1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2016 Lennart Poettering
6 #include <netinet/ip.h>
11 #include "alloc-util.h"
12 #include "bus-common-errors.h"
14 #include "random-util.h"
15 #include "resolved-def.h"
16 #include "string-util.h"
17 #include "time-util.h"
19 static void prefix_random(const char *name
, char **ret
) {
23 u
= 1 + (random_u64() & 3);
25 for (i
= 0; i
< u
; i
++) {
26 _cleanup_free_
char *b
= NULL
;
29 assert_se(asprintf(&b
, "x%" PRIu64
"x", random_u64()));
30 x
= strjoin(b
, ".", name
);
40 static void test_rr_lookup(sd_bus
*bus
, const char *name
, uint16_t type
, const char *result
) {
41 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*req
= NULL
, *reply
= NULL
;
42 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
43 _cleanup_free_
char *m
= NULL
;
46 /* If the name starts with a dot, we prefix one to three random labels */
47 if (startswith(name
, ".")) {
48 prefix_random(name
+ 1, &m
);
52 assert_se(sd_bus_message_new_method_call(
55 "org.freedesktop.resolve1",
56 "/org/freedesktop/resolve1",
57 "org.freedesktop.resolve1.Manager",
58 "ResolveRecord") >= 0);
60 assert_se(sd_bus_message_append(req
, "isqqt", 0, name
, DNS_CLASS_IN
, type
, UINT64_C(0)) >= 0);
62 r
= sd_bus_call(bus
, req
, SD_RESOLVED_QUERY_TIMEOUT_USEC
, &error
, &reply
);
66 assert_se(sd_bus_error_has_name(&error
, result
));
67 log_info("[OK] %s/%s resulted in <%s>.", name
, dns_type_to_string(type
), error
.name
);
70 log_info("[OK] %s/%s succeeded.", name
, dns_type_to_string(type
));
74 static void test_hostname_lookup(sd_bus
*bus
, const char *name
, int family
, const char *result
) {
75 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*req
= NULL
, *reply
= NULL
;
76 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
77 _cleanup_free_
char *m
= NULL
;
81 af
= family
== AF_UNSPEC
? "AF_UNSPEC" : af_to_name(family
);
83 /* If the name starts with a dot, we prefix one to three random labels */
84 if (startswith(name
, ".")) {
85 prefix_random(name
+ 1, &m
);
89 assert_se(sd_bus_message_new_method_call(
92 "org.freedesktop.resolve1",
93 "/org/freedesktop/resolve1",
94 "org.freedesktop.resolve1.Manager",
95 "ResolveHostname") >= 0);
97 assert_se(sd_bus_message_append(req
, "isit", 0, name
, family
, UINT64_C(0)) >= 0);
99 r
= sd_bus_call(bus
, req
, SD_RESOLVED_QUERY_TIMEOUT_USEC
, &error
, &reply
);
103 assert_se(sd_bus_error_has_name(&error
, result
));
104 log_info("[OK] %s/%s resulted in <%s>.", name
, af
, error
.name
);
107 log_info("[OK] %s/%s succeeded.", name
, af
);
112 int main(int argc
, char* argv
[]) {
113 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
115 /* Note that this is a manual test as it requires:
117 * Full network access
118 * A DNSSEC capable DNS server
119 * That zones contacted are still set up as they were when I wrote this.
122 assert_se(sd_bus_open_system(&bus
) >= 0);
124 /* Normally signed */
125 test_rr_lookup(bus
, "www.eurid.eu", DNS_TYPE_A
, NULL
);
126 test_hostname_lookup(bus
, "www.eurid.eu", AF_UNSPEC
, NULL
);
128 test_rr_lookup(bus
, "sigok.verteiltesysteme.net", DNS_TYPE_A
, NULL
);
129 test_hostname_lookup(bus
, "sigok.verteiltesysteme.net", AF_UNSPEC
, NULL
);
131 /* Normally signed, NODATA */
132 test_rr_lookup(bus
, "www.eurid.eu", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
133 test_rr_lookup(bus
, "sigok.verteiltesysteme.net", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
135 /* Invalid signature */
136 test_rr_lookup(bus
, "sigfail.verteiltesysteme.net", DNS_TYPE_A
, BUS_ERROR_DNSSEC_FAILED
);
137 test_hostname_lookup(bus
, "sigfail.verteiltesysteme.net", AF_INET
, BUS_ERROR_DNSSEC_FAILED
);
139 /* Invalid signature, RSA, wildcard */
140 test_rr_lookup(bus
, ".wilda.rhybar.0skar.cz", DNS_TYPE_A
, BUS_ERROR_DNSSEC_FAILED
);
141 test_hostname_lookup(bus
, ".wilda.rhybar.0skar.cz", AF_INET
, BUS_ERROR_DNSSEC_FAILED
);
143 /* Invalid signature, ECDSA, wildcard */
144 test_rr_lookup(bus
, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A
, BUS_ERROR_DNSSEC_FAILED
);
145 test_hostname_lookup(bus
, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET
, BUS_ERROR_DNSSEC_FAILED
);
147 /* Missing DS for DNSKEY */
148 test_rr_lookup(bus
, "www.dnssec-bogus.sg", DNS_TYPE_A
, BUS_ERROR_DNSSEC_FAILED
);
149 test_hostname_lookup(bus
, "www.dnssec-bogus.sg", AF_INET
, BUS_ERROR_DNSSEC_FAILED
);
151 /* NXDOMAIN in NSEC domain */
152 test_rr_lookup(bus
, "hhh.nasa.gov", DNS_TYPE_A
, _BUS_ERROR_DNS
"NXDOMAIN");
153 test_hostname_lookup(bus
, "hhh.nasa.gov", AF_UNSPEC
, _BUS_ERROR_DNS
"NXDOMAIN");
154 test_rr_lookup(bus
, "_pgpkey-https._tcp.hkps.pool.sks-keyservers.net", DNS_TYPE_SRV
, _BUS_ERROR_DNS
"NXDOMAIN");
156 /* wildcard, NSEC zone */
157 test_rr_lookup(bus
, ".wilda.nsec.0skar.cz", DNS_TYPE_A
, NULL
);
158 test_hostname_lookup(bus
, ".wilda.nsec.0skar.cz", AF_INET
, NULL
);
160 /* wildcard, NSEC zone, NODATA */
161 test_rr_lookup(bus
, ".wilda.nsec.0skar.cz", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
163 /* wildcard, NSEC3 zone */
164 test_rr_lookup(bus
, ".wilda.0skar.cz", DNS_TYPE_A
, NULL
);
165 test_hostname_lookup(bus
, ".wilda.0skar.cz", AF_INET
, NULL
);
167 /* wildcard, NSEC3 zone, NODATA */
168 test_rr_lookup(bus
, ".wilda.0skar.cz", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
170 /* wildcard, NSEC zone, CNAME */
171 test_rr_lookup(bus
, ".wild.nsec.0skar.cz", DNS_TYPE_A
, NULL
);
172 test_hostname_lookup(bus
, ".wild.nsec.0skar.cz", AF_UNSPEC
, NULL
);
173 test_hostname_lookup(bus
, ".wild.nsec.0skar.cz", AF_INET
, NULL
);
175 /* wildcard, NSEC zone, NODATA, CNAME */
176 test_rr_lookup(bus
, ".wild.nsec.0skar.cz", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
178 /* wildcard, NSEC3 zone, CNAME */
179 test_rr_lookup(bus
, ".wild.0skar.cz", DNS_TYPE_A
, NULL
);
180 test_hostname_lookup(bus
, ".wild.0skar.cz", AF_UNSPEC
, NULL
);
181 test_hostname_lookup(bus
, ".wild.0skar.cz", AF_INET
, NULL
);
183 /* wildcard, NSEC3 zone, NODATA, CNAME */
184 test_rr_lookup(bus
, ".wild.0skar.cz", DNS_TYPE_RP
, BUS_ERROR_NO_SUCH_RR
);
186 /* NODATA due to empty non-terminal in NSEC domain */
187 test_rr_lookup(bus
, "herndon.nasa.gov", DNS_TYPE_A
, BUS_ERROR_NO_SUCH_RR
);
188 test_hostname_lookup(bus
, "herndon.nasa.gov", AF_UNSPEC
, BUS_ERROR_NO_SUCH_RR
);
189 test_hostname_lookup(bus
, "herndon.nasa.gov", AF_INET
, BUS_ERROR_NO_SUCH_RR
);
190 test_hostname_lookup(bus
, "herndon.nasa.gov", AF_INET6
, BUS_ERROR_NO_SUCH_RR
);
192 /* NXDOMAIN in NSEC root zone: */
193 test_rr_lookup(bus
, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A
, _BUS_ERROR_DNS
"NXDOMAIN");
194 test_hostname_lookup(bus
, "jasdhjas.kjkfgjhfjg", AF_UNSPEC
, _BUS_ERROR_DNS
"NXDOMAIN");
195 test_hostname_lookup(bus
, "jasdhjas.kjkfgjhfjg", AF_INET
, _BUS_ERROR_DNS
"NXDOMAIN");
196 test_hostname_lookup(bus
, "jasdhjas.kjkfgjhfjg", AF_INET6
, _BUS_ERROR_DNS
"NXDOMAIN");
198 /* NXDOMAIN in NSEC3 .com zone: */
199 test_rr_lookup(bus
, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A
, _BUS_ERROR_DNS
"NXDOMAIN");
200 test_hostname_lookup(bus
, "kjkfgjhfjgsdfdsfd.com", AF_INET
, _BUS_ERROR_DNS
"NXDOMAIN");
201 test_hostname_lookup(bus
, "kjkfgjhfjgsdfdsfd.com", AF_INET6
, _BUS_ERROR_DNS
"NXDOMAIN");
202 test_hostname_lookup(bus
, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC
, _BUS_ERROR_DNS
"NXDOMAIN");
205 test_rr_lookup(bus
, "poettering.de", DNS_TYPE_A
, NULL
);
206 test_rr_lookup(bus
, "poettering.de", DNS_TYPE_AAAA
, NULL
);
207 test_hostname_lookup(bus
, "poettering.de", AF_UNSPEC
, NULL
);
208 test_hostname_lookup(bus
, "poettering.de", AF_INET
, NULL
);
209 test_hostname_lookup(bus
, "poettering.de", AF_INET6
, NULL
);
211 #if HAVE_LIBIDN2 || HAVE_LIBIDN
212 /* Unsigned A with IDNA conversion necessary */
213 test_hostname_lookup(bus
, "pöttering.de", AF_UNSPEC
, NULL
);
214 test_hostname_lookup(bus
, "pöttering.de", AF_INET
, NULL
);
215 test_hostname_lookup(bus
, "pöttering.de", AF_INET6
, NULL
);
218 /* DNAME, pointing to NXDOMAIN */
219 test_rr_lookup(bus
, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A
, _BUS_ERROR_DNS
"NXDOMAIN");
220 test_rr_lookup(bus
, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP
, _BUS_ERROR_DNS
"NXDOMAIN");
221 test_hostname_lookup(bus
, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC
, _BUS_ERROR_DNS
"NXDOMAIN");
222 test_hostname_lookup(bus
, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET
, _BUS_ERROR_DNS
"NXDOMAIN");
223 test_hostname_lookup(bus
, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6
, _BUS_ERROR_DNS
"NXDOMAIN");