[thirdparty/pdns.git] / regression-tests.auth-py / test_Cookies.py

#!/usr/bin/env python
import dns

from authtests import AuthTest


class TestEdnsCookies(AuthTest):
    _config_template = """
launch=bind
edns-cookie-secret=aabbccddeeff11223344556677889900
"""

    _zones = {
        'example.org': """
example.org.                 3600 IN SOA  {soa}
example.org.                 3600 IN NS   ns1.example.org.
example.org.                 3600 IN NS   ns2.example.org.
ns1.example.org.             3600 IN A    192.0.2.10
ns2.example.org.             3600 IN A    192.0.2.11

www.example.org.             3600 IN A    192.0.2.5
        """,
    }

    def sendAndExpectNoCookie(self, msg, rcode):
        res = self.sendUDPQuery(msg)
        self.assertRcodeEqual(res, rcode)
        self.assertFalse(any([opt.otype == dns.edns.COOKIE for
                              opt in res.options]))

    def getCookieFromServer(self):
        opts = [
            dns.edns.GenericOption(dns.edns.COOKIE,
                                   b'\x22\x11\x33\x44\x55\x66\x77\x88')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        res = self.sendUDPQuery(query)
        self.assertRcodeEqual(res, 23)  # BADCOOKIE
        for opt in res.options:
            if opt.otype == dns.edns.COOKIE:
                return opt
        self.fail()

    def testNoCookie(self):
        query = dns.message.make_query('www.example.org', 'A', use_edns=0)
        self.sendAndExpectNoCookie(query, dns.rcode.NOERROR)

    def testClientCookieTooShort(self):
        opts = [dns.edns.GenericOption(dns.edns.COOKIE, b'\x22')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)

        opts = [dns.edns.GenericOption(dns.edns.COOKIE,
                                       b'\x22\x11\x33\x44\x55\x66\x77')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)

    def testServerCookieTooShort(self):
        opts = [
            dns.edns.GenericOption(dns.edns.COOKIE,
                                   b'\x22\x11\x33\x44\x55\x66\x77\x88\x99')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)

        opts = [
            dns.edns.GenericOption(dns.edns.COOKIE,
                                   b'\x22\x11\x33\x44\x55\x66\x77\x88' +
                                   b'\x22\x11\x33\x44\x55\x66\x77')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)

    def testOnlyClientCookie(self):
        opts = [
            dns.edns.GenericOption(dns.edns.COOKIE,
                                   b'\x22\x11\x33\x44\x55\x66\x77\x88')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        res = self.sendUDPQuery(query)
        self.assertRcodeEqual(res, 23)  # BADCOOKIE
        self.assertTrue(any([opt.otype == dns.edns.COOKIE for
                             opt in res.options]))

    def testOnlyClientCookieTCP(self):
        opts = [
            dns.edns.GenericOption(dns.edns.COOKIE,
                                   b'\x22\x11\x33\x44\x55\x66\x77\x88')]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        res = self.sendTCPQuery(query)
        self.assertRcodeEqual(res, dns.rcode.NOERROR)
        self.assertTrue(any(opt.otype == dns.edns.COOKIE for
                            opt in res.options))


    def testCorrectCookie(self):
        opts = [self.getCookieFromServer()]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        res = self.sendUDPQuery(query)
        self.assertRcodeEqual(res, dns.rcode.NOERROR)

    def testBrokenCookie(self):
        data = self.getCookieFromServer().data
        # replace a byte in the client cookie
        data = data.replace(b'\x11', b'\x12')
        opts = [dns.edns.GenericOption(dns.edns.COOKIE, data)]
        query = dns.message.make_query('www.example.org', 'A', options=opts)
        res = self.sendUDPQuery(query)
        self.assertRcodeEqual(res, 23)
        for opt in res.options:
            if opt.otype == dns.edns.COOKIE:
                self.assertNotEqual(opt.data, opts[0].data)
                return
        self.fail()
Commit	Line	Data
37063755 PL	1	#!/usr/bin/env python
	2	import dns
	3
	4	from authtests import AuthTest
	5
	6
	7	class TestEdnsCookies(AuthTest):
	8	_config_template = """
	9	launch=bind
	10	edns-cookie-secret=aabbccddeeff11223344556677889900
	11	"""
	12
	13	_zones = {
	14	'example.org': """
	15	example.org. 3600 IN SOA {soa}
	16	example.org. 3600 IN NS ns1.example.org.
	17	example.org. 3600 IN NS ns2.example.org.
	18	ns1.example.org. 3600 IN A 192.0.2.10
	19	ns2.example.org. 3600 IN A 192.0.2.11
	20
	21	www.example.org. 3600 IN A 192.0.2.5
	22	""",
	23	}
	24
	25	def sendAndExpectNoCookie(self, msg, rcode):
	26	res = self.sendUDPQuery(msg)
	27	self.assertRcodeEqual(res, rcode)
	28	self.assertFalse(any([opt.otype == dns.edns.COOKIE for
	29	opt in res.options]))
	30
	31	def getCookieFromServer(self):
	32	opts = [
	33	dns.edns.GenericOption(dns.edns.COOKIE,
	34	b'\x22\x11\x33\x44\x55\x66\x77\x88')]
	35	query = dns.message.make_query('www.example.org', 'A', options=opts)
	36	res = self.sendUDPQuery(query)
	37	self.assertRcodeEqual(res, 23) # BADCOOKIE
	38	for opt in res.options:
	39	if opt.otype == dns.edns.COOKIE:
	40	return opt
	41	self.fail()
	42
	43	def testNoCookie(self):
	44	query = dns.message.make_query('www.example.org', 'A', use_edns=0)
	45	self.sendAndExpectNoCookie(query, dns.rcode.NOERROR)
	46
	47	def testClientCookieTooShort(self):
	48	opts = [dns.edns.GenericOption(dns.edns.COOKIE, b'\x22')]
	49	query = dns.message.make_query('www.example.org', 'A', options=opts)
	50	self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)
	51
	52	opts = [dns.edns.GenericOption(dns.edns.COOKIE,
	53	b'\x22\x11\x33\x44\x55\x66\x77')]
	54	query = dns.message.make_query('www.example.org', 'A', options=opts)
	55	self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)
	56
	57	def testServerCookieTooShort(self):
	58	opts = [
	59	dns.edns.GenericOption(dns.edns.COOKIE,
	60	b'\x22\x11\x33\x44\x55\x66\x77\x88\x99')]
	61	query = dns.message.make_query('www.example.org', 'A', options=opts)
	62	self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)
	63
	64	opts = [
65	dns.edns.GenericOption(dns.edns.COOKIE,
66	b'\x22\x11\x33\x44\x55\x66\x77\x88' +
67	b'\x22\x11\x33\x44\x55\x66\x77')]
68	query = dns.message.make_query('www.example.org', 'A', options=opts)
69	self.sendAndExpectNoCookie(query, dns.rcode.FORMERR)
70
71	def testOnlyClientCookie(self):
72	opts = [
73	dns.edns.GenericOption(dns.edns.COOKIE,
74	b'\x22\x11\x33\x44\x55\x66\x77\x88')]
75	query = dns.message.make_query('www.example.org', 'A', options=opts)
76	res = self.sendUDPQuery(query)
77	self.assertRcodeEqual(res, 23) # BADCOOKIE
78	self.assertTrue(any([opt.otype == dns.edns.COOKIE for
79	opt in res.options]))
80
71e1eed5 PL	81	def testOnlyClientCookieTCP(self):
	82	opts = [
	83	dns.edns.GenericOption(dns.edns.COOKIE,
	84	b'\x22\x11\x33\x44\x55\x66\x77\x88')]
	85	query = dns.message.make_query('www.example.org', 'A', options=opts)
	86	res = self.sendTCPQuery(query)
	87	self.assertRcodeEqual(res, dns.rcode.NOERROR)
	88	self.assertTrue(any(opt.otype == dns.edns.COOKIE for
	89	opt in res.options))
	90
	91
37063755 PL	92	def testCorrectCookie(self):
	93	opts = [self.getCookieFromServer()]
	94	query = dns.message.make_query('www.example.org', 'A', options=opts)
	95	res = self.sendUDPQuery(query)
	96	self.assertRcodeEqual(res, dns.rcode.NOERROR)
	97
	98	def testBrokenCookie(self):
	99	data = self.getCookieFromServer().data
29992caa	100	# replace a byte in the client cookie
37063755 PL	101	data = data.replace(b'\x11', b'\x12')
	102	opts = [dns.edns.GenericOption(dns.edns.COOKIE, data)]
	103	query = dns.message.make_query('www.example.org', 'A', options=opts)
	104	res = self.sendUDPQuery(query)
	105	self.assertRcodeEqual(res, 23)
	106	for opt in res.options:
	107	if opt.otype == dns.edns.COOKIE:
	108	self.assertNotEqual(opt.data, opts[0].data)
	109	return
	110	self.fail()