diff --git a/src/test/check_getdns_context_set_dns_transport.h b/src/test/check_getdns_context_set_dns_transport.h index 93362071..f76ee74b 100644 --- a/src/test/check_getdns_context_set_dns_transport.h +++ b/src/test/check_getdns_context_set_dns_transport.h @@ -288,7 +288,9 @@ * suspect them to be a bit more reliable. */ struct getdns_list *root_servers = getdns_list_create(); + struct getdns_list *root_servers2 = getdns_list_create(); struct getdns_bindata nlnetlabs_root = { 4, (void *)"\xB9\x31\x8D\x25" }; + struct getdns_bindata *answer = NULL; uint32_t status; uint32_t type; @@ -304,10 +306,17 @@ /* Re-do over TCP */ ASSERT_RC(getdns_dict_set_int(extensions,"return_call_reporting", GETDNS_EXTENSION_TRUE), GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()"); - ASSERT_RC(getdns_list_set_bindata(root_servers,0,&nlnetlabs_root), + ASSERT_RC(getdns_list_set_bindata(root_servers, 0, &nlnetlabs_root), GETDNS_RETURN_GOOD, "Return code from getdns_list_set_bindata()"); + ASSERT_RC(getdns_context_set_dns_root_servers(context, root_servers), GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_root_servers()"); + ASSERT_RC(getdns_context_get_dns_root_servers(context, &root_servers2), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_root_servers()"); + ASSERT_RC(getdns_list_get_bindata(root_servers2, 0, &answer), + GETDNS_RETURN_GOOD, "Return code from getdns_list_get_bindata()"); + ck_assert_msg(strncmp((char *)answer->data, (char *)nlnetlabs_root.data, 4) == 0, + "Expected answer data to be 185.49.141.37"); ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY), GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()"); ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512), @@ -375,6 +384,60 @@ } END_TEST + START_TEST (getdns_context_set_dns_transport_recursing_9) + { + /* + * Check TLS + */ + struct getdns_context *context = NULL; + getdns_resolution_t resolution_type; + getdns_transport_list_t transport_list[1]; + getdns_transport_list_t *transport_list2; + size_t count; + getdns_tls_authentication_t auth; + uint16_t backoff; + uint16_t retries; + + transport_list[0] = GETDNS_TRANSPORT_TLS; + + CONTEXT_CREATE(TRUE); + + ASSERT_RC(getdns_context_set_resolution_type(context, GETDNS_RESOLUTION_STUB), + GETDNS_RETURN_GOOD, "Return code from getdns_context_set_resolution_type()"); + ASSERT_RC(getdns_context_get_resolution_type(context, &resolution_type), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_resolution_type()"); + ck_assert_msg(resolution_type == GETDNS_RESOLUTION_STUB, "resolution_type should be stub (520), got %d", (int)resolution_type); + + ASSERT_RC(getdns_context_set_dns_transport_list(context, 1, transport_list), + GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport_list()"); + ASSERT_RC(getdns_context_get_dns_transport_list(context, &count, &transport_list2), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport_list()"); + ck_assert_msg(transport_list2[0] == GETDNS_TRANSPORT_TLS, "transport_list should be 1202 but got %d", (int) transport_list2[0]); + + ASSERT_RC(getdns_context_set_tls_authentication(context, GETDNS_AUTHENTICATION_REQUIRED), + GETDNS_RETURN_GOOD, "Return cond from getdns_context_set_tls_authentication()"); + ASSERT_RC(getdns_context_get_tls_authentication(context, &auth), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_authentication()"); + ck_assert_msg(auth == 1301, "tls_authentication should be 1301, but got %d", (int) auth); + + ASSERT_RC(getdns_context_set_tls_backoff_time(context, 1000), + GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_backoff_time()"); + ASSERT_RC(getdns_context_get_tls_backoff_time(context, &backoff), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_backoff_time()"); + ck_assert_msg(backoff == 1000, "backoff should be 1000, but got %d", (int) backoff); + + ASSERT_RC(getdns_context_set_tls_connection_retries(context, 5), + GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_connection_retries()"); + ASSERT_RC(getdns_context_get_tls_connection_retries(context, &retries), + GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_connection_retries()"); + ck_assert_msg(retries == 5, "retries should be 5 but got %d", (int) retries); + + /*TODO: should extend the test */ + CONTEXT_DESTROY; + + } + END_TEST + @@ -399,7 +462,8 @@ tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_6); tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_7); tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_8); - /* TODO: TLS... */ + /* TLS */ + tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_9); suite_add_tcase(s, tc_pos); diff --git a/src/test/tpkg/290-transports.tpkg/290-transports.dsc b/src/test/tpkg/290-transports.tpkg/290-transports.dsc new file mode 100644 index 00000000..8508f07a --- /dev/null +++ b/src/test/tpkg/290-transports.tpkg/290-transports.dsc @@ -0,0 +1,16 @@ +BaseName: 290-transports +Version: 1.0 +Description: Run the test_transports +CreationDate: di 9 mei 2017 14:16:58 CEST +Maintainer: Hoda Rohani +Category: +Component: +CmdDepends: +Depends: 110-link.tpkg +Help: +Pre: +Post: +Test: 290-transports.test +AuxFiles: +Passed: +Failure: diff --git a/src/test/tpkg/290-transports.tpkg/290-transports.test b/src/test/tpkg/290-transports.tpkg/290-transports.test new file mode 100644 index 00000000..31b1c6ee --- /dev/null +++ b/src/test/tpkg/290-transports.tpkg/290-transports.test @@ -0,0 +1,200 @@ +# #-- 290-transports.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +SERVER_IP="8.8.8.8" +SERVER_IPv6="2001:4860:4860::8888" + +SERVER_IP_TSIG="185.49.141.37^" +SERVER_IPv6_TSIG="2a04:b900:0:100::37^" +TSIG_ALG="hmac-md5.sig-alg.reg.int" +TSIG_NAME="hmac-md5.tsigs.getdnsapi.net" +TSIG_SECRET="16G69OTeXW6xSQ==" + +TLS_SERVER_IP="185.49.141.38~getdnsapi.net" +TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net" +TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=" +TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S=" + +TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net" #Self signed cert +TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=" + +GOOD_RESULT_SYNC="Status was: At least one response was returned" +GOOD_RESULT_ASYNC="successful" +BAD_RESULT_SYNC="1 'Generic error'" +BAD_RESULT_ASYNC="callback_type of 703" +BAD_RESULT_TRANSPORT="None of the configured upstreams could be used to send queries on the specified transports" +BAD_RESULT_NO_NAME="GETDNS_RESPSTATUS_NO_NAME" +NUM_ARGS=3 +GOOD_COUNT=0 +FAIL_COUNT=0 + + +check_auth () { + local my_auth_ok=0; + auth_result=`echo $1 | sed 's/.*tls_auth_status\": .*//'` + if [[ $2 == "-" ]] ; then + my_auth_ok=1; + fi + if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then + my_auth_ok=1; + fi + if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then + my_auth_ok=1; + fi + if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then + my_auth_ok=1; + fi + echo $my_auth_ok; +} + +check_trans () { + local my_trans_ok=0; + trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'` + if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then + my_trans_ok=1; + fi + if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then + my_trans_ok=1; + fi + if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then + my_trans_ok=1; + fi + echo $my_trans_ok; +} + +check_good () { + auth_ok=0; + result_ok=0; + trans_ok=0; + result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//` + async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"` + if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then + result_ok=1; + fi + if [[ $result_ok == 1 ]] ; then + trans_ok=$(check_trans "$1" "$2") + auth_ok=$(check_auth "$1" "$3") + fi + if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then + (( GOOD_COUNT++ )) + echo -n "PASS: " + else + (( FAIL_COUNT++ )) + echo "FAIL (RESULT): Result: $result Auth: $auth_ok Trans: $trans_ok" + echo -n "FAIL: " + fi +} + +check_bad () { + result=`echo $1 | grep "An error occurred:" | tail -1 | sed 's/ All done.'//` + error=` echo $result | sed 's/An error occurred: //'` + + if [[ -z $result ]]; then + result=`echo $1 | grep "GETDNS_RESPSTATUS_NO_NAME" ` + error=` echo $result | sed 's/"status": //'` + fi + + if [[ ! -z $result ]]; then + if [[ $error =~ $BAD_RESULT_SYNC ]] || [[ $error =~ $BAD_RESULT_ASYNC ]] || [[ $error =~ $BAD_RESULT_TRANSPORT ]] || [[ $error =~ $BAD_RESULT_NO_NAME ]]; then + (( GOOD_COUNT++ )) + echo -n "PASS:" + else + (( FAIL_COUNT++ )) + echo "FAIL (RESULT): " $error + echo -n "FAIL: " + fi + else + (( FAIL_COUNT++ )) + echo "FAIL (RESULT): " $1 + echo -n "FAIL: " + fi +} + +for (( ii = 0; ii < 2; ii++)); do + if [[ ii -eq 1 ]]; then + SERVER_IP=$SERVER_IPv6 + TLS_SERVER_IP=$TLS_SERVER_IPv6 + SERVER_IP_TSIG=$SERVER_IPv6_TSIG + echo "Using IPv6" + fi + TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}` + TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}` + TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}` + SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}` + SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}` + + NUM_GOOD_QUERIES=10 + GOOD_QUERIES=( + "-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-" + "-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-" + "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-" + "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-" + "-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP}" "L" "S" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S" + "-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-") + + NUM_GOOD_FB_QUERIES=6 + GOOD_FALLBACK_QUERIES=( + "-s -A getdnsapi.net -l LU @${SERVER_IP}" "U" "-" + "-s -A getdnsapi.net -l LT @${SERVER_IP}" "T" "-" + "-s -A getdnsapi.net -l LT @${TLS_SERVER_IP_NO_NAME}" "L" "N" + "-s -A getdnsapi.net -l LT -m @${TLS_SERVER_IP_NO_NAME}" "L" "N" + "-s -A getdnsapi.net -l L @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-" + "-s -G DNSKEY getdnsapi.net -l UT @${SERVER_IP} -b 512 -D" "T" "-") + + NOT_AVAILABLE_QUERIES=( + "-s -A getdnsapi.net -l L @${SERVER_IP}" + "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_NAME}" + "-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_SECRET}" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME}" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME}" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"" + "-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"") + + + echo "Starting transport test" + echo + for (( i = 0; i < 2; i+=1 )); do + if [[ i -eq 0 ]]; then + echo "**SYNC Mode**" + else + echo + echo "**ASYNC Mode**" + SYNC_MODE=" -a " + fi + echo "*Success cases:" + for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do + check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]} + echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}" + (( COUNT++ )) + done + + echo "*Success fallback cases:" + for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do + check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]} + echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}" + (( COUNT++ )) + done + + echo "*Transport not available cases:" + for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do + check_bad "`"${GETDNS_QUERY}" $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`" + echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}" + (( COUNT++ )) + done + done + echo +done + +echo +echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures" +echo