control event functions scale more easily over time if other values not present in rend_data_t are needed since the rend_data from the dir connection might not contained everything we need. Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-04-21 14:22:54 -04:00
David Goulet	7db58445fd	Control: add HS_DESC_CONTENT event ... As defined in section 4.1.26 in the control-spec.txt, this new event replies the content of a successfully fetched HS descriptor. This also adds a unit test for the controller event. Signed-off-by: David Goulet <dgoulet@ev0ke.net>	2015-04-21 14:15:02 -04:00
Nick Mathewson	6cdb213b6c	Combine test_helpers.[ch] and testhelper.[ch]	2015-02-18 09:19:38 -05:00
Nick Mathewson	caf28519d9	Merge branch 'bug12844' ... Conflicts: src/or/circuituse.c src/test/include.am src/test/test_entrynodes.c	2015-02-11 15:06:04 -05:00
Nick Mathewson	f54e54b0b4	Bump copyright dates to 2015, in case someday this matters.	2015-01-02 14:27:39 -05:00
rl1987	0db96d023b	Adding REASON field to HS_DESC FAILED controller event.	2014-11-16 15:51:23 +02:00
Nick Mathewson	a3dafd3f58	Replace operators used as macro arguments with OP_XX macros ... Part of fix for 13172	2014-11-12 13:28:07 -05:00
Nick Mathewson	fcdcb377a4	Add another year to our copyright dates. ... Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?	2014-10-28 15:30:16 -04:00
Nick Mathewson	0243895792	Use coccinelle scripts to clean up our unit tests ... This should get rid of most of the users of the old test_* functions. Some are in macros and will need manual cleanup, though. This patch is for 13119, and was automatically generated with these scripts. The perl scripts are there because coccinelle hates operators as macro arguments. ------------------------------ s/==,/_X_EQ_,/g; s/!=,/_X_NE_,/g; s/<,/_X_LT_,/g; s/>,/_X_GT_,/g; s/>=,/_X_GEQ_,/g; s/<=,/_X_LEQ_,/g; ------------------------------ @@ expression a; identifier func; @@ func (...) { <... -test_fail_msg +TT_DIE ( +( a +) ) ...> } @@ identifier func; @@ func (...) { <... -test_fail() +TT_DIE(("Assertion failed.")) ...> } @@ expression a; identifier func; @@ func (...) { <... -test_assert +tt_assert (a) ...> } @@ expression a, b; identifier func; @@ func (...) { <... -test_eq +tt_int_op (a, +_X_EQ_, b) ...> } @@ expression a, b; identifier func; @@ func (...) { <... -test_neq +tt_int_op (a, +_X_NEQ_, b) ...> } @@ expression a, b; identifier func; @@ func (...) { <... -test_streq +tt_str_op (a, +_X_EQ_, b) ...> } @@ expression a, b; identifier func; @@ func (...) { <... -test_strneq +tt_str_op (a, +_X_NEQ_, b) ...> } @@ expression a, b; identifier func; @@ func (...) { <... -test_eq_ptr +tt_ptr_op (a, +_X_EQ_, b) ...> } @@ expression a, b; identifier func; @@ func() { <... -test_neq_ptr +tt_ptr_op (a, +_X_NEQ_, b) ...> } @@ expression a, b, len; identifier func; @@ func (...) { <... -test_memeq +tt_mem_op (a, +_X_EQ_, b, len) ...> } @@ expression a, b, len; identifier func; @@ func (...) { <... -test_memneq +tt_mem_op (a, +_X_NEQ_, b, len) ...> } ------------------------------ @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a == b +a, _X_EQ_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a == b +a, _X_EQ_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a == b +a, _X_EQ_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a == b +a, _X_EQ_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a == b +a, _X_EQ_, b ) ...> } @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a != b +a, _X_NEQ_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a != b +a, _X_NEQ_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a != b +a, _X_NEQ_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a != b +a, _X_NEQ_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a != b +a, _X_NEQ_, b ) ...> } @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a >= b +a, _X_GEQ_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a >= b +a, _X_GEQ_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a >= b +a, _X_GEQ_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a >= b +a, _X_GEQ_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a >= b +a, _X_GEQ_, b ) ...> } @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a <= b +a, _X_LEQ_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a <= b +a, _X_LEQ_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a <= b +a, _X_LEQ_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a <= b +a, _X_LEQ_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a <= b +a, _X_LEQ_, b ) ...> } @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a > b +a, _X_GT_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a > b +a, _X_GT_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a > b +a, _X_GT_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a > b +a, _X_GT_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a > b +a, _X_GT_, b ) ...> } @@ char a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a < b +a, _X_LT_, b ) ...> } @@ int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a < b +a, _X_LT_, b ) ...> } @@ long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_int_op ( -a < b +a, _X_LT_, b ) ...> } @@ unsigned int a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a < b +a, _X_LT_, b ) ...> } @@ unsigned long a, b; identifier func; @@ func (...) { <... -tt_assert +tt_uint_op ( -a < b +a, _X_LT_, b ) ...> } ------------------------------ s/_X_NEQ_/!=/g; s/_X_NE_/!=/g; s/_X_EQ_/==/g; s/_X_GT_/>/g; s/_X_LT_/</g; s/_X_GEQ_/>=/g; s/_X_LEQ_/<=/g; s/test_mem_op\(/tt_mem_op\(/g;	2014-09-15 21:18:21 -04:00
George Kadianakis	bc80b0a50c	Write some unittests for Tor2webRendezvousPoints.	2014-09-15 16:07:48 +03:00
Qingping Hou	bf66ff915a	fix longname returned in HS_DESC control events ... According to control spec, longname should not contain any spaces and is consists only of identy_digest + nickname added two functions: * node_get_verbose_nickname_by_id() * node_describe_longname_by_id()	2014-02-06 16:13:55 -05:00
Nick Mathewson	24544a10c0	Clean up test_hs.c: warning fix; tor_free() usage. ... My OSX laptop rightly gave a warning because of sticking strlen() into an int, but once I took a closer look... it appears that the strlen() was part of a needlessly verbose implementation for tor_strdup(). While I was there, I fixed the usage of tor_free() in test_hs.c: It checks for NULL, and it zeros its argument. So instead of if (foo) { tor_free(foo); foo = NULL; } we should just say tor_free(foo);	2014-02-03 16:12:30 -05:00