mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-15 01:21:06 +00:00
201 lines
6.5 KiB
C
201 lines
6.5 KiB
C
/* Test the behavior of the trust-ad option.
|
|
Copyright (C) 2019-2024 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<https://www.gnu.org/licenses/>. */
|
|
|
|
#include <resolv.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <support/check.h>
|
|
#include <support/check_nss.h>
|
|
#include <support/resolv_test.h>
|
|
#include <support/support.h>
|
|
|
|
/* This controls properties of the response. volatile because
|
|
__res_send is incorrectly declared as __THROW. */
|
|
static volatile unsigned char response_number;
|
|
static volatile bool response_ad_bit;
|
|
static volatile bool query_ad_bit;
|
|
|
|
static void
|
|
response (const struct resolv_response_context *ctx,
|
|
struct resolv_response_builder *b,
|
|
const char *qname, uint16_t qclass, uint16_t qtype)
|
|
{
|
|
TEST_COMPARE (qclass, C_IN);
|
|
TEST_COMPARE (qtype, T_A);
|
|
TEST_COMPARE_STRING (qname, "www.example");
|
|
|
|
HEADER header;
|
|
memcpy (&header, ctx->query_buffer, sizeof (header));
|
|
TEST_COMPARE (header.ad, query_ad_bit);
|
|
|
|
struct resolv_response_flags flags = { .ad = response_ad_bit, };
|
|
resolv_response_init (b, flags);
|
|
resolv_response_add_question (b, qname, qclass, qtype);
|
|
resolv_response_section (b, ns_s_an);
|
|
resolv_response_open_record (b, qname, qclass, T_A, 0x12345678);
|
|
char addr[4] = { 192, 0, 2, response_number };
|
|
resolv_response_add_data (b, addr, sizeof (addr));
|
|
resolv_response_close_record (b);
|
|
}
|
|
|
|
static void
|
|
check_answer (const unsigned char *buffer, size_t buffer_length,
|
|
bool expected_ad)
|
|
{
|
|
HEADER header;
|
|
TEST_VERIFY (buffer_length > sizeof (header));
|
|
memcpy (&header, buffer, sizeof (header));
|
|
TEST_COMPARE (0, header.aa);
|
|
TEST_COMPARE (expected_ad, header.ad);
|
|
TEST_COMPARE (0, header.opcode);
|
|
TEST_COMPARE (1, header.qr);
|
|
TEST_COMPARE (0, header.rcode);
|
|
TEST_COMPARE (1, header.rd);
|
|
TEST_COMPARE (0, header.tc);
|
|
TEST_COMPARE (1, ntohs (header.qdcount));
|
|
TEST_COMPARE (1, ntohs (header.ancount));
|
|
TEST_COMPARE (0, ntohs (header.nscount));
|
|
TEST_COMPARE (0, ntohs (header.arcount));
|
|
|
|
char *description = xasprintf ("response=%d ad=%d",
|
|
response_number, expected_ad);
|
|
char *expected = xasprintf ("name: www.example\n"
|
|
"address: 192.0.2.%d\n", response_number);
|
|
check_dns_packet (description, buffer, buffer_length, expected);
|
|
free (expected);
|
|
free (description);
|
|
}
|
|
|
|
static int
|
|
do_test (void)
|
|
{
|
|
struct resolv_test *aux = resolv_test_start
|
|
((struct resolv_redirect_config)
|
|
{
|
|
.response_callback = response,
|
|
});
|
|
|
|
/* By default, the resolver is not trusted, and the AD bit is
|
|
cleared. */
|
|
|
|
static const unsigned char hand_crafted_query[] =
|
|
{
|
|
10, 11, /* Transaction ID. */
|
|
1, 0x20, /* Query with RD, AD flags. */
|
|
0, 1, /* One question. */
|
|
0, 0, 0, 0, 0, 0, /* The other sections are empty. */
|
|
3, 'w', 'w', 'w', 7, 'e', 'x', 'a', 'm', 'p', 'l', 'e', 0,
|
|
0, T_A, /* A query. */
|
|
0, 1, /* Class IN. */
|
|
};
|
|
|
|
++response_number;
|
|
response_ad_bit = false;
|
|
|
|
unsigned char buffer[512];
|
|
memset (buffer, 255, sizeof (buffer));
|
|
query_ad_bit = true;
|
|
int ret = res_send (hand_crafted_query, sizeof (hand_crafted_query),
|
|
buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
|
|
++response_number;
|
|
memset (buffer, 255, sizeof (buffer));
|
|
query_ad_bit = false;
|
|
ret = res_query ("www.example", C_IN, T_A, buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
response_ad_bit = true;
|
|
|
|
response_ad_bit = true;
|
|
|
|
++response_number;
|
|
query_ad_bit = true;
|
|
ret = res_send (hand_crafted_query, sizeof (hand_crafted_query),
|
|
buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
|
|
++response_number;
|
|
memset (buffer, 255, sizeof (buffer));
|
|
query_ad_bit = false;
|
|
ret = res_query ("www.example", C_IN, T_A, buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
|
|
/* No AD bit set in generated queries. */
|
|
memset (buffer, 255, sizeof (buffer));
|
|
ret = res_mkquery (QUERY, "www.example", C_IN, T_A,
|
|
(const unsigned char *) "", 0, NULL,
|
|
buffer, sizeof (buffer));
|
|
HEADER header;
|
|
memcpy (&header, buffer, sizeof (header));
|
|
TEST_VERIFY (!header.ad);
|
|
|
|
/* With RES_TRUSTAD, the AD bit is passed through if it set in the
|
|
response. It is also included in queries. */
|
|
|
|
_res.options |= RES_TRUSTAD;
|
|
query_ad_bit = true;
|
|
|
|
response_ad_bit = false;
|
|
|
|
++response_number;
|
|
memset (buffer, 255, sizeof (buffer));
|
|
ret = res_send (hand_crafted_query, sizeof (hand_crafted_query),
|
|
buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
|
|
++response_number;
|
|
memset (buffer, 255, sizeof (buffer));
|
|
ret = res_query ("www.example", C_IN, T_A, buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, false);
|
|
|
|
response_ad_bit = true;
|
|
|
|
++response_number;
|
|
memset (buffer, 0, sizeof (buffer));
|
|
ret = res_send (hand_crafted_query, sizeof (hand_crafted_query),
|
|
buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, true);
|
|
|
|
++response_number;
|
|
memset (buffer, 0, sizeof (buffer));
|
|
ret = res_query ("www.example", C_IN, T_A, buffer, sizeof (buffer));
|
|
TEST_VERIFY (ret > 0);
|
|
check_answer (buffer, ret, true);
|
|
|
|
/* AD bit set in generated queries. */
|
|
memset (buffer, 0, sizeof (buffer));
|
|
ret = res_mkquery (QUERY, "www.example", C_IN, T_A,
|
|
(const unsigned char *) "", 0, NULL,
|
|
buffer, sizeof (buffer));
|
|
memcpy (&header, buffer, sizeof (header));
|
|
TEST_VERIFY (header.ad);
|
|
|
|
resolv_test_end (aux);
|
|
|
|
return 0;
|
|
}
|
|
|
|
#include <support/test-driver.c>
|