]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/test-dnssec-complex.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
grypt-util: drop two emacs modelines
[thirdparty/systemd.git] / src / resolve / test-dnssec-complex.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright 2016 Lennart Poettering
4 ***/
5
6 #include <netinet/ip.h>
7
8 #include "sd-bus.h"
9
10 #include "af-list.h"
11 #include "alloc-util.h"
12 #include "bus-common-errors.h"
13 #include "dns-type.h"
14 #include "random-util.h"
15 #include "resolved-def.h"
16 #include "string-util.h"
17 #include "time-util.h"
18
19 static void prefix_random(const char *name, char **ret) {
20 uint64_t i, u;
21 char *m = NULL;
22
23 u = 1 + (random_u64() & 3);
24
25 for (i = 0; i < u; i++) {
26 _cleanup_free_ char *b = NULL;
27 char *x;
28
29 assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
30 x = strjoin(b, ".", name);
31 assert_se(x);
32
33 free(m);
34 m = x;
35 }
36
37 *ret = m;
38 }
39
40 static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
41 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
42 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
43 _cleanup_free_ char *m = NULL;
44 int r;
45
46 /* If the name starts with a dot, we prefix one to three random labels */
47 if (startswith(name, ".")) {
48 prefix_random(name + 1, &m);
49 name = m;
50 }
51
52 assert_se(sd_bus_message_new_method_call(
53 bus,
54 &req,
55 "org.freedesktop.resolve1",
56 "/org/freedesktop/resolve1",
57 "org.freedesktop.resolve1.Manager",
58 "ResolveRecord") >= 0);
59
60 assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
61
62 r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
63
64 if (r < 0) {
65 assert_se(result);
66 assert_se(sd_bus_error_has_name(&error, result));
67 log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
68 } else {
69 assert_se(!result);
70 log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
71 }
72 }
73
74 static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
75 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
76 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
77 _cleanup_free_ char *m = NULL;
78 const char *af;
79 int r;
80
81 af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
82
83 /* If the name starts with a dot, we prefix one to three random labels */
84 if (startswith(name, ".")) {
85 prefix_random(name + 1, &m);
86 name = m;
87 }
88
89 assert_se(sd_bus_message_new_method_call(
90 bus,
91 &req,
92 "org.freedesktop.resolve1",
93 "/org/freedesktop/resolve1",
94 "org.freedesktop.resolve1.Manager",
95 "ResolveHostname") >= 0);
96
97 assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
98
99 r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
100
101 if (r < 0) {
102 assert_se(result);
103 assert_se(sd_bus_error_has_name(&error, result));
104 log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
105 } else {
106 assert_se(!result);
107 log_info("[OK] %s/%s succeeded.", name, af);
108 }
109
110 }
111
112 int main(int argc, char* argv[]) {
113 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
114
115 /* Note that this is a manual test as it requires:
116 *
117 * Full network access
118 * A DNSSEC capable DNS server
119 * That zones contacted are still set up as they were when I wrote this.
120 */
121
122 assert_se(sd_bus_open_system(&bus) >= 0);
123
124 /* Normally signed */
125 test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
126 test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
127
128 test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
129 test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
130
131 /* Normally signed, NODATA */
132 test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
133 test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
134
135 /* Invalid signature */
136 test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
137 test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
138
139 /* Invalid signature, RSA, wildcard */
140 test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
141 test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
142
143 /* Invalid signature, ECDSA, wildcard */
144 test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
145 test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
146
147 /* Missing DS for DNSKEY */
148 test_rr_lookup(bus, "www.dnssec-bogus.sg", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
149 test_hostname_lookup(bus, "www.dnssec-bogus.sg", AF_INET, BUS_ERROR_DNSSEC_FAILED);
150
151 /* NXDOMAIN in NSEC domain */
152 test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
153 test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
154 test_rr_lookup(bus, "_pgpkey-https._tcp.hkps.pool.sks-keyservers.net", DNS_TYPE_SRV, _BUS_ERROR_DNS "NXDOMAIN");
155
156 /* wildcard, NSEC zone */
157 test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
158 test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
159
160 /* wildcard, NSEC zone, NODATA */
161 test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
162
163 /* wildcard, NSEC3 zone */
164 test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
165 test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
166
167 /* wildcard, NSEC3 zone, NODATA */
168 test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
169
170 /* wildcard, NSEC zone, CNAME */
171 test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
172 test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
173 test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
174
175 /* wildcard, NSEC zone, NODATA, CNAME */
176 test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
177
178 /* wildcard, NSEC3 zone, CNAME */
179 test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
180 test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
181 test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
182
183 /* wildcard, NSEC3 zone, NODATA, CNAME */
184 test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
185
186 /* NODATA due to empty non-terminal in NSEC domain */
187 test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
188 test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
189 test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
190 test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
191
192 /* NXDOMAIN in NSEC root zone: */
193 test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
194 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
195 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
196 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
197
198 /* NXDOMAIN in NSEC3 .com zone: */
199 test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
200 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
201 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
202 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
203
204 /* Unsigned A */
205 test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
206 test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
207 test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
208 test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
209 test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
210
211 #if HAVE_LIBIDN2 || HAVE_LIBIDN
212 /* Unsigned A with IDNA conversion necessary */
213 test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
214 test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
215 test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
216 #endif
217
218 /* DNAME, pointing to NXDOMAIN */
219 test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
220 test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
221 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
222 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
223 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
224
225 return 0;
226 }
Unnamed repository; edit this file 'description' to name the repository.