[stem/master] Handling chroot in stem.connection and integ tests - tor-commits

22 Apr 2012

commit 636fd3704d6ddcba6a2a780119570fc2e25dd77f
Author: Damian Johnson atagar@torproject.org
Date:   Sun Apr 22 15:05:17 2012 -0700
Handling chroot in stem.connection and integ tests
On ticket 4896 [1] I proposed a couple ideas for how we could handle chroot
    setups, but on reflection neither of them were very good.
At a low level we can't reliably expand paths, nor should we try. If the user
    makes a raw 'GETINFO config-file' query then we should simply return what tor
    gives us, not try to 'fix' it by expanding the path.
Rather, we should correct for chroot prefixes at a higher level like the
    controller. My current plan is...
* The Controller class will have an optional chroot_path constructor argument,
      and a get_chroot() method. All of the Controller's methods and those of
      subclasses should take it into account for tor resource paths.
* The stem.connection functions now accept a chroot_path argument. We need this
      since they will construct Controller instances, and also do the initial
      authentication (we need to know about chroots for cookie authentication).
[1] https://trac.torproject.org/projects/tor/ticket/4896
---
 stem/connection.py                      |   25 +++++++++++-----
 test/integ/connection/authentication.py |   16 ++++++-----
 test/integ/connection/connect.py        |    5 +++-
 test/integ/connection/protocolinfo.py   |    9 +++++-
 test/integ/control/base_controller.py   |    6 ++--
 test/integ/socket/control_message.py    |    4 +++
 test/runner.py                          |   45 +++++++++++++++++++++++-------
 test/unit/connection/authentication.py  |    4 +-
 8 files changed, 80 insertions(+), 34 deletions(-)

diff --git a/stem/connection.py b/stem/connection.py
index 419dfa3..d950049 100644
--- a/stem/connection.py
+++ b/stem/connection.py
@@ -194,7 +194,7 @@ AUTHENTICATE_EXCEPTIONS = (
   AuthenticationFailure,
 )
-def connect_port(control_addr = "127.0.0.1", control_port = 9051, password = None, controller = Controller.NONE):
+def connect_port(control_addr = "127.0.0.1", control_port = 9051, password = None, chroot_path = None, controller = Controller.NONE):
   """
   Convenience function for quickly getting a control connection. This is very
   handy for debugging or CLI setup, handling setup and prompting for a password
@@ -205,6 +205,7 @@ def connect_port(control_addr = "127.0.0.1", control_port = 9051, password = Non
     control_addr (str)      - ip address of the controller
     control_port (int)      - port number of the controller
     password (str)          - passphrase to authenticate to the socket
+    chroot_path (str)       - path prefix if in a chroot environment
     controller (Controller) - controller type to be returned
Returns:
@@ -220,9 +221,9 @@ def connect_port(control_addr = "127.0.0.1", control_port = 9051, password = Non
     print exc
     return None
-  return _connect(control_port, password, controller)
+  return _connect(control_port, password, chroot_path, controller)
-def connect_socket_file(socket_path = "/var/run/tor/control", password = None, controller = Controller.NONE):
+def connect_socket_file(socket_path = "/var/run/tor/control", password = None, chroot_path = None, controller = Controller.NONE):
   """
   Convenience function for quickly getting a control connection. For more
   information see the connect_port function.
@@ -230,6 +231,7 @@ def connect_socket_file(socket_path = "/var/run/tor/control", password = None, c
   Arguments:
     socket_path (str)       - path where the control socket is located
     password (str)          - passphrase to authenticate to the socket
+    chroot_path (str)       - path prefix if in a chroot environment
     controller (Controller) - controller type to be returned
Returns:
@@ -242,15 +244,16 @@ def connect_socket_file(socket_path = "/var/run/tor/control", password = None, c
     print exc
     return None
-  return _connect(control_socket, password, controller)
+  return _connect(control_socket, password, chroot_path, controller)
-def _connect(control_socket, password, controller):
+def _connect(control_socket, password, chroot_path, controller):
   """
   Common implementation for the connect_* functions.
Arguments:
     control_socket (stem.socket.ControlSocket) - socket being authenticated to
     password (str)          - passphrase to authenticate to the socket
+    chroot_path (str)       - path prefix if in a chroot environment
     controller (Controller) - controller type to be returned
Returns:
@@ -258,7 +261,7 @@ def _connect(control_socket, password, controller):
   """
try:
-    authenticate(control_socket, password)
+    authenticate(control_socket, password, chroot_path)
if controller == Controller.NONE:
       return control_socket
@@ -274,7 +277,7 @@ def _connect(control_socket, password, controller):
     print "Unable to authenticate: %s" % exc
     return None
-def authenticate(control_socket, password = None, protocolinfo_response = None):
+def authenticate(control_socket, password = None, chroot_path = None, protocolinfo_response = None):
   """
   Authenticates to a control socket using the information provided by a
   PROTOCOLINFO response. In practice this will often be all we need to
@@ -288,6 +291,7 @@ def authenticate(control_socket, password = None, protocolinfo_response = None):
     control_socket (stem.socket.ControlSocket) - socket to be authenticated
     password (str) - passphrase to present to the socket if it uses password
         authentication (skips password auth if None)
+    chroot_path (str) - path prefix if in a chroot environment
     protocolinfo_response (stem.connection.ProtocolInfoResponse) -
         tor protocolinfo response, this is retrieved on our own if None
@@ -397,7 +401,12 @@ def authenticate(control_socket, password = None, protocolinfo_response = None):
       elif auth_type == AuthMethod.PASSWORD:
         authenticate_password(control_socket, password, False)
       elif auth_type == AuthMethod.COOKIE:
-        authenticate_cookie(control_socket, protocolinfo_response.cookie_path, False)
+        cookie_path = protocolinfo_response.cookie_path
+        
+        if chroot_path:
+          cookie_path = os.path.join(chroot_path, cookie_path.lstrip(os.path.sep))
+        
+        authenticate_cookie(control_socket, cookie_path, False)
return # success!
     except OpenAuthRejected, exc:
diff --git a/test/integ/connection/authentication.py b/test/integ/connection/authentication.py
index aafde5d..f80b848 100644
--- a/test/integ/connection/authentication.py
+++ b/test/integ/connection/authentication.py
@@ -85,8 +85,9 @@ class TestAuthenticate(unittest.TestCase):
     Tests that the authenticate function can authenticate to our socket.
     """
-    with test.runner.get_runner().get_tor_socket(False) as control_socket:
-      stem.connection.authenticate(control_socket, test.runner.CONTROL_PASSWORD)
+    runner = test.runner.get_runner()
+    with runner.get_tor_socket(False) as control_socket:
+      stem.connection.authenticate(control_socket, test.runner.CONTROL_PASSWORD, runner.get_chroot())
       test.runner.exercise_socket(self, control_socket)
def test_authenticate_general_example(self):
@@ -94,7 +95,8 @@ class TestAuthenticate(unittest.TestCase):
     Tests the authenticate function with something like its pydoc example.
     """
-    tor_options = test.runner.get_runner().get_options()
+    runner = test.runner.get_runner()
+    tor_options = runner.get_options()
try:
       control_socket = stem.socket.ControlPort(control_port = test.runner.CONTROL_PORT)
@@ -105,7 +107,7 @@ class TestAuthenticate(unittest.TestCase):
try:
       # this authenticate call should work for everything but password-only auth
-      stem.connection.authenticate(control_socket)
+      stem.connection.authenticate(control_socket, chroot_path = runner.get_chroot())
       test.runner.exercise_socket(self, control_socket)
     except stem.connection.IncorrectSocketType:
       self.fail()
@@ -141,7 +143,7 @@ class TestAuthenticate(unittest.TestCase):
       if is_password_only:
         self.assertRaises(stem.connection.MissingPassword, stem.connection.authenticate, control_socket)
       else:
-        stem.connection.authenticate(control_socket)
+        stem.connection.authenticate(control_socket, chroot_path = runner.get_chroot())
         test.runner.exercise_socket(self, control_socket)
# tests with the incorrect password
@@ -149,12 +151,12 @@ class TestAuthenticate(unittest.TestCase):
       if is_password_only:
         self.assertRaises(stem.connection.IncorrectPassword, stem.connection.authenticate, control_socket, "blarg")
       else:
-        stem.connection.authenticate(control_socket, "blarg")
+        stem.connection.authenticate(control_socket, "blarg", runner.get_chroot())
         test.runner.exercise_socket(self, control_socket)
# tests with the right password
     with runner.get_tor_socket(False) as control_socket:
-      stem.connection.authenticate(control_socket, test.runner.CONTROL_PASSWORD)
+      stem.connection.authenticate(control_socket, test.runner.CONTROL_PASSWORD, runner.get_chroot())
       test.runner.exercise_socket(self, control_socket)
def test_authenticate_none(self):
diff --git a/test/integ/connection/connect.py b/test/integ/connection/connect.py
index 9b6337a..d61ddf7 100644
--- a/test/integ/connection/connect.py
+++ b/test/integ/connection/connect.py
@@ -25,12 +25,15 @@ class TestConnect(unittest.TestCase):
     Basic sanity checks for the connect_port function.
     """
+    runner = test.runner.get_runner()
+    
     control_socket = stem.connection.connect_port(
       control_port = test.runner.CONTROL_PORT,
       password = test.runner.CONTROL_PASSWORD,
+      chroot_path = runner.get_chroot(),
       controller = stem.connection.Controller.NONE)
-    if test.runner.Torrc.PORT in test.runner.get_runner().get_options():
+    if test.runner.Torrc.PORT in runner.get_options():
       test.runner.exercise_socket(self, control_socket)
       control_socket.close()
     else:
diff --git a/test/integ/connection/protocolinfo.py b/test/integ/connection/protocolinfo.py
index a0214a2..728c746 100644
--- a/test/integ/connection/protocolinfo.py
+++ b/test/integ/connection/protocolinfo.py
@@ -114,12 +114,17 @@ class TestProtocolInfo(unittest.TestCase):
     the test configuration.
     """
-    tor_options = test.runner.get_runner().get_options()
+    runner = test.runner.get_runner()
+    tor_options = runner.get_options()
     auth_methods, auth_cookie_path = [], None
if test.runner.Torrc.COOKIE in tor_options:
       auth_methods.append(stem.connection.AuthMethod.COOKIE)
-      auth_cookie_path = test.runner.get_runner().get_auth_cookie_path()
+      chroot_path = runner.get_chroot()
+      auth_cookie_path = runner.get_auth_cookie_path()
+      
+      if chroot_path and auth_cookie_path.startswith(chroot_path):
+        auth_cookie_path = auth_cookie_path[len(chroot_path):]
if test.runner.Torrc.PASSWORD in tor_options:
       auth_methods.append(stem.connection.AuthMethod.PASSWORD)
diff --git a/test/integ/control/base_controller.py b/test/integ/control/base_controller.py
index da4cc08..1abab93 100644
--- a/test/integ/control/base_controller.py
+++ b/test/integ/control/base_controller.py
@@ -77,10 +77,10 @@ class TestBaseController(unittest.TestCase):
     runner = test.runner.get_runner()
     with runner.get_tor_socket() as control_socket:
       controller = stem.control.BaseController(control_socket)
-      response = controller.msg("GETINFO config-file")
+      response = controller.msg("GETINFO version")
-      torrc_dst = runner.get_torrc_path()
-      self.assertEquals("config-file=%s\nOK" % torrc_dst, str(response))
+      tor_version = runner.get_tor_version()
+      self.assertEquals("version=%s\nOK" % tor_version, str(response))
def test_msg_invalid(self):
     """
diff --git a/test/integ/socket/control_message.py b/test/integ/socket/control_message.py
index 72f9174..255e66d 100644
--- a/test/integ/socket/control_message.py
+++ b/test/integ/socket/control_message.py
@@ -86,6 +86,10 @@ class TestControlMessage(unittest.TestCase):
runner = test.runner.get_runner()
     torrc_dst = runner.get_torrc_path()
+    chroot_path = runner.get_chroot()
+    
+    if chroot_path and torrc_dst.startswith(chroot_path):
+      torrc_dst = torrc_dst[len(chroot_path):]
with runner.get_tor_socket() as control_socket:
       control_socket.send("GETINFO config-file")
diff --git a/test/runner.py b/test/runner.py
index 3636b44..6702b8b 100644
--- a/test/runner.py
+++ b/test/runner.py
@@ -21,6 +21,9 @@ Runner - Runtime context for our integration tests.
   |- get_test_dir - testing directory path
   |- get_torrc_path - path to our tor instance's torrc
   |- get_torrc_contents - contents of our tor instance's torrc
+  |- get_auth_cookie_path - path for our authentication cookie if we have one
+  |- get_tor_cwd - current working directory of our tor process
+  |- get_chroot - provides the path of our emulated chroot if we have one
   |- get_pid - process id of our tor process
   |- get_tor_socket - provides a socket to the tor instance
   |- get_tor_version - provides the version of tor we're running against
@@ -122,7 +125,12 @@ def exercise_socket(test_case, control_socket):
     control_socket (stem.socket.ControlSocket) - socket to be tested
   """
-  torrc_path = get_runner().get_torrc_path()
+  runner = get_runner()
+  torrc_path, chroot_path = runner.get_torrc_path(), runner.get_chroot()
+  
+  if chroot_path and torrc_path.startswith(chroot_path):
+    torrc_path = torrc_path[len(chroot_path):]
+  
   control_socket.send("GETINFO config-file")
   config_file_response = control_socket.recv()
   test_case.assertEquals("config-file=%s\nOK" % torrc_path, str(config_file_response))
@@ -136,7 +144,7 @@ def get_runner():
   if not INTEG_RUNNER: INTEG_RUNNER = Runner()
   return INTEG_RUNNER
-class MockChrootFile:
+class _MockChrootFile:
   """
   Wrapper around a file object that strips given content from readline()
   responses. This is used to simulate a chroot setup by removing the restign
@@ -161,6 +169,7 @@ class Runner:
     self._torrc_contents = ""
     self._custom_opts = None
     self._tor_process = None
+    self._chroot_path = None
# set if we monkey patch stem.socket.recv_message()
@@ -225,9 +234,10 @@ class Runner:
           # need to set that too
self._original_recv_message = stem.socket.recv_message
+          self._chroot_path = data_dir_path
def _chroot_recv_message(control_file):
-            return self._original_recv_message(MockChrootFile(control_file, data_dir_path))
+            return self._original_recv_message(_MockChrootFile(control_file, data_dir_path))
stem.socket.recv_message = _chroot_recv_message
@@ -356,9 +366,24 @@ class Runner:
     test_dir = self._get("_test_dir")
     return os.path.join(test_dir, "torrc")
+  def get_torrc_contents(self):
+    """
+    Provides the contents of our torrc.
+    
+    Returns:
+      str with the contents of our torrc, lines are newline separated
+    
+    Raises:
+      RunnerStopped if we aren't running
+    """
+    
+    return self._get("_torrc_contents")
+  
   def get_auth_cookie_path(self):
     """
     Provides the absolute path for our authentication cookie if we have one.
+    If running with an emulated chroot this is uneffected, still providing the
+    real path.
Returns:
       str with our auth cookie path
@@ -377,18 +402,16 @@ class Runner:
return self._get("_tor_cwd")
-  def get_torrc_contents(self):
+  def get_chroot(self):
     """
-    Provides the contents of our torrc.
+    Provides the path we're using to emulate a chroot environment. This is None
+    if we aren't emulating a chroot setup.
Returns:
-      str with the contents of our torrc, lines are newline separated
-    
-    Raises:
-      RunnerStopped if we aren't running
+      str with the path of our emulated chroot
     """
-    return self._get("_torrc_contents")
+    return self._chroot_path
def get_pid(self):
     """
@@ -425,7 +448,7 @@ class Runner:
     else: raise TorInaccessable("Unable to connect to tor")
if authenticate:
-      stem.connection.authenticate(control_socket, CONTROL_PASSWORD)
+      stem.connection.authenticate(control_socket, CONTROL_PASSWORD, self.get_chroot())
return control_socket
diff --git a/test/unit/connection/authentication.py b/test/unit/connection/authentication.py
index 0937439..831ca62 100644
--- a/test/unit/connection/authentication.py
+++ b/test/unit/connection/authentication.py
@@ -140,9 +140,9 @@ class TestAuthenticate(unittest.TestCase):
                 mocking.mock(auth_function, mocking.raise_exception(raised_exc))
if expect_success:
-              stem.connection.authenticate(None, "blah", protocolinfo_arg)
+              stem.connection.authenticate(None, "blah", None, protocolinfo_arg)
             else:
-              self.assertRaises(stem.connection.AuthenticationFailure, stem.connection.authenticate, None, "blah", protocolinfo_arg)
+              self.assertRaises(stem.connection.AuthenticationFailure, stem.connection.authenticate, None, "blah", None, protocolinfo_arg)
# revert logging back to normal
     stem_logger.setLevel(log.logging_level(log.TRACE))

    