bind/lib/dns/tests/acl_test.c

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

#if HAVE_CMOCKA

#include <stdarg.h>
#include <stddef.h>
#include <setjmp.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

#define UNIT_TESTING
#include <cmocka.h>

#include <isc/print.h>
#include <isc/string.h>
#include <isc/util.h>

#include <dns/acl.h>

#include "dnstest.h"

static int
_setup(void **state) {
	isc_result_t result;

	UNUSED(state);

	result = dns_test_begin(NULL, false);
	assert_int_equal(result, ISC_R_SUCCESS);

	return (0);
}

static int
_teardown(void **state) {
	UNUSED(state);

	dns_test_end();

	return (0);
}

#define	BUFLEN		255
#define	BIGBUFLEN	(70 * 1024)
#define TEST_ORIGIN	"test"

/* test that dns_acl_isinsecure works */
static void
dns_acl_isinsecure_test(void **state) {
	isc_result_t result;
	dns_acl_t *any = NULL;
	dns_acl_t *none = NULL;
	dns_acl_t *notnone = NULL;
	dns_acl_t *notany = NULL;
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
	dns_acl_t *geoip = NULL;
	dns_acl_t *notgeoip = NULL;
	dns_aclelement_t *de;
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */

	UNUSED(state);

	result = dns_acl_any(dt_mctx, &any);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_none(dt_mctx, &none);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_create(dt_mctx, 1, &notnone);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_create(dt_mctx, 1, &notany);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_merge(notnone, none, false);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_merge(notany, any, false);
	assert_int_equal(result, ISC_R_SUCCESS);

#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
	result = dns_acl_create(dt_mctx, 1, &geoip);
	assert_int_equal(result, ISC_R_SUCCESS);

	de = geoip->elements;
	assert_non_null(de);
	strlcpy(de->geoip_elem.as_string, "AU",
		sizeof(de->geoip_elem.as_string));
	de->geoip_elem.subtype = dns_geoip_country_code;
	de->type = dns_aclelementtype_geoip;
	de->negative = false;
	assert_true(geoip->length < geoip->alloc);
	geoip->node_count++;
	de->node_num = geoip->node_count;
	geoip->length++;

	result = dns_acl_create(dt_mctx, 1, &notgeoip);
	assert_int_equal(result, ISC_R_SUCCESS);

	result = dns_acl_merge(notgeoip, geoip, false);
	assert_int_equal(result, ISC_R_SUCCESS);
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */

	assert_true(dns_acl_isinsecure(any));		/* any; */
	assert_false(dns_acl_isinsecure(none));		/* none; */
	assert_false(dns_acl_isinsecure(notany));	/* !any; */
	assert_false(dns_acl_isinsecure(notnone));	/* !none; */

#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
	assert_true(dns_acl_isinsecure(geoip));		/* geoip; */
	assert_false(dns_acl_isinsecure(notgeoip));	/* !geoip; */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */

	dns_acl_detach(&any);
	dns_acl_detach(&none);
	dns_acl_detach(&notany);
	dns_acl_detach(&notnone);
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
	dns_acl_detach(&geoip);
	dns_acl_detach(&notgeoip);
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
}

int
main(void) {
	const struct CMUnitTest tests[] = {
		cmocka_unit_test_setup_teardown(dns_acl_isinsecure_test,
						_setup, _teardown),
	};

	return (cmocka_run_group_tests(tests, NULL, NULL));
}

#else /* HAVE_CMOCKA */

#include <stdio.h>

int
main(void) {
	printf("1..0 # Skipped: cmocka not available\n");
	return (0);
}

#endif
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`/*`
Update license headers to not include years in copyright in all applicable files 2018-02-23 09:53:12 +01:00			`* Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`*`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/.`
Update license headers to not include years in copyright in all applicable files 2018-02-23 09:53:12 +01:00			`*`
			`* See the COPYRIGHT file distributed with this work for additional`
			`* information regarding copyright ownership.`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`*/`

convert acl_test 2018-10-24 10:19:45 -07:00			`#if HAVE_CMOCKA`

			`#include <stdarg.h>`
			`#include <stddef.h>`
			`#include <setjmp.h>`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
convert acl_test 2018-10-24 10:19:45 -07:00			`#include <stdlib.h>`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`#include <stdio.h>`
convert acl_test 2018-10-24 10:19:45 -07:00			`#include <string.h>`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`#include <unistd.h>`

convert acl_test 2018-10-24 10:19:45 -07:00			`#define UNIT_TESTING`
			`#include <cmocka.h>`

4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`#include <isc/print.h>`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00			`#include <isc/string.h>`
convert acl_test 2018-10-24 10:19:45 -07:00			`#include <isc/util.h>`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
			`#include <dns/acl.h>`
convert acl_test 2018-10-24 10:19:45 -07:00
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`#include "dnstest.h"`

convert acl_test 2018-10-24 10:19:45 -07:00			`static int`
			`_setup(void **state) {`
			`isc_result_t result;`

			`UNUSED(state);`

			`result = dns_test_begin(NULL, false);`
			`assert_int_equal(result, ISC_R_SUCCESS);`

			`return (0);`
			`}`

			`static int`
			`_teardown(void **state) {`
			`UNUSED(state);`

			`dns_test_end();`

			`return (0);`
			`}`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
			`#define BUFLEN 255`
			`#define BIGBUFLEN (70 * 1024)`
			`#define TEST_ORIGIN "test"`

convert acl_test 2018-10-24 10:19:45 -07:00			`/* test that dns_acl_isinsecure works */`
			`static void`
			`dns_acl_isinsecure_test(void **state) {`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`isc_result_t result;`
			`dns_acl_t *any = NULL;`
			`dns_acl_t *none = NULL;`
			`dns_acl_t *notnone = NULL;`
			`dns_acl_t *notany = NULL;`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#if defined(HAVE_GEOIP) \|\| defined(HAVE_GEOIP2)`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00			`dns_acl_t *geoip = NULL;`
			`dns_acl_t *notgeoip = NULL;`
			`dns_aclelement_t *de;`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#endif /* HAVE_GEOIP \|\| HAVE_GEOIP2 */`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
convert acl_test 2018-10-24 10:19:45 -07:00			`UNUSED(state);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_any(dt_mctx, &any);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_none(dt_mctx, &none);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_create(dt_mctx, 1, &notnone);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_create(dt_mctx, 1, &notany);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Replace custom isc_boolean_t with C standard bool type 2018-04-17 08:29:14 -07:00			`result = dns_acl_merge(notnone, none, false);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
Replace custom isc_boolean_t with C standard bool type 2018-04-17 08:29:14 -07:00			`result = dns_acl_merge(notany, any, false);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#if defined(HAVE_GEOIP) \|\| defined(HAVE_GEOIP2)`
Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_create(dt_mctx, 1, &geoip);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00
			`de = geoip->elements;`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_non_null(de);`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00			`strlcpy(de->geoip_elem.as_string, "AU",`
			`sizeof(de->geoip_elem.as_string));`
			`de->geoip_elem.subtype = dns_geoip_country_code;`
			`de->type = dns_aclelementtype_geoip;`
Replace custom isc_boolean_t with C standard bool type 2018-04-17 08:29:14 -07:00			`de->negative = false;`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_true(geoip->length < geoip->alloc);`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00			`geoip->node_count++;`
			`de->node_num = geoip->node_count;`
			`geoip->length++;`

Rename mctx in dnstest.c to dt_mctx to prevent any global/local name clashes The common construct seen in the BIND 9 source is func(isc_mem_t *mctx, ...). Unfortunately, the dnstest.{h,c} has been using mctx as a global symbol, which in turn generated a lot of errors when update.c got included in update_test.c. As a rule of thumb, we should avoid naming global symbols with generic names (like mctx) and we should prefix them with "namespace" (like dt_mctx). 2019-06-18 15:01:43 +02:00			`result = dns_acl_create(dt_mctx, 1, &notgeoip);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00
Replace custom isc_boolean_t with C standard bool type 2018-04-17 08:29:14 -07:00			`result = dns_acl_merge(notgeoip, geoip, false);`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_int_equal(result, ISC_R_SUCCESS);`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#endif /* HAVE_GEOIP \|\| HAVE_GEOIP2 */`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_true(dns_acl_isinsecure(any)); /* any; */`
			`assert_false(dns_acl_isinsecure(none)); /* none; */`
			`assert_false(dns_acl_isinsecure(notany)); /* !any; */`
			`assert_false(dns_acl_isinsecure(notnone)); /* !none; */`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#if defined(HAVE_GEOIP) \|\| defined(HAVE_GEOIP2)`
convert acl_test 2018-10-24 10:19:45 -07:00			`assert_true(dns_acl_isinsecure(geoip)); /* geoip; */`
			`assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#endif /* HAVE_GEOIP \|\| HAVE_GEOIP2 */`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`dns_acl_detach(&any);`
			`dns_acl_detach(&none);`
			`dns_acl_detach(&notany);`
			`dns_acl_detach(&notnone);`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#if defined(HAVE_GEOIP) \|\| defined(HAVE_GEOIP2)`
test dns_acl_isinsecure with geoip element 2018-07-12 14:47:09 +10:00			`dns_acl_detach(&geoip);`
			`dns_acl_detach(&notgeoip);`
add HAVE_GEOIP2 #ifdef branches, without implementing yet 2019-06-11 18:36:52 -07:00			`#endif /* HAVE_GEOIP \|\| HAVE_GEOIP2 */`
convert acl_test 2018-10-24 10:19:45 -07:00			`}`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00
convert acl_test 2018-10-24 10:19:45 -07:00			`int`
			`main(void) {`
			`const struct CMUnitTest tests[] = {`
			`cmocka_unit_test_setup_teardown(dns_acl_isinsecure_test,`
			`_setup, _teardown),`
			`};`

			`return (cmocka_run_group_tests(tests, NULL, NULL));`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`}`

convert acl_test 2018-10-24 10:19:45 -07:00			`#else /* HAVE_CMOCKA */`

			`#include <stdio.h>`

			`int`
			`main(void) {`
			`printf("1..0 # Skipped: cmocka not available\n");`
			`return (0);`
4507. [bug] Name could incorrectly log 'allows updates by IP address, which is insecure' [RT #43432] 2016-11-02 17:53:19 +11:00			`}`
convert acl_test 2018-10-24 10:19:45 -07:00
			`#endif`