]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/test-dnssec-complex.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #9253 from yuwata/fix-timezone_is_valid
[thirdparty/systemd.git] / src / resolve / test-dnssec-complex.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
412577e3
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2016 Lennart Poettering
412577e3
LP		 6***/
7
12634bb4
LP		 8#include <netinet/ip.h>
9
412577e3
LP		 10#include "sd-bus.h"
11
12634bb4 12#include "af-list.h"
412577e3
LP		 13#include "alloc-util.h"
14#include "bus-common-errors.h"
15#include "dns-type.h"
16#include "random-util.h"
4cbfd62b 17#include "resolved-def.h"
412577e3
LP		 18#include "string-util.h"
19#include "time-util.h"
20
12634bb4
LP		 21static void prefix_random(const char *name, char **ret) {
22 uint64_t i, u;
23 char *m = NULL;
24
25 u = 1 + (random_u64() & 3);
26
27 for (i = 0; i < u; i++) {
28 _cleanup_free_ char *b = NULL;
29 char *x;
30
31 assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
605405c6 32 x = strjoin(b, ".", name);
12634bb4
LP		 33 assert_se(x);
34
35 free(m);
36 m = x;
37 }
38
39 *ret = m;
40 }
41
42static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
412577e3
LP		 43 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
44 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
45 _cleanup_free_ char *m = NULL;
46 int r;
47
48 /* If the name starts with a dot, we prefix one to three random labels */
49 if (startswith(name, ".")) {
12634bb4
LP		 50 prefix_random(name + 1, &m);
51 name = m;
412577e3
LP		 52 }
53
54 assert_se(sd_bus_message_new_method_call(
55 bus,
56 &req,
57 "org.freedesktop.resolve1",
58 "/org/freedesktop/resolve1",
59 "org.freedesktop.resolve1.Manager",
60 "ResolveRecord") >= 0);
61
62 assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
63
4cbfd62b 64 r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
412577e3
LP		 65
66 if (r < 0) {
67 assert_se(result);
68 assert_se(sd_bus_error_has_name(&error, result));
69 log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
70 } else {
71 assert_se(!result);
72 log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
73 }
74}
75
12634bb4
LP		 76static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
77 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
78 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
79 _cleanup_free_ char *m = NULL;
80 const char *af;
81 int r;
82
83 af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
84
85 /* If the name starts with a dot, we prefix one to three random labels */
86 if (startswith(name, ".")) {
87 prefix_random(name + 1, &m);
88 name = m;
89 }
90
91 assert_se(sd_bus_message_new_method_call(
92 bus,
93 &req,
94 "org.freedesktop.resolve1",
95 "/org/freedesktop/resolve1",
96 "org.freedesktop.resolve1.Manager",
97 "ResolveHostname") >= 0);
98
99 assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
100
4cbfd62b 101 r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
12634bb4
LP		 102
103 if (r < 0) {
104 assert_se(result);
105 assert_se(sd_bus_error_has_name(&error, result));
106 log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
107 } else {
108 assert_se(!result);
109 log_info("[OK] %s/%s succeeded.", name, af);
110 }
111
112}
113
412577e3
LP		 114int main(int argc, char* argv[]) {
115 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
116
117 /* Note that this is a manual test as it requires:
118 *
119 * Full network access
120 * A DNSSEC capable DNS server
121 * That zones contacted are still set up as they were when I wrote this.
122 */
123
124 assert_se(sd_bus_open_system(&bus) >= 0);
125
126 /* Normally signed */
12634bb4
LP		 127 test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
128 test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
129
130 test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
131 test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
412577e3
LP		 132
133 /* Normally signed, NODATA */
12634bb4
LP		 134 test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
135 test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 136
137 /* Invalid signature */
12634bb4
LP		 138 test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
139 test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3
LP		 140
141 /* Invalid signature, RSA, wildcard */
12634bb4
LP		 142 test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
143 test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3
LP		 144
145 /* Invalid signature, ECDSA, wildcard */
12634bb4
LP		 146 test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
147 test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3 148
6d67385f
LP		 149 /* Missing DS for DNSKEY */
150 test_rr_lookup(bus, "www.dnssec-bogus.sg", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
151 test_hostname_lookup(bus, "www.dnssec-bogus.sg", AF_INET, BUS_ERROR_DNSSEC_FAILED);
152
412577e3 153 /* NXDOMAIN in NSEC domain */
12634bb4
LP		 154 test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
155 test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
412577e3
LP		 156
157 /* wildcard, NSEC zone */
12634bb4
LP		 158 test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
159 test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
412577e3
LP		 160
161 /* wildcard, NSEC zone, NODATA */
12634bb4 162 test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 163
164 /* wildcard, NSEC3 zone */
12634bb4
LP		 165 test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
166 test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
412577e3
LP		 167
168 /* wildcard, NSEC3 zone, NODATA */
12634bb4 169 test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 170
171 /* wildcard, NSEC zone, CNAME */
12634bb4
LP		 172 test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
173 test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
174 test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
412577e3
LP		 175
176 /* wildcard, NSEC zone, NODATA, CNAME */
12634bb4 177 test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 178
179 /* wildcard, NSEC3 zone, CNAME */
12634bb4
LP		 180 test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
181 test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
182 test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
412577e3
LP		 183
184 /* wildcard, NSEC3 zone, NODATA, CNAME */
12634bb4 185 test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 186
187 /* NODATA due to empty non-terminal in NSEC domain */
12634bb4
LP		 188 test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
189 test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
190 test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
191 test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
412577e3
LP		 192
193 /* NXDOMAIN in NSEC root zone: */
12634bb4
LP		 194 test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
195 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
196 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
197 test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
412577e3
LP		 198
199 /* NXDOMAIN in NSEC3 .com zone: */
12634bb4
LP		 200 test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
201 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
202 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
203 test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
204
205 /* Unsigned A */
206 test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
207 test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
208 test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
209 test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
210 test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
211
349cc4a5 212#if HAVE_LIBIDN2 || HAVE_LIBIDN
12634bb4
LP		 213 /* Unsigned A with IDNA conversion necessary */
214 test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
215 test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
216 test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
217#endif
412577e3 218
8f4560c7
LP		 219 /* DNAME, pointing to NXDOMAIN */
220 test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
221 test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
222 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
223 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
224 test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
225
412577e3
LP		 226 return 0;
227}
Unnamed repository; edit this file 'description' to name the repository.