For example, "TOR_SKIP_TESTCASES=crypto/.. ./src/test/test" will run
the tests and suppress all the "crypto/" tests. You could get the
same effect by running "./src/test/test :crypto/..", but that can be
harder to arrange from CI.
Part of a fix/workaround for 33643.
Add an inline helper function that indicates if the cached object contains a
decrypted descriptor or not.
The descriptor object is NULL if tor is unable to decrypt it (lacking client
authorization) and some actions need to be done only when we have a decrypted
object.
This improves code semantic.
Fixes#33458
Signed-off-by: David Goulet <dgoulet@torproject.org>
When a service can not upload its descriptor(s), we have no logs on why. This
adds logging for each possible reason for each descriptors.
That logging is emitted every second so it is rate limited for each reason and
per descriptor.
Closes#33400
Signed-off-by: David Goulet <dgoulet@torproject.org>
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes#33491
Signed-off-by: David Goulet <dgoulet@torproject.org>
This function works a little bit like strsep(), to get a chunk of
configuration lines with a given header. We can use this to make
hidden service config easier to parse.
This is not as clean a patch as I would like: see the comment on
ASSUME_AUTHORITY_SCHEDULING. This issue here is that the unit tests
sometimes assume that we are going to be looking at the dirauth
options and behaving like a dirauth, but without setting the options
to turn is into one.
This isn't an issue for actually running Tor, as far as I can tell
with chutney.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
voting_schedule_recalculate_timing dirauth_sched_recalculate_timing \
voting_schedule_get_start_of_next_interval voting_sched_get_start_of_interval_after \
voting_schedule_get_next_valid_after_time dirauth_sched_get_next_valid_after_time
Previously we had initialized only the library subsystems. This
made it hard to write some tests, and encouraged people to put their
subsystems at a level lower than they really belonged at. Instead,
it probably just makes sense to initialize everything before we
start the tests.
Without this fix, 33316 breaks our tests because of raising the
level of the ocirc/orconn events.
In "make test-network", add tests for single onion services v2 and v3.
In "make test-network-all", test onion services v2 and v3 in the same
network.
Part of 33334.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
MIN_DNS_TTL_AT_EXIT MIN_DNS_TTL \
MAX_DNS_TTL_AT_EXIT MAX_DNS_TTL \
dns_clip_ttl clip_dns_ttl
Use bridges+hs-v23 for "make test-network",
rather than using chutney's old default.
This change requires a recent version of chutney,
because the old bridges+hs-v23 did not work.
(See chutney's 33302 for details.)
Closes 28208.
The IPv6 test only runs if IPv6 is available.
Also, explicitly use the bridges+hs-v2 network for the IPv4-only test.
This network was chutney's default as of January 2020.
Closes 33300.
Make sure that the following hard-coded protocol version lists are
sorted:
* supported protocols
* recommended relay and client protocols
* required relay and client protocols
This test currently fails, because the supported protocols are not
sorted.
Tests for 33285.
This patch ensures that we always lowercase the BridgeDistribution from
torrc in descriptors before submitting it.
See: https://bugs.torproject.org/32753
Conflicts:
doc/tor.1.txt
src/app/config/config.c
src/app/config/or_options_st.h
src/core/mainloop/connection.h
Between 042 and 043, the dirauth options were modularized so this merge commit
address this by moving the AuthDirRejectUncompressedRequests to the module
along with a series of accessors.
Signed-off-by: David Goulet <dgoulet@torproject.org>
clang-format sometimes thinks that "#name" should be written as
"# name" if it appears at the start of a line. Using () appears
to suppress this, while confusing Coccinelle.
Without the hs_init(), the caches are not initialized and the previous commit
was causing an assert due to the missing caches.
But regardless of that, those tests were not initializing but were calling
hs_free_all().
Signed-off-by: David Goulet <dgoulet@torproject.org>
When the ONION_CLIENT_AUTH_REMOVE command is given to tor, now also remove the
descriptor associated with the client authorization credentials.
Fixes#33148
Signed-off-by: David Goulet <dgoulet@torproject.org>
The hs_parse_address() can not be used without an options_t object existing
since on error it uses the escaped_safe_str() that looks at the options.
This new function won't log and returns an error message in case of failure
that can then be used to log.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Make Tor clients tell dual-stack exits that they prefer IPv6
connections.
This change is equivalent to setting the PreferIPv6 flag on
SOCKSPorts (and most other listener ports). Tor Browser has
been setting this flag for some time, and we want to remove a
client distinguisher at exits.
Also update the man page, putting all the IP flags in their
non-default forms.
Closes ticket 32637.
When we removed obsolete consensus methods in 32695, we also
removed ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD, so we need to
remove it from the routerstatus format tests.
Part of 20218.
* ticket 32695 removed networkstatus_consensus_has_ipv6(),
keep that change in master.
* ticket 20218 modifies the function name and comment for
routerstatus_has_visibly_changed(), keep that change
in ticket20218_rebased_squashed.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
routerstatus_has_changed routerstatus_has_visibly_changed
It was generated with --no-verify, since it introduces a wide line.
I'll fix it in a subsequent commit.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
directory_must_use_begindir dirclient_must_use_begindir \
directory_fetches_from_authorities dirclient_fetches_from_authorities \
directory_fetches_dir_info_early dirclient_fetches_dir_info_early \
directory_fetches_dir_info_later dirclient_fetches_dir_info_later \
directory_too_idle_to_fetch_descriptors dirclient_too_idle_to_fetch_descriptors
We already check if there are invalid values in
check_bridge_distribution_setting() and reject the value if that is the
case. We can therefore only have strings of [A-Z] | [a-z] | [0-9] | '-'
| '_' here which is according to the directory specification.
See: https://bugs.torproject.org/32753
The variable lenght cells are handled directly by
channel_tls_handle_var_cell() from an OR connection reading its inbuf. The
channel var cell handler (agnostic) was never used.
Closes#32892
Signed-off-by: David Goulet <dgoulet@torproject.org>
Now that these tests are skipped on windows _and_ android, we should
name the macro that skips them after the functionality that the
tests depend on.
Closes last part of 32825.
We never used them very much, and although they had potential to
clarify some of our tests, they also made some of the logic harder
for people to follow. Clang-format can't make head or tail of them,
so the time has come to say goodbye to them.
This is an automated commit, generated by:
perl -i -pe 'next if /define/; s/((?:ENABLE|DISABLE)_GCC_WARNING)\(([A-Za-z0-9_\-]+)\)/$1(\"-W$2\")/' src/*/*/*.[ch] src/*/*.[ch]
These test cases are validated differently by some
programming languages, because those languages have
incorrect UTF-8 implementations.
We want to make sure that tor validates them correctly.
Closes ticket 32845.
* there is no ~ or HOME in Android
* UIDs and GIDs in Android represent apps, not users, and Android apps
cannot ever change UIDs
This should be replaced by whatever @nmathewson wants to name this stuff:
https://github.com/torproject/tor/pull/1436
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
EXPOSE_CLEAN_BACKTRACE BACKTRACE_PRIVATE \
TOR_CHANNEL_INTERNAL_ CHANNEL_OBJECT_PRIVATE \
CHANNEL_PRIVATE_ CHANNEL_FILE_PRIVATE \
EXPOSE_ROUTERDESC_TOKEN_TABLE ROUTERDESC_TOKEN_TABLE_PRIVATE \
SCHEDULER_PRIVATE_ SCHEDULER_PRIVATE
Some ".c" files define *_PRIVATE macros, but those macros are
not used in any header file. Delete them.
These changes were created using the "make autostyle" from
32522, and then split into commits.
We stopped looking at this option in 85cf6dcba3, back when we
implemented the minimal pieces of prop275. Since then, we've had
code to validate and adjust this option, and to give it a different
value in testing networks, but the option hasn't actually done
anything.
We can safely mark it as OBSOLETE, since doing so does not make any
old configuration get rejected.
Closes ticket 32807.
There is no /tmp or mkdtemp on Android, there is /data/local/tmp for
root and the shell user. So this fakes mkdtemp. Also, FYI, tor might
not like the default perms of /data/local/tmp, e.g. 0770.
https://trac.torproject.org/projects/tor/ticket/32172
All of these files contain "*.h", except for:
* src/app/config/.may_include
* src/test/.may_include
which also contain "*.inc".
This change prevents includes of "*.c" files, and other
unusually named files.
Part of 32609.
Because the function that parses client auth credentials saved on
disk (parse_auth_file_content()) is not future compatible, there is no way to
add support for storing the nickname on the disk. Hence, nicknames cannot
persist after Tor restart making them pretty much useless.
In the future we can introduce nicknames by adding a new file format for client
auth credentials, but this was not deemed worth doing at this stage.
In #26913 we solved a bug where CacheDirectoryGroupReadable would
override DataDirectoryGroupReadable when the two directories are the
same. We never did the same for KeyDirectory, though, because
that's a rare setting.
Now that I'm testing this code, though, fixing this issue seems
fine. Fixes bug #27992; bugfix on 0.3.3.1-alpha.
This commit extract most of the code that dirclient.c had to handle the end of
a descriptor directory requests (fetch). It is moved into hs_client.c in order
to have one single point of entry and the rest is fully handled by the HS
subsystem.
As part of #30382, depending on how the descriptor ended up stored (decoded or
not), different SOCKS error code can be returned.
Signed-off-by: David Goulet <dgoulet@torproject.org>
In order to achieve this, the parse_extended_hostname() had to be refactored
to return either success or failure and setting the hostname type in the given
parameter.
The reason for that is so it can detect invalid onion addresses that is having
a ".onion", the right length but just not passing validation.
That way, we can send back the prop304 ExtendedError "X'F1' Onion Service
Descriptor Is Invalid" to notify the SOCKS connection of the invalid onion
address.
Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>
This will allow us to callback into the HS subsytem depending on the decoding
status and return an extended SOCKS5 error code depending on the decoding
issue.
This is how we'll be able to tell the SocksPort connection if we are missing
or have bad client authorization for a service.
Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>
We now keep the descriptor in the cache, obviously not decoded, if it can't be
decrypted for which we believe client authorization is missing or unusable
(bad).
This way, it can be used later once the client authorization are added or
updated.
Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>
When we added the $FILTER for Windows newlines, we made
the pipeline always exit successfully, even if tor failed.
Fixes bug 32468; bugfix on 0.4.2.1-alpha.
The "expected_log" file is a set of patterns that matches the
output of "tor --verify-config". Unlike "error", it expects a
successful exit status.
Part of 32451.
When we are failing because of a lack of a _required_ engine, note
that the engine was "required".
When engines are disabled, any required engine should cause a
failure.
We still interpret "AccelName" as turning on the "HardwareAccel"
feature, but we no longer modify the user's options here.
Fixes bug 32382; bugfix on 0.2.2.1-alpha when we added openssl
engine support.
test_parseconf.sh now supports:
* {error,expected}{,_lzma,_nss,_zstd}{,_no_dirauth,_no_relay_dirauth}
Or any combination of two or more optional libraries.
Closes ticket 32397.
Fix minor issues in git-push-all.sh, git-setup-dirs.sh and
test_parseconf.sh.
Fixes bug 32402; not in any released version of tor.
Obviously correct changes to already reviewed code.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
get_dirportfrontpage relay_get_dirportfrontpage \
parse_port_config port_parse_config \
count_real_listeners port_count_real_listeners \
parse_transport_line pt_parse_transport_line \
ensure_bandwidth_cap config_ensure_bandwidth_cap \
get_effective_bwrate relay_get_effective_bwrate \
get_effective_bwburst relay_get_effective_bwburst \
warn_nonlocal_ext_orports port_warn_nonlocal_ext_orports \
parse_ports_relay port_parse_ports_relay \
update_port_set_relay port_update_port_set_relay \
get_transport_bindaddr_from_config pt_get_bindaddr_from_config \
get_options_for_server_transport pt_get_options_for_server_transport
It was generated with --no-verify, because it has some long lines.
Part of 32213.
This commit:
* disables the ORPort, DirPort, DirCache, and BridgeRelay options,
* sets ClientOnly 1,
* disables relay_config.c and relay/transport_config.c,
* disables test_rebind.sh, and
* modifies the expected results for test_parseconf.sh,
when the relay module is disabled.
Part of 32213.
Minor simplification and refactoring.
Make the dirauth tests focus on testing the intention of the code,
rather than option processing order.
Part of 32213.
This commit:
* moves relay config actions into relay_config,
* moves get_dirportfrontpage() into relay_config,
* adds thin wrappers to make the moved code compile.
No functional changes: the moved code is still enabled,
even if the relay module is disabled. (Some of the checks
are re-ordered, so the order of some warnings may change.)
Part of 32213.