mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
remove class RemoteList c'tor RNG default value
Instead of throwing an exception with --remote-random-hostname, when no RNG is present during construction, we treat an explicit null RNG as a choice not to randomize the hosts. To make that choice explicit, the default value for the RNG is removed, so that callers need to decide which behavior they want. Closes #53 in the openvpn3-linux issue tracker. Signed-off-by: Heiko Hund <heiko@openvpn.net>
This commit is contained in:
parent
677b6edf1f
commit
bff784ab25
@ -191,8 +191,9 @@ namespace openvpn {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate remote list
|
// validate remote list - don't randomize it at this point
|
||||||
remoteList.reset(new RemoteList(options, "", 0, nullptr));
|
RandomAPI::Ptr no_rng;
|
||||||
|
remoteList.reset(new RemoteList(options, "", 0, nullptr, no_rng));
|
||||||
{
|
{
|
||||||
const RemoteList::Item* ri = remoteList->first_item();
|
const RemoteList::Item* ri = remoteList->first_item();
|
||||||
if (ri)
|
if (ri)
|
||||||
|
@ -416,7 +416,7 @@ namespace openvpn {
|
|||||||
const std::string& connection_tag,
|
const std::string& connection_tag,
|
||||||
const unsigned int flags,
|
const unsigned int flags,
|
||||||
ConnBlockFactory* conn_block_factory,
|
ConnBlockFactory* conn_block_factory,
|
||||||
RandomAPI::Ptr rng_arg = RandomAPI::Ptr())
|
RandomAPI::Ptr rng_arg)
|
||||||
: random_hostname(opt.exists("remote-random-hostname"))
|
: random_hostname(opt.exists("remote-random-hostname"))
|
||||||
, directives(connection_tag)
|
, directives(connection_tag)
|
||||||
, rng(rng_arg)
|
, rng(rng_arg)
|
||||||
@ -886,7 +886,7 @@ namespace openvpn {
|
|||||||
|
|
||||||
void randomize_host(Item& item)
|
void randomize_host(Item& item)
|
||||||
{
|
{
|
||||||
if (!random_hostname)
|
if (!random_hostname || !rng)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
try
|
try
|
||||||
@ -896,9 +896,6 @@ namespace openvpn {
|
|||||||
}
|
}
|
||||||
catch (const IP::ip_exception& e)
|
catch (const IP::ip_exception& e)
|
||||||
{
|
{
|
||||||
if (!rng)
|
|
||||||
throw remote_list_error("remote-random-hostname without PRNG");
|
|
||||||
|
|
||||||
// Produce 6 bytes of random prefix data
|
// Produce 6 bytes of random prefix data
|
||||||
unsigned char prefix[6];
|
unsigned char prefix[6];
|
||||||
rng->rand_bytes(prefix, sizeof(prefix));
|
rng->rand_bytes(prefix, sizeof(prefix));
|
||||||
|
@ -105,7 +105,8 @@ TEST(RemoteList, CtorRemoteList)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
RemoteList rl(cfg, "", 0, nullptr);
|
RandomAPI::Ptr rng;
|
||||||
|
RemoteList rl(cfg, "", 0, nullptr, rng);
|
||||||
ASSERT_EQ(rl.defined(), true);
|
ASSERT_EQ(rl.defined(), true);
|
||||||
ASSERT_EQ(rl.size(), 4);
|
ASSERT_EQ(rl.size(), 4);
|
||||||
ASSERT_EQ(rl.get_item(0).server_host, "0.default.invalid");
|
ASSERT_EQ(rl.get_item(0).server_host, "0.default.invalid");
|
||||||
@ -132,7 +133,8 @@ TEST(RemoteList, CtorRemoteListConnBlockOnly)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
RemoteList rl(cfg, "", RemoteList::CONN_BLOCK_ONLY, nullptr);
|
RandomAPI::Ptr rng;
|
||||||
|
RemoteList rl(cfg, "", RemoteList::CONN_BLOCK_ONLY, nullptr, rng);
|
||||||
ASSERT_EQ(rl.defined(), true);
|
ASSERT_EQ(rl.defined(), true);
|
||||||
ASSERT_EQ(rl.size(), 1);
|
ASSERT_EQ(rl.size(), 1);
|
||||||
ASSERT_EQ(rl.get_item(0).server_host, "2.block.invalid");
|
ASSERT_EQ(rl.get_item(0).server_host, "2.block.invalid");
|
||||||
@ -143,8 +145,9 @@ TEST(RemoteList, CtorRemoteListEmpty)
|
|||||||
cfg.parse_from_config("", nullptr);
|
cfg.parse_from_config("", nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
ASSERT_THROW(RemoteList(cfg, "", 0, nullptr), option_error);
|
RandomAPI::Ptr rng;
|
||||||
RemoteList rl(cfg, "", RemoteList::ALLOW_EMPTY, nullptr);
|
ASSERT_THROW(RemoteList(cfg, "", 0, nullptr, rng), option_error);
|
||||||
|
RemoteList rl(cfg, "", RemoteList::ALLOW_EMPTY, nullptr, rng);
|
||||||
}
|
}
|
||||||
TEST(RemoteList, CtorRemoteListConnBlockFactory)
|
TEST(RemoteList, CtorRemoteListConnBlockFactory)
|
||||||
{
|
{
|
||||||
@ -179,14 +182,15 @@ TEST(RemoteList, CtorRemoteListConnBlockFactory)
|
|||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
TestConnBlockFactory tcbf;
|
TestConnBlockFactory tcbf;
|
||||||
|
|
||||||
|
RandomAPI::Ptr rng;
|
||||||
testLog->startCollecting();
|
testLog->startCollecting();
|
||||||
RemoteList rl1(cfg, "block", 0, &tcbf);
|
RemoteList rl1(cfg, "block", 0, &tcbf, rng);
|
||||||
std::string output1(testLog->stopCollecting());
|
std::string output1(testLog->stopCollecting());
|
||||||
ASSERT_NE(output1.find("TestConnBlock"), std::string::npos);
|
ASSERT_NE(output1.find("TestConnBlock"), std::string::npos);
|
||||||
ASSERT_EQ(rl1.size(), 2);
|
ASSERT_EQ(rl1.size(), 2);
|
||||||
|
|
||||||
testLog->startCollecting();
|
testLog->startCollecting();
|
||||||
RemoteList rl2(cfg, "block", RemoteList::CONN_BLOCK_OMIT_UNDEF, &tcbf);
|
RemoteList rl2(cfg, "block", RemoteList::CONN_BLOCK_OMIT_UNDEF, &tcbf, rng);
|
||||||
std::string output2(testLog->stopCollecting());
|
std::string output2(testLog->stopCollecting());
|
||||||
ASSERT_NE(output2.find("TestConnBlock"), std::string::npos);
|
ASSERT_NE(output2.find("TestConnBlock"), std::string::npos);
|
||||||
ASSERT_EQ(rl2.size(), 1);
|
ASSERT_EQ(rl2.size(), 1);
|
||||||
@ -204,8 +208,9 @@ TEST(RemoteList, CtorRemoteListWarnUnsupported)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
|
RandomAPI::Ptr rng;
|
||||||
testLog->startCollecting();
|
testLog->startCollecting();
|
||||||
RemoteList rl(cfg, "", RemoteList::WARN_UNSUPPORTED, nullptr);
|
RemoteList rl(cfg, "", RemoteList::WARN_UNSUPPORTED, nullptr, rng);
|
||||||
std::string output(testLog->stopCollecting());
|
std::string output(testLog->stopCollecting());
|
||||||
|
|
||||||
ASSERT_NE(output.find(" http-proxy "), std::string::npos);
|
ASSERT_NE(output.find(" http-proxy "), std::string::npos);
|
||||||
@ -223,7 +228,8 @@ TEST(RemoteList, CtorRemoteListBlockLimit)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
JY_EXPECT_THROW(RemoteList(cfg, "", 0, nullptr), option_error, "connection_block");
|
RandomAPI::Ptr rng;
|
||||||
|
JY_EXPECT_THROW(RemoteList(cfg, "", 0, nullptr, rng), option_error, "connection_block");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -240,11 +246,9 @@ TEST(RemoteList, RemoteListPreResolve)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
RemoteList::Ptr rl(new RemoteList(cfg, "", 0, nullptr));
|
|
||||||
rl->set_enable_cache(true);
|
|
||||||
|
|
||||||
RandomAPI::Ptr rng(new MTRand(3735928559));
|
RandomAPI::Ptr rng(new MTRand(3735928559));
|
||||||
rl->set_random(rng);
|
RemoteList::Ptr rl(new RemoteList(cfg, "", 0, nullptr, rng));
|
||||||
|
rl->set_enable_cache(true);
|
||||||
|
|
||||||
openvpn_io::io_context ioctx;
|
openvpn_io::io_context ioctx;
|
||||||
SessionStats::Ptr stats(new SessionStats());
|
SessionStats::Ptr stats(new SessionStats());
|
||||||
@ -402,7 +406,7 @@ TEST(RemoteList, RemoteRandomHostname)
|
|||||||
rl.next();
|
rl.next();
|
||||||
ASSERT_EQ(rl.current_server_host(), "090a0b0c0d0e.3.domain.invalid");
|
ASSERT_EQ(rl.current_server_host(), "090a0b0c0d0e.3.domain.invalid");
|
||||||
}
|
}
|
||||||
TEST(RemoteList, RemoteRandomHostnameNoPRNG)
|
TEST(RemoteList, RemoteRandomHostnameNoRNG)
|
||||||
{
|
{
|
||||||
OptionList cfg;
|
OptionList cfg;
|
||||||
cfg.parse_from_config(
|
cfg.parse_from_config(
|
||||||
@ -411,7 +415,9 @@ TEST(RemoteList, RemoteRandomHostnameNoPRNG)
|
|||||||
, nullptr);
|
, nullptr);
|
||||||
cfg.update_map();
|
cfg.update_map();
|
||||||
|
|
||||||
ASSERT_THROW(RemoteList(cfg, "", 0, nullptr), RemoteList::remote_list_error);
|
RandomAPI::Ptr no_rng;
|
||||||
|
RemoteList rl(cfg, "", 0, nullptr, no_rng);
|
||||||
|
ASSERT_EQ(rl.current_server_host(), "domain.invalid");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user