Commit Graph

957 Commits

Author SHA1 Message Date
Brian Warner
6d4eb8e69b add test_keys to nail down symmetric encryption format
This establishes what our mailbox protocol does to encrypt the
individual (post-SPAKE2) messages, which combines NaCl SecretBox and our own
key-derivation choices. I'd like to move off of NaCl/libsodium and I think
some RFC7539-implementing library might be compatible, and with these test
vectors I can check that. I also want to copy these tests into the Rust port.
2018-08-21 10:12:23 -07:00
Brian Warner
4531513602 cmd_send/receive: work around python3.7.0 bug
See https://bugs.python.org/issue26175 . tempfile.SpooledTemporaryFile
doesn't fully implement the IOBase abstract class, which breaks because
py3.7.0's new zipfile module tries to delegate .seekable down to the wrapped
file and causes an AttributeError.

refs #306
2018-07-01 14:27:32 -07:00
Brian Warner
41fabd39ba test_machines: remove no-longer relevant comment
The flake8 config excludes E741, which would complain about using
'l' (lower-case ell) as a variable name. We use this for the Lister object in
one test that uses single-character variable names for all the machines ('b'
for Boss, 'm' for Mailbox, etc). That comment was added before excluding
E741. If we ever restore that warning, we might want to rename the variable.
2018-06-16 16:33:27 -07:00
Brian Warner
fc177726e1 cli.py: move timing check back to top
We care about how long it takes to import all the wormhole-specific things,
to investigate user-perceived latency from the time the command is launched
to the time they can actually interact with it. So we need to record
`time.time()` before doing the rest of the imports, even though pep8 says all
imports should be done before any non-importing statements.
2018-06-16 16:27:11 -07:00
Brian Warner
1444e32746 extreme measures to appease last pep8 complaint
a singly-parenthesized 'if' condition will always line up with the 'then'
body, won't it
2018-06-16 16:22:40 -07:00
Brian Warner
dada79d85c fix remaining pep8 complaints 2018-06-16 16:19:38 -07:00
Brian Warner
b5b8cd1260 Merge branch 'master' into pr296 2018-06-16 16:09:38 -07:00
Thomas Waldmann
a333a02366 use pyinstaller to build wormhole fat/standalone binary
tested with/on:
- ubuntu linux 18.04 amd64
- pyinstaller 3.3.1 (pip install pyinstaller)
- python 3.6.5

There is a good chance it also works on FreeBSD, maybe also on macOS.

The change in __main__.py was required because otherwise it complains about
__main__ not being a package when trying the dot-relative import.
2018-06-02 18:05:45 +02:00
Vasudev Kamath
12dcd6a184 Make code pep-8 compliant 2018-04-21 13:00:08 +05:30
Brian Warner
5c84f6a373 wormhole: slightly different way to unicode-encode the version
(this is somewhat more in line with how this distinction is made elsewhere in
the code)
2018-04-03 17:10:46 -07:00
Brian Warner
0dd3a12546 cosmetic changes, remove debug print 2018-04-03 17:05:33 -07:00
Baime
1197e5fb6d fix py 3.x versioneer issue 2018-03-23 18:19:31 +01:00
Baime
e77a2d605b bind passes tuple, fixed implementation issues 2018-03-23 17:33:48 +01:00
Baeumla
82dc4a4e2e py 2.7 3.x fix 2018-03-09 10:20:03 +01:00
Baeumla
0322d341e8 py 2.7 fix 2018-03-09 09:31:59 +01:00
Baeumla
4f8aa5a69e report clinet version on bind 2018-03-08 11:54:27 +01:00
Brian Warner
be47f53e7c wormhole: switch to observers for all APIs
Tests can pass an EventualQueue into wormhole.create(), to override the
default. This lets the tests flush the queue without using a haphazard
real-time delay.

closes #23

(in fact, we added multiple-Deferreds-per-API a while ago, but this does it
in a much cleaner fashion, and with the safety of an eventual-send)
2018-02-26 17:50:40 -08:00
Brian Warner
caabb3510c add OneShotObserver and SequenceObserver, with tests
This factors out the various "give me a Deferred for an value that may or may
not eventually be successfully generated" routines in _DeferredWormhole. It
uses an eventual-send to fire the Deferreds to avoid plan-coordination
hazards when the attached callbacks then call back into the Wormhole object
before the rest of the state transition has finished.
2018-02-26 17:50:40 -08:00
Brian Warner
43965d5289 add eventual-send queue
We defer starting a new timer until we've completely emptied the queue, since
we know we'll get to any new events added inside one of our callbacks. The
old design in Foolscap (which copied the list, cleared the original, then
fired everything in the copy) didn't look at these new events. OTOH, this
pop(0)-until-empty approach makes it easier to get into an infinite loop (any
callback which queues a new callback will get priority over anything else).
But the code is simpler.
2018-02-26 17:50:40 -08:00
Brian Warner
1c21119a73 add test_ipaddrs, adapted from tahoe's test_iputil 2018-02-22 21:32:44 -08:00
Brian Warner
9cb763e83a add "pragma: no cover" to set_trace() and debug code
we've got some tests to exercise this, so it shouldn't bitrot completely, but
there are some branches-not-taken warnings that I think are spurious
2018-02-22 09:42:43 -08:00
Brian Warner
e7d0dbbb88 oops, typo 2018-02-21 01:57:07 -08:00
Brian Warner
9ae2307a72 fix tests 2018-02-21 00:38:19 -08:00
Brian Warner
37a7ed7adc WIP: remove unused server tests, minor syntax fixes. still fails. 2018-02-20 23:54:28 -08:00
Brian Warner
9957044a99 WIP: start replacing ServerBase with imported server
doesn't work yet at all
2018-02-20 23:46:29 -08:00
Brian Warner
77201966b4 remove server-related source files, munin plugins
setup.py: pin to magic-wormhole-mailbox-server 0.1.0, the current version
2018-02-20 23:46:29 -08:00
Brian Warner
d42ac47ac8 let tests override KEY_TIMER/VERIFY_TIMER to tolerate slow test hosts
I've seen intermittent failures in
test_cli.PregeneratedCode.test_text_subprocess where the host was slow (or
overloaded) enough that the "Waiting for sender.." pacifier message was
displayed, which flunks the test because we're looking for a specific output
string. We patch this 1-second timer in the non-subprocess tests, but you
can't patch across a process boundary.

This patch adds an undocumented environment variable that lets you override
the timer values. The test then sets it to something large.

For future consideration: another approach would be to change the test to
tolerate the extra message. This would be trickier to validate, though.
2018-02-20 18:14:57 -08:00
Brian Warner
6061ec7869 _key: note places where we should use eventual-send
This will be necessary to avoid reentrancy hazards, in case the application
code makes other wormhole API calls from the callbacks for
get_unverified_key(), get_verifier(), or get_message().
2018-02-14 02:12:33 -08:00
Brian Warner
af406a600e _rlcompleter: use blockingCallFromThread for all Helper APIs
We were missing two (the calls to choose_nameplate() and choose_words() that
happen after the input() function has finished, but while we're still inside
the thread that makes it safe for input() to block). This almost certainly
caused the crash seen in issue #280.

Update the tests to match: CodeInputter.finish must now be called with
deferToThread from inside tests, or the internal blockingCallFromThread must
be stubbed out.
2018-02-14 01:13:30 -08:00
Brian Warner
3847339f43 _input: reject attempts to call Helper from a non-main thread
This causes two threads to use the reactor at the same time, with horrible
results. The _rlcompleter code currently violates this requirement, causing
occasional failures if the messages arrive in just the wrong way (refs #280).
2018-02-14 00:56:18 -08:00
Brian Warner
dce01174eb improve debug_set_trace: add Allocate and Input events
Also log events at the beginning and end of Input.choose_nameplate and
Input.choose_words, since those are the two big locally-driven (UI) triggers
that cause multiple messages to be fired and lots of work to happen.
2018-02-14 00:56:14 -08:00
Brian Warner
c6fbaf5a4d _version.py: hush lgtm.com alert
This needs to be upstreamed into Versioneer, as it will disappear the next
time we upgrade.
2018-01-02 08:19:08 +01:00
Brian Warner
624072c111 hush more lgtm.com -discovered static-analysis problems 2018-01-02 08:18:45 +01:00
Brian Warner
443c402f60 remove WormholeClosedError, simplify control paths in cmd_send/receive
lgtm.com noticed some unreachable code paths, and it turns out that nothing
in the rest of the code base could ever raise WormholeClosedError (I guess it
was leftover from before the big API refactoring). Both sender and receiver
are simpler without the unnecessary checks and state variables.
2018-01-01 16:56:18 +01:00
Brian Warner
e13f3e3e13 hush some unreachable-code errors found by lgtm.com
This comments out some "if 0: debug()" stuff I keep around to investigate
problems, since lgtm thinks of it as accidentally-unreachable code.

I also deleted a server usage command
entirely (src/wormhole/server/cmd_usage.py show_usage) which was disabled
while I rewrote that schema: the new plan is to move the server into a new
repository altogether, and use a completely different approach to the
usage database.
2018-01-01 16:53:18 +01:00
Brian Warner
67253bde55 test_cli: make timers more reliable
A slow Travis-CI host caused one the 1.0s KEY_TIMER to fire by accident,
making the test fail because it wasn't expecting to see the "please be
patient" message. Fixed this by increasing the timeout to a very large value
when we aren't explicitly testing it.
2017-12-19 13:41:05 -08:00
Brian Warner
c7c7c0381c update -0 and --text output too 2017-12-19 12:54:16 -08:00
David Harrigan
9b1f99b994 Change the send command output to help copy and pasting to others
A tiny update to show the command to execute along with the code required on
the same line, rather than split across two lines. This small change helps
when sending the information to others using copy and paste.

Fixes #266

-=david=-
2017-12-14 21:13:12 +00:00
Brian Warner
1bbd756fa6 test_transit: fix the miscaptured-loop-variable bug I always make 2017-12-01 13:00:05 -08:00
Brian Warner
8a7c6faf4a more test simplification with assertNoResult 2017-11-29 16:54:03 -06:00
Brian Warner
8227d963a3 test_transit: simplify by using successResultOf/failureResultOf 2017-11-29 15:03:03 -06:00
Brian Warner
d87792a7c7 finish removing Transit from code and CLI command args 2017-11-13 12:03:21 -08:00
Brian Warner
a804365536 remove most of Transit server, use external package instead 2017-11-13 11:34:17 -08:00
Brian Warner
d1a829d86f server.py: tolerate (disabled) --transit=
We were unconditionally asking the Transit server object for get_stats(),
which doesn't work if there isn't one.
2017-11-07 20:50:40 -06:00
Brian Warner
1c5f29337e add notes, make test TODO instead of SKIP 2017-11-01 17:46:09 -07:00
Brian Warner
d727531e6d send: use normpath() on argument to remove trailing slashes
This ought to help with #251, where bash-on-windows makes it easy to add a
forward-slash, and os.path.normpath() knows how to remove them, but os.sep is
a backslash.
2017-11-01 17:46:09 -07:00
Jaye Doepke
b362adf7ca Relay and transit url conf from env vars
Added the click option to look for relay and transit urls in environment
variables. If you're running your own relay/transit servers (such as
inside a corporate firewall), this will make client's lives easier.
2017-10-04 14:38:00 -05:00
Brian Warner
0aeae9ce10 tor_manager: expose errors when --tor-control-port= is provided
If you pass --tor-control-port= and we can't use it, throw an error that will
kill the whole process, instead of falling back to the default SOCKS port.

If you omit --tor-control-port=, then if all default control port connections
fail, we'll fall back to the default SOCKS port.

Also, test each combination separately, and improve the status messages.
2017-09-14 16:46:26 -07:00
Brian Warner
ed420e0001 tor_manager: pass endpoints to txtorcon.connect(), not descriptors
This was breaking any uses of --tor-control-port=: the client would always
fall back to using the default SOCKS port.
2017-09-14 15:48:35 -07:00
Brian Warner
25afce41fb _rlcompleter: re-raise exception with plain 'raise', not 'raise e' 2017-09-12 16:39:05 -07:00
Brian Warner
b9d1d11b03 server.py: windows doesn't even have the 'resource' module
I thought it might exist, but be empty. But it doesn't even exist on windows,
so we must guard against an ImportError.
2017-07-31 15:56:55 -07:00
Brian Warner
d44c7d2c1a server: increase RLIMIT_NOFILE to let us use more sockets
Linux defaults to a soft limit of 1024, which limits us to 512 simultaneous
non-transit-using connections. The transit relay runs in the same process, so
long-running relayed transfers will compete for those sockets too.

This raises the soft limit to equal the hard limit (if possible), or as much
as we can manage, if the soft limit was less than 10k. If the
resource.setrlimit calls aren't available (e.g. windows), or some other error
happens, this will log a message and continue without changing the limits.

closes #238
2017-07-31 14:16:26 -07:00
Brian Warner
0c679e74ce server.py: move twisted.web.resource out of the way 2017-07-31 14:01:54 -07:00
Brian Warner
8b0a245e19 reject invalid codes with KeyFormatError
refs #212
2017-07-23 00:02:09 -05:00
Brian Warner
de0af837cc test_cli: fix unicode problems
should fix #223
2017-07-22 23:19:43 -05:00
Brian Warner
b3b6e1ba8a test_cli: one more test, with argument split off from the name
This is probably an easier way to pass in JSON with embedded spaces:

 wormhole-server start --websocket-protocol-option 'x=["foo": "bar"]'
2017-07-15 17:39:02 -07:00
Jean-Paul Calderone
ba0e8997c5 accept protocol options and set them on the ws factory 2017-07-15 17:30:59 -07:00
Jean-Paul Calderone
aa7013e6f5 Factor duplicate RelayServer construction out 2017-07-15 17:30:59 -07:00
Jean-Paul Calderone
55b4b333dc accept some options on the cli 2017-07-15 17:30:59 -07:00
Brian Warner
fb03620fe9 test_cli: hush Click unicode_literals warnings 2017-07-15 17:27:11 -07:00
Brian Warner
1ca51168c5 add test for 'wormhole help' 2017-07-15 17:27:11 -07:00
Brian Warner
b34165d4fb 'wormhole help' should print the same thing as 'wormhole --help'
refs #61
2017-07-15 17:27:06 -07:00
Jean-Paul Calderone
efb77443bf Avoid corrupting state if creating a new db fails 2017-07-15 17:05:35 -07:00
Brian Warner
13b4a1793f server: OPEN/CLOSE on crowded mailbox should provoke "crowded" error
The Mailbox object throws CrowdedError, but WebSocketRendezvous wasn't
handling it specifically. The server responded by dropping the connection and
logging an "Unhandled Error", so the client would reconnect and then get the
same error again and again.

This changes WebSocketRendezvous to handle CrowdedError by sending a
"crowded" error response. The client should react to this by giving up on the
connection entirely, and not reconnecting.
2017-07-01 01:17:48 -07:00
Brian Warner
af4df47fe7 rendezvous: fix misleading log message
We only log the internal (sqlite) ID of the nameplate, not the actual
small-integer name. While investigating misbehavior due to overload, I was
confused into thinking that users were getting nameplates in the 15000+
range, when in fact those were merely the internal database row ids.
2017-06-30 12:46:02 -07:00
Johan Lindskogen
97b601276f Make default option of prompt uppercase
Makes it clear what happens when user just presses `Enter`

See: https://stackoverflow.com/questions/7803728/standard-format-for-yes-no-questions-in-the-terminal
2017-06-28 21:36:45 +02:00
Brian Warner
38097847c4 server: manage common args in the same way as client-side CLI
This now shares the _compose() decorator with wormhole.cli.cli, and removes
the arguments_to_config() function in favor of just copying all kwargs into
the Config object.
2017-06-26 23:05:16 +01:00
Jean-Paul Calderone
ec2e305b84 define start-like options just once 2017-06-26 21:38:18 +01:00
Brian Warner
44a44738ec take new args for 'restart' too, fixes test failure 2017-06-26 21:26:32 +01:00
Jean-Paul Calderone
6b20cb760a Take cli args for db and stats paths 2017-06-26 21:26:32 +01:00
Jean-Paul Calderone
777d722b0d Let me use FakeConfig in another test method 2017-06-26 21:26:32 +01:00
Brian Warner
5b3e816620 tests: cover enough of RendezvousConnector to exercise that last fix 2017-06-26 18:55:31 +01:00
Brian Warner
fa9382c716 handle WebSocket protocol errors correctly
The previous behavior was to throw an Automat exception, when a state machine
was given a LOST event from the initial non-connected state, and it didn't
have a handler for it. This version throws ServerConnectionError instead.

Still needs a test

refs #180
2017-06-26 18:55:31 +01:00
Brian Warner
900c3f8c29 server: make 'restart' accept --disallow-list too
I should really move all the start/restart common arguments into a separate
place, to make it easier to avoid this problem in the future.
2017-06-26 17:49:37 +01:00
Brian Warner
4169545c28 server-restart: add failing test
"wormhole-server restart" was broken by the addition of --disallow-list,
because the Click parser wasn't update to include the argument. This test
should exercise that a basic no-argv invocation of both "start" and "restart"
can at least build the Service object successfully.

refs #151
2017-06-26 17:49:34 +01:00
Brian Warner
f282649f81 tests/ServerBase: control advertise_version=
we'll disable this for most tests, but a few want to see it in the welcome
message
2017-06-26 15:20:36 +01:00
Brian Warner
bf96bab976 define IInputHelper 2017-06-26 13:52:23 +01:00
Brian Warner
57352431ab define IDeferredWormhole, add methods to (internal) IWormhole
refs #153
2017-06-26 13:51:58 +01:00
Brian Warner
2f4232a0e7 server: only advertise the CLI version if requested
with --advertise-version=

refs #179
2017-06-26 13:49:24 +01:00
Brian Warner
758dd5b9de use click.Path to make args.what unicode
refs #157 (unicode paths cause 'wormhole send' to crash), might fix it
2017-06-24 15:07:43 +01:00
Brian Warner
8f97e4e7e2 if the first connection fails, abandon the wormhole
This provides a clear error in case the user doesn't have an internet
connection at all, or something is so broken with their DNS or routing that
they can't reach the server. I think this is better than waiting and
retrying (silently) forever.

If the first connection succeeds, but is then lost, subsequent retries occur
without fanfare.

closes #68
2017-06-14 10:40:46 +01:00
Brian Warner
6b4ed71c8a skip non-public IP addresses
the old TorManager would return None for these, but txtorcon's new API throws
ValueError, which we must catch and skip
2017-05-24 16:49:06 -07:00
Brian Warner
269faf190a fall backs to SOCKS if we can't reach control port 2017-05-24 16:49:06 -07:00
Brian Warner
46a9c9eeb9 rewrite tor support
This shifts most reponsibility to the new txtorcon "Controller" object, where
it belongs. We no longer need a list of likely control-port locations, nor do
we need to keep track of the SOCKS port ourselves.

The one downside is that if a control-port is not reachable, then this does
not fall back to using a plain SOCKS port (usually tcp:localhost:9050).
txtorcon no longer uses txsocksx, so it no longer advertises a simple way to
use Tor without the control port. This shouldn't affect users who run the
TorBrowserBundle, or who are running a tor daemon which they can control
directly, but it may break for users who want to use a pre-existing tor
daemon that they don't have permissions to speak control-port to.
2017-05-24 16:49:06 -07:00
Atul Varma
8c2e739dcd Make test_broken_symlink_raises_err resilient across OS's/locales. 2017-05-24 12:10:22 -07:00
Atul Varma
ecfd46d16d Add test_broken_symlink_is_ignored. 2017-05-24 12:10:22 -07:00
Atul Varma
067b47fceb Add test_broken_symlink. 2017-05-24 12:10:22 -07:00
Atul Varma
0737a24712 Add --ignore-unsendable-files flag. 2017-05-24 12:10:22 -07:00
Kurt Rose
5cf9fe9f3e added two __main__.py for cli and server 2017-05-23 21:01:21 -07:00
meejah
6b31517b67 Add an allow_list option to control nameplate-listings 2017-05-16 17:17:11 -06:00
Brian Warner
95651f24f9 improve test coverage on get_welcome() API 2017-05-15 16:10:22 -07:00
Brian Warner
7955a36bfd switch to new API
This renames all the existing API methods, to use a consistent
"d=get_XYZ()" (for Deferred mode) or "dg.wormhole_got_XYZ()" (for Delegated
mode). It updates cmd_send/cmd_receive/cmd_ssh to use the new API.

Since we now have get_welcome(), apps handle the Welcome message with a
Deferred callback instead of registering a "welcome handler". This lets us
make sure we've finished printing any server message-of-the-day or "you
should update your client" message to stdout before using stdio to ask for
the wormhole code. (Previously, the code-input prompt was overwritten by the
server message, and it was ugly). refs #145. This approach adds an extra
roundtrip to the receiver, but we can fix that (see #145 for details).

Because of that change, the server-is-being-slow message is printed at a
slightly different time, so those tests needed some extra work to exercise it
properly.
2017-05-15 02:13:24 -07:00
Brian Warner
f762e1592f cmd_receive.py: expose wormhole object to tests 2017-05-14 18:45:18 -07:00
Brian Warner
c9eb281a8a fix tracing bug that always showed machine as "T"
False binding to a mutable loop variable. I keep making this same mistake.
2017-05-14 18:43:44 -07:00
Brian Warner
23c16717aa test_util: tolerate os.statvfs missing on windows
The code in util.py can tolerate a missing os.statvfs, but the code which
tests that code's ability to tolerate a missing os.statvfs was itself unable
to tolerate a missing os.statvfs. Sigh.
2017-05-09 21:35:12 -07:00
Brian Warner
c84939744f oops, fix it properly 2017-04-23 16:33:42 -04:00
Brian Warner
876dea8297 transit: ignore new data in "hung up" state
Apparently there's an intermittent condition in tests that follows this path.
We used to ignore unrecognized states, but to improve test coverage I added a
clause to catch them, and now that clause is happening where I didn't expect
it.
2017-04-23 16:31:26 -04:00
Brian Warner
ebe9df312e signal errors to w.when_code() waiters too
This fixes the case where "wormhole send" would wait forever (upon network
error) instead of terminating with a useful error message.

Testing this will have to wait until we land the branch that abandons the
wormhole if the first connection fails, since that's the easiest way to
provoke a network error before when_code() has fired.
2017-04-23 16:07:07 -04:00
Brian Warner
d6d6669b23 cli._dispatch_command: improve test coverage 2017-04-23 16:01:05 -04:00
Brian Warner
77bb7f5be7 test_wormhole: improve tests of derive_key() 2017-04-19 10:50:52 -04:00