]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
412577e3 | 2 | |
12634bb4 LP |
3 | #include <netinet/ip.h> |
4 | ||
412577e3 LP |
5 | #include "sd-bus.h" |
6 | ||
12634bb4 | 7 | #include "af-list.h" |
412577e3 LP |
8 | #include "alloc-util.h" |
9 | #include "bus-common-errors.h" | |
10 | #include "dns-type.h" | |
11 | #include "random-util.h" | |
4cbfd62b | 12 | #include "resolved-def.h" |
412577e3 LP |
13 | #include "string-util.h" |
14 | #include "time-util.h" | |
15 | ||
12634bb4 LP |
16 | static void prefix_random(const char *name, char **ret) { |
17 | uint64_t i, u; | |
18 | char *m = NULL; | |
19 | ||
20 | u = 1 + (random_u64() & 3); | |
21 | ||
22 | for (i = 0; i < u; i++) { | |
23 | _cleanup_free_ char *b = NULL; | |
24 | char *x; | |
25 | ||
26 | assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64())); | |
605405c6 | 27 | x = strjoin(b, ".", name); |
12634bb4 LP |
28 | assert_se(x); |
29 | ||
30 | free(m); | |
31 | m = x; | |
32 | } | |
33 | ||
34 | *ret = m; | |
35 | } | |
36 | ||
37 | static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) { | |
412577e3 LP |
38 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL; |
39 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
40 | _cleanup_free_ char *m = NULL; | |
41 | int r; | |
42 | ||
43 | /* If the name starts with a dot, we prefix one to three random labels */ | |
44 | if (startswith(name, ".")) { | |
12634bb4 LP |
45 | prefix_random(name + 1, &m); |
46 | name = m; | |
412577e3 LP |
47 | } |
48 | ||
49 | assert_se(sd_bus_message_new_method_call( | |
50 | bus, | |
51 | &req, | |
52 | "org.freedesktop.resolve1", | |
53 | "/org/freedesktop/resolve1", | |
54 | "org.freedesktop.resolve1.Manager", | |
55 | "ResolveRecord") >= 0); | |
56 | ||
57 | assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0); | |
58 | ||
4cbfd62b | 59 | r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply); |
412577e3 LP |
60 | |
61 | if (r < 0) { | |
62 | assert_se(result); | |
63 | assert_se(sd_bus_error_has_name(&error, result)); | |
64 | log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name); | |
65 | } else { | |
66 | assert_se(!result); | |
67 | log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type)); | |
68 | } | |
69 | } | |
70 | ||
12634bb4 LP |
71 | static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) { |
72 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL; | |
73 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
74 | _cleanup_free_ char *m = NULL; | |
75 | const char *af; | |
76 | int r; | |
77 | ||
78 | af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family); | |
79 | ||
80 | /* If the name starts with a dot, we prefix one to three random labels */ | |
81 | if (startswith(name, ".")) { | |
82 | prefix_random(name + 1, &m); | |
83 | name = m; | |
84 | } | |
85 | ||
86 | assert_se(sd_bus_message_new_method_call( | |
87 | bus, | |
88 | &req, | |
89 | "org.freedesktop.resolve1", | |
90 | "/org/freedesktop/resolve1", | |
91 | "org.freedesktop.resolve1.Manager", | |
92 | "ResolveHostname") >= 0); | |
93 | ||
94 | assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0); | |
95 | ||
4cbfd62b | 96 | r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply); |
12634bb4 LP |
97 | |
98 | if (r < 0) { | |
99 | assert_se(result); | |
100 | assert_se(sd_bus_error_has_name(&error, result)); | |
101 | log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name); | |
102 | } else { | |
103 | assert_se(!result); | |
104 | log_info("[OK] %s/%s succeeded.", name, af); | |
105 | } | |
106 | ||
107 | } | |
108 | ||
412577e3 LP |
109 | int main(int argc, char* argv[]) { |
110 | _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; | |
111 | ||
112 | /* Note that this is a manual test as it requires: | |
113 | * | |
114 | * Full network access | |
115 | * A DNSSEC capable DNS server | |
116 | * That zones contacted are still set up as they were when I wrote this. | |
117 | */ | |
118 | ||
119 | assert_se(sd_bus_open_system(&bus) >= 0); | |
120 | ||
121 | /* Normally signed */ | |
12634bb4 LP |
122 | test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL); |
123 | test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL); | |
124 | ||
125 | test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL); | |
126 | test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL); | |
412577e3 LP |
127 | |
128 | /* Normally signed, NODATA */ | |
12634bb4 LP |
129 | test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); |
130 | test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); | |
412577e3 LP |
131 | |
132 | /* Invalid signature */ | |
12634bb4 LP |
133 | test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED); |
134 | test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED); | |
412577e3 LP |
135 | |
136 | /* Invalid signature, RSA, wildcard */ | |
12634bb4 LP |
137 | test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED); |
138 | test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED); | |
412577e3 LP |
139 | |
140 | /* Invalid signature, ECDSA, wildcard */ | |
12634bb4 LP |
141 | test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED); |
142 | test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED); | |
412577e3 | 143 | |
6d67385f LP |
144 | /* Missing DS for DNSKEY */ |
145 | test_rr_lookup(bus, "www.dnssec-bogus.sg", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED); | |
146 | test_hostname_lookup(bus, "www.dnssec-bogus.sg", AF_INET, BUS_ERROR_DNSSEC_FAILED); | |
147 | ||
412577e3 | 148 | /* NXDOMAIN in NSEC domain */ |
12634bb4 LP |
149 | test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN"); |
150 | test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN"); | |
0b491556 | 151 | test_rr_lookup(bus, "_pgpkey-https._tcp.hkps.pool.sks-keyservers.net", DNS_TYPE_SRV, _BUS_ERROR_DNS "NXDOMAIN"); |
412577e3 LP |
152 | |
153 | /* wildcard, NSEC zone */ | |
12634bb4 LP |
154 | test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL); |
155 | test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL); | |
412577e3 LP |
156 | |
157 | /* wildcard, NSEC zone, NODATA */ | |
12634bb4 | 158 | test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); |
412577e3 LP |
159 | |
160 | /* wildcard, NSEC3 zone */ | |
12634bb4 LP |
161 | test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL); |
162 | test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL); | |
412577e3 LP |
163 | |
164 | /* wildcard, NSEC3 zone, NODATA */ | |
12634bb4 | 165 | test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); |
412577e3 LP |
166 | |
167 | /* wildcard, NSEC zone, CNAME */ | |
12634bb4 LP |
168 | test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL); |
169 | test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL); | |
170 | test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL); | |
412577e3 LP |
171 | |
172 | /* wildcard, NSEC zone, NODATA, CNAME */ | |
12634bb4 | 173 | test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); |
412577e3 LP |
174 | |
175 | /* wildcard, NSEC3 zone, CNAME */ | |
12634bb4 LP |
176 | test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL); |
177 | test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL); | |
178 | test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL); | |
412577e3 LP |
179 | |
180 | /* wildcard, NSEC3 zone, NODATA, CNAME */ | |
12634bb4 | 181 | test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR); |
412577e3 LP |
182 | |
183 | /* NODATA due to empty non-terminal in NSEC domain */ | |
12634bb4 LP |
184 | test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR); |
185 | test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR); | |
186 | test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR); | |
187 | test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR); | |
412577e3 LP |
188 | |
189 | /* NXDOMAIN in NSEC root zone: */ | |
12634bb4 LP |
190 | test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN"); |
191 | test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN"); | |
192 | test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN"); | |
193 | test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN"); | |
412577e3 LP |
194 | |
195 | /* NXDOMAIN in NSEC3 .com zone: */ | |
12634bb4 LP |
196 | test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN"); |
197 | test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN"); | |
198 | test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN"); | |
199 | test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN"); | |
200 | ||
201 | /* Unsigned A */ | |
202 | test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL); | |
203 | test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL); | |
204 | test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL); | |
205 | test_hostname_lookup(bus, "poettering.de", AF_INET, NULL); | |
206 | test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL); | |
207 | ||
349cc4a5 | 208 | #if HAVE_LIBIDN2 || HAVE_LIBIDN |
12634bb4 LP |
209 | /* Unsigned A with IDNA conversion necessary */ |
210 | test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL); | |
211 | test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL); | |
212 | test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL); | |
213 | #endif | |
412577e3 | 214 | |
8f4560c7 LP |
215 | /* DNAME, pointing to NXDOMAIN */ |
216 | test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN"); | |
217 | test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN"); | |
218 | test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN"); | |
219 | test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN"); | |
220 | test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN"); | |
221 | ||
412577e3 LP |
222 | return 0; |
223 | } |