about summary refs log tree commit diff
path: root/resolv/tst-resolv-rotate.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-06-30 10:43:33 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-06-30 10:43:33 +0200
commit5b757a51b514ea163bbec0a53dbbc06bb1b29241 (patch)
treefb8d43f46725547a6cb977b5f76fee1483c423bd /resolv/tst-resolv-rotate.c
parent867c5c33e2735567c95bf3a8b0a520bedd34430a (diff)
downloadglibc-5b757a51b514ea163bbec0a53dbbc06bb1b29241.tar.gz
glibc-5b757a51b514ea163bbec0a53dbbc06bb1b29241.tar.xz
glibc-5b757a51b514ea163bbec0a53dbbc06bb1b29241.zip
resolv: Make RES_ROTATE start with a random name server [BZ #19570]
Do not copy the actual name server addresses to rotate them.  Use a
global rotation offset instead.
Diffstat (limited to 'resolv/tst-resolv-rotate.c')
-rw-r--r--resolv/tst-resolv-rotate.c263
1 files changed, 263 insertions, 0 deletions
diff --git a/resolv/tst-resolv-rotate.c b/resolv/tst-resolv-rotate.c
new file mode 100644
index 0000000000..d01b85b2fe
--- /dev/null
+++ b/resolv/tst-resolv-rotate.c
@@ -0,0 +1,263 @@
+/* Check that RES_ROTATE works with few nameserver entries (bug 13028).
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <netdb.h>
+#include <resolv.h>
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/check_nss.h>
+#include <support/resolv_test.h>
+#include <support/test-driver.h>
+
+static volatile int drop_server = -1;
+static volatile unsigned int query_counts[resolv_max_test_servers];
+
+static const char address_ipv4[4] = {192, 0, 2, 1};
+static const char address_ipv6[16]
+  = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
+
+static void
+response (const struct resolv_response_context *ctx,
+          struct resolv_response_builder *b,
+          const char *qname, uint16_t qclass, uint16_t qtype)
+{
+  if (ctx->server_index == drop_server)
+    {
+      resolv_response_drop (b);
+      resolv_response_close (b);
+      return;
+    }
+
+  bool force_tcp = strncmp (qname, "2.", 2) == 0;
+  struct resolv_response_flags flags = {.tc = force_tcp && !ctx->tcp};
+  resolv_response_init (b, flags);
+  resolv_response_add_question (b, qname, qclass, qtype);
+  if (flags.tc)
+    return;
+
+  TEST_VERIFY_EXIT (ctx->server_index < resolv_max_test_servers);
+  ++query_counts[ctx->server_index];
+
+  resolv_response_section (b, ns_s_an);
+  resolv_response_open_record (b, qname, qclass, qtype, 0);
+  switch (qtype)
+    {
+    case T_A:
+      {
+        char addr[sizeof (address_ipv4)];
+        memcpy (addr, address_ipv4, sizeof (address_ipv4));
+        addr[3] = 1 + ctx->tcp;
+        resolv_response_add_data (b, addr, sizeof (addr));
+      }
+      break;
+    case T_AAAA:
+      {
+        char addr[sizeof (address_ipv6)];
+        memcpy (addr, address_ipv6, sizeof (address_ipv6));
+        addr[15] = 1 + ctx->tcp;
+        resolv_response_add_data (b, addr, sizeof (addr));
+      }
+      break;
+    case T_PTR:
+      if (force_tcp)
+        resolv_response_add_name (b, "2.host.example");
+      else
+        resolv_response_add_name (b, "host.example");
+      break;
+    default:
+      FAIL_EXIT1 ("unexpected QTYPE: %s/%u/%u", qname, qclass, qtype);
+    }
+  resolv_response_close_record (b);
+}
+
+static void
+check_forward_1 (const char *name, int family)
+{
+  unsigned char lsb;
+  if (strncmp (name, "2.", 2) == 0)
+    lsb = 2;
+  else
+    lsb = 1;
+
+  char expected_hostent_v4[200];
+  snprintf (expected_hostent_v4, sizeof (expected_hostent_v4),
+            "name: %s\naddress: 192.0.2.%d\n", name, lsb);
+  char expected_hostent_v6[200];
+  snprintf (expected_hostent_v6, sizeof (expected_hostent_v6),
+            "name: %s\naddress: 2001:db8::%d\n", name, lsb);
+  char expected_ai[200];
+
+  unsigned char address[16];
+  size_t address_length;
+
+  char *expected_hostent;
+  switch (family)
+    {
+    case AF_INET:
+      expected_hostent = expected_hostent_v4;
+      snprintf (expected_ai, sizeof (expected_ai),
+                "address: STREAM/TCP 192.0.2.%d 80\n", lsb);
+      TEST_VERIFY_EXIT (sizeof (address_ipv4) == sizeof (struct in_addr));
+      memcpy (address, address_ipv4, sizeof (address_ipv4));
+      address_length = sizeof (address_ipv4);
+      break;
+    case AF_INET6:
+      expected_hostent = expected_hostent_v6;
+      snprintf (expected_ai, sizeof (expected_ai),
+                "address: STREAM/TCP 2001:db8::%d 80\n", lsb);
+      TEST_VERIFY_EXIT (sizeof (address_ipv6) == sizeof (struct in6_addr));
+      memcpy (address, address_ipv6, sizeof (address_ipv6));
+      address_length = sizeof (address_ipv6);
+      break;
+    case AF_UNSPEC:
+      expected_hostent = NULL;
+      snprintf (expected_ai, sizeof (expected_ai),
+                "address: STREAM/TCP 192.0.2.%d 80\n"
+                "address: STREAM/TCP 2001:db8::%d 80\n",
+                lsb, lsb);
+      address_length = 0;
+      break;
+    default:
+      FAIL_EXIT1 ("unknown address family %d", family);
+    }
+
+
+  if (family == AF_INET)
+    {
+      struct hostent *e = gethostbyname (name);
+      check_hostent (name, e, expected_hostent_v4);
+    }
+
+  if (family != AF_UNSPEC)
+    {
+      struct hostent *e = gethostbyname2 (name, family);
+      check_hostent (name, e, expected_hostent);
+    }
+
+  if (address_length > 0)
+    {
+      address[address_length - 1] = lsb;
+      struct hostent *e = gethostbyaddr (address, address_length, family);
+      check_hostent (name, e, expected_hostent);
+    }
+
+  struct addrinfo hints =
+    {
+      .ai_family = family,
+      .ai_socktype = SOCK_STREAM,
+      .ai_protocol = IPPROTO_TCP,
+    };
+  struct addrinfo *ai;
+  int ret = getaddrinfo (name, "80", &hints, &ai);
+  check_addrinfo (name, ai, ret, expected_ai);
+  if (ret == 0)
+    {
+      for (struct addrinfo *p = ai; p != NULL; p = p->ai_next)
+        {
+          char host[200];
+          ret = getnameinfo (p->ai_addr, p->ai_addrlen,
+                             host, sizeof (host),
+                             NULL, 0, /* service */
+                             0);
+          if (ret != 0)
+            {
+              support_record_failure ();
+              printf ("error: getnameinfo: %d\n", ret);
+            }
+          else
+            {
+              if (lsb == 1)
+                TEST_VERIFY (strcmp (host, "host.example") == 0);
+              else
+                TEST_VERIFY (strcmp (host, "2.host.example") == 0);
+            }
+        }
+      freeaddrinfo (ai);
+    }
+}
+
+static void
+check_forward (int family)
+{
+  check_forward_1 ("host.example", family);
+  check_forward_1 ("2.host.example", family);
+}
+
+static int
+do_test (void)
+{
+  for (int force_tcp = 0; force_tcp < 2; ++force_tcp)
+    for (int nscount = 1; nscount <= 3; ++nscount)
+      for (int disable_server = -1; disable_server < nscount; ++disable_server)
+        for (drop_server = -1; drop_server < nscount; ++drop_server)
+          {
+            /* A disabled server will never receive queries and
+               therefore cannot drop them.  */
+            if (drop_server >= 0 && drop_server == disable_server)
+              continue;
+            /* No servers remaining to query, all queries are expected
+               to fail.  */
+            int broken_servers = (disable_server >= 0) + (drop_server >= 0);
+            if (nscount <= broken_servers)
+              continue;
+
+            if (test_verbose > 0)
+              printf ("info: tcp=%d nscount=%d disable=%d drop=%d\n",
+                      force_tcp, nscount, disable_server, drop_server);
+            struct resolv_redirect_config config =
+              {
+                .response_callback = response,
+                .nscount = nscount
+              };
+            if (disable_server >= 0)
+              {
+                config.servers[disable_server].disable_udp = true;
+                config.servers[disable_server].disable_tcp = true;
+              }
+
+            struct resolv_test *aux = resolv_test_start (config);
+            _res.options |= RES_ROTATE;
+
+            /* Run a few queries to make sure that all of them
+               succeed.  We always perform more than nscount queries,
+               so we cover all active servers due to RES_ROTATE.  */
+            for (size_t i = 0; i < resolv_max_test_servers; ++i)
+              query_counts[i] = 0;
+            check_forward (AF_INET);
+            check_forward (AF_INET6);
+            check_forward (AF_UNSPEC);
+
+            for (int i = 0; i < nscount; ++i)
+              {
+                if (i != disable_server && i != drop_server
+                    && query_counts[i] == 0)
+                  {
+                    support_record_failure ();
+                    printf ("error: nscount=%d, but no query to server %d\n",
+                            nscount, i);
+                  }
+              }
+
+            resolv_test_end (aux);
+          }
+  return 0;
+}
+
+#define TIMEOUT 300
+#include <support/test-driver.c>