1/*	$NetBSD: ntp_restrict.c,v 1.3 2020/05/25 20:47:36 christos Exp $	*/
2
3#include "config.h"
4
5#include "ntpd.h"
6#include "ntp_lists.h"
7
8#include "unity.h"
9
10extern void setUp(void);
11extern void tearDown(void);
12
13/* Helper functions */
14
15static sockaddr_u
16create_sockaddr_u(short sin_family, unsigned short sin_port, char* ip_addr)
17{
18	sockaddr_u sockaddr;
19
20	sockaddr.sa4.sin_family = AF_INET;
21	sockaddr.sa4.sin_port = htons(sin_port);
22	memset(sockaddr.sa4.sin_zero, 0, 8);
23	sockaddr.sa4.sin_addr.s_addr = inet_addr(ip_addr);
24
25	return sockaddr;
26}
27
28
29void setUp(void)
30{
31	init_restrict();
32}
33
34
35void tearDown(void)
36{
37	restrict_u *empty_restrict = malloc(sizeof(restrict_u));
38	memset(empty_restrict, 0, sizeof(restrict_u));
39
40	restrict_u *current;
41
42	do {
43		UNLINK_HEAD_SLIST(current, restrictlist4, link);
44		if (current != NULL)
45		{
46			*current = *empty_restrict;
47		}
48	} while (current != NULL);
49
50	do {
51		UNLINK_HEAD_SLIST(current, restrictlist6, link);
52		if (current != NULL)
53		{
54			*current = *empty_restrict;
55		}
56	} while (current != NULL);
57
58	free(empty_restrict);
59}
60
61
62/* Tests */
63
64
65extern void test_RestrictionsAreEmptyAfterInit(void);
66void test_RestrictionsAreEmptyAfterInit(void)
67{
68
69	restrict_u *rl4 = malloc(sizeof(restrict_u));
70	restrict_u *rl6 = malloc(sizeof(restrict_u));
71
72	memset(rl4, 0, sizeof(restrict_u));
73	memset(rl6, 0, sizeof(restrict_u));
74
75	TEST_ASSERT_EQUAL(rl4->count, restrictlist4->count);
76	TEST_ASSERT_EQUAL(rl4->rflags, restrictlist4->rflags);
77	TEST_ASSERT_EQUAL(rl4->mflags, restrictlist4->mflags);
78	TEST_ASSERT_EQUAL(rl4->expire, restrictlist4->expire);
79	TEST_ASSERT_EQUAL(rl4->u.v4.addr, restrictlist4->u.v4.addr);
80	TEST_ASSERT_EQUAL(rl4->u.v4.mask, restrictlist4->u.v4.mask);
81
82	TEST_ASSERT_EQUAL(rl6->count, restrictlist6->count);
83	TEST_ASSERT_EQUAL(rl6->rflags, restrictlist6->rflags);
84	TEST_ASSERT_EQUAL(rl6->mflags, restrictlist6->mflags);
85	TEST_ASSERT_EQUAL(rl6->expire, restrictlist6->expire);
86
87	free(rl4);
88	free(rl6);
89}
90
91
92extern void test_ReturnsCorrectDefaultRestrictions(void);
93void test_ReturnsCorrectDefaultRestrictions(void)
94{
95	sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
96		54321, "63.161.169.137");
97	r4addr	r4a;
98
99	restrictions(&sockaddr, &r4a);
100
101	TEST_ASSERT_EQUAL(0, r4a.rflags);
102}
103
104
105extern void test_HackingDefaultRestriction(void);
106void test_HackingDefaultRestriction(void)
107{
108	/*
109	*	We change the flag of the default restriction,
110	*	and check if restriction() returns that flag
111	*/
112
113	const u_short rflags = 42;
114	r4addr r4a;
115
116	sockaddr_u resaddr = create_sockaddr_u(AF_INET,
117		54321, "0.0.0.0");
118	sockaddr_u resmask = create_sockaddr_u(AF_INET,
119		54321, "0.0.0.0");
120
121	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
122
123	sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
124		54321, "111.123.251.124");
125
126	restrictions(&sockaddr, &r4a);
127	TEST_ASSERT_EQUAL(rflags, r4a.rflags);
128}
129
130
131extern void test_CantRemoveDefaultEntry(void);
132void test_CantRemoveDefaultEntry(void)
133{
134	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
135	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
136	r4addr r4a;
137
138	hack_restrict(RESTRICT_REMOVE, &resaddr, &resmask, -1, 0, 0, 0);
139
140	restrictions(&resaddr, &r4a);
141	TEST_ASSERT_EQUAL(0, r4a.rflags);
142}
143
144
145extern void test_AddingNewRestriction(void);
146void test_AddingNewRestriction(void)
147{
148	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
149	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "128.0.0.0");
150	r4addr r4a;
151
152	const u_short rflags = 42;
153
154	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
155
156	restrictions(&resaddr, &r4a);
157	TEST_ASSERT_EQUAL(rflags, r4a.rflags);
158}
159
160
161extern void test_TheMostFittingRestrictionIsMatched(void);
162void test_TheMostFittingRestrictionIsMatched(void)
163{
164	sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
165
166	sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
167	sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
168
169	sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
170	sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
171
172	/* it also matches, but we prefer the one above, as it's more specific */
173	sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
174	sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0");
175	r4addr r4a;
176
177	hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0);
178	hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
179	hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0);
180
181	restrictions(&resaddr_target, &r4a);
182	TEST_ASSERT_EQUAL(22, r4a.rflags);
183}
184
185
186extern void test_DeletedRestrictionIsNotMatched(void);
187void test_DeletedRestrictionIsNotMatched(void)
188{
189	sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
190
191	sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
192	sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
193
194	sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
195	sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
196
197	sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
198	sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0");
199	r4addr r4a;
200
201	hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0);
202	hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
203	hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0);
204
205	/* deleting the best match*/
206	hack_restrict(RESTRICT_REMOVE, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
207
208	restrictions(&resaddr_target, &r4a);
209	TEST_ASSERT_EQUAL(128, r4a.rflags);
210}
211
212
213extern void test_RestrictUnflagWorks(void);
214void test_RestrictUnflagWorks(void)
215{
216	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
217	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
218	r4addr r4a;
219
220	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, 11, 0);
221
222	hack_restrict(RESTRICT_UNFLAG, &resaddr, &resmask, -1, 0, 10, 0);
223
224	restrictions(&resaddr, &r4a);
225	TEST_ASSERT_EQUAL(1, r4a.rflags);
226}
227