Skip to content

Commit 12634bb

Browse files
poetteringpoettering
committed
resolved: beef up complex dnssec test to also use ResolveAddress() and do IDNA checks
1 parent 23b298b commit 12634bb

File tree

1 file changed

+120
-35
lines changed

1 file changed

+120
-35
lines changed

src/resolve/test-dnssec-complex.c

Lines changed: 120 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,11 @@
1919
along with systemd; If not, see <http://www.gnu.org/licenses/>.
2020
***/
2121

22+
#include <netinet/ip.h>
23+
2224
#include "sd-bus.h"
2325

26+
#include "af-list.h"
2427
#include "alloc-util.h"
2528
#include "bus-common-errors.h"
2629
#include "dns-type.h"
@@ -30,29 +33,37 @@
3033

3134
#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
3235

33-
static void test_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
36+
static void prefix_random(const char *name, char **ret) {
37+
uint64_t i, u;
38+
char *m = NULL;
39+
40+
u = 1 + (random_u64() & 3);
41+
42+
for (i = 0; i < u; i++) {
43+
_cleanup_free_ char *b = NULL;
44+
char *x;
45+
46+
assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
47+
x = strjoin(b, ".", name, NULL);
48+
assert_se(x);
49+
50+
free(m);
51+
m = x;
52+
}
53+
54+
*ret = m;
55+
}
56+
57+
static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
3458
_cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
3559
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3660
_cleanup_free_ char *m = NULL;
3761
int r;
3862

3963
/* If the name starts with a dot, we prefix one to three random labels */
4064
if (startswith(name, ".")) {
41-
uint64_t i, u;
42-
43-
u = 1 + (random_u64() & 3);
44-
name ++;
45-
46-
for (i = 0; i < u; i++) {
47-
_cleanup_free_ char *b = NULL;
48-
char *x;
49-
50-
assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
51-
x = strjoin(b, ".", name, NULL);
52-
assert_se(x);
53-
free(m);
54-
name = m = x;
55-
}
65+
prefix_random(name + 1, &m);
66+
name = m;
5667
}
5768

5869
assert_se(sd_bus_message_new_method_call(
@@ -77,6 +88,44 @@ static void test_lookup(sd_bus *bus, const char *name, uint16_t type, const char
7788
}
7889
}
7990

91+
static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
92+
_cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
93+
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
94+
_cleanup_free_ char *m = NULL;
95+
const char *af;
96+
int r;
97+
98+
af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
99+
100+
/* If the name starts with a dot, we prefix one to three random labels */
101+
if (startswith(name, ".")) {
102+
prefix_random(name + 1, &m);
103+
name = m;
104+
}
105+
106+
assert_se(sd_bus_message_new_method_call(
107+
bus,
108+
&req,
109+
"org.freedesktop.resolve1",
110+
"/org/freedesktop/resolve1",
111+
"org.freedesktop.resolve1.Manager",
112+
"ResolveHostname") >= 0);
113+
114+
assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
115+
116+
r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
117+
118+
if (r < 0) {
119+
assert_se(result);
120+
assert_se(sd_bus_error_has_name(&error, result));
121+
log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
122+
} else {
123+
assert_se(!result);
124+
log_info("[OK] %s/%s succeeded.", name, af);
125+
}
126+
127+
}
128+
80129
int main(int argc, char* argv[]) {
81130
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
82131

@@ -90,57 +139,93 @@ int main(int argc, char* argv[]) {
90139
assert_se(sd_bus_open_system(&bus) >= 0);
91140

92141
/* Normally signed */
93-
test_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
94-
test_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
142+
test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
143+
test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
144+
145+
test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
146+
test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
95147

96148
/* Normally signed, NODATA */
97-
test_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
98-
test_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
149+
test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
150+
test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
99151

100152
/* Invalid signature */
101-
test_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
153+
test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
154+
test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
102155

103156
/* Invalid signature, RSA, wildcard */
104-
test_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
157+
test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
158+
test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
105159

106160
/* Invalid signature, ECDSA, wildcard */
107-
test_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
161+
test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
162+
test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
108163

109164
/* NXDOMAIN in NSEC domain */
110-
test_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
165+
test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
166+
test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
111167

112168
/* wildcard, NSEC zone */
113-
test_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
169+
test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
170+
test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
114171

115172
/* wildcard, NSEC zone, NODATA */
116-
test_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
173+
test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
117174

118175
/* wildcard, NSEC3 zone */
119-
test_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
176+
test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
177+
test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
120178

121179
/* wildcard, NSEC3 zone, NODATA */
122-
test_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
180+
test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
123181

124182
/* wildcard, NSEC zone, CNAME */
125-
test_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
183+
test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
184+
test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
185+
test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
126186

127187
/* wildcard, NSEC zone, NODATA, CNAME */
128-
test_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
188+
test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
129189

130190
/* wildcard, NSEC3 zone, CNAME */
131-
test_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
191+
test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
192+
test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
193+
test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
132194

133195
/* wildcard, NSEC3 zone, NODATA, CNAME */
134-
test_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
196+
test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
135197

136198
/* NODATA due to empty non-terminal in NSEC domain */
137-
test_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
199+
test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
200+
test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
201+
test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
202+
test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
138203

139204
/* NXDOMAIN in NSEC root zone: */
140-
test_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
205+
test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
206+
test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
207+
test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
208+
test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
141209

142210
/* NXDOMAIN in NSEC3 .com zone: */
143-
test_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
211+
test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
212+
test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
213+
test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
214+
test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
215+
216+
/* Unsigned A */
217+
test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
218+
test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
219+
test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
220+
test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
221+
test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
222+
223+
#if HAVE_LIBIDN
224+
/* Unsigned A with IDNA conversion necessary */
225+
test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
226+
test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
227+
test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
228+
#endif
144229

145230
return 0;
146231
}

0 commit comments

Comments
 (0)