1/* $NetBSD: ntp_restrict.c,v 1.3 2020/05/25 20:47:36 christos Exp $ */ 2 3#include "config.h" 4 5#include "ntpd.h" 6#include "ntp_lists.h" 7 8#include "unity.h" 9 10extern void setUp(void); 11extern void tearDown(void); 12 13/* Helper functions */ 14 15static sockaddr_u 16create_sockaddr_u(short sin_family, unsigned short sin_port, char* ip_addr) 17{ 18 sockaddr_u sockaddr; 19 20 sockaddr.sa4.sin_family = AF_INET; 21 sockaddr.sa4.sin_port = htons(sin_port); 22 memset(sockaddr.sa4.sin_zero, 0, 8); 23 sockaddr.sa4.sin_addr.s_addr = inet_addr(ip_addr); 24 25 return sockaddr; 26} 27 28 29void setUp(void) 30{ 31 init_restrict(); 32} 33 34 35void tearDown(void) 36{ 37 restrict_u *empty_restrict = malloc(sizeof(restrict_u)); 38 memset(empty_restrict, 0, sizeof(restrict_u)); 39 40 restrict_u *current; 41 42 do { 43 UNLINK_HEAD_SLIST(current, restrictlist4, link); 44 if (current != NULL) 45 { 46 *current = *empty_restrict; 47 } 48 } while (current != NULL); 49 50 do { 51 UNLINK_HEAD_SLIST(current, restrictlist6, link); 52 if (current != NULL) 53 { 54 *current = *empty_restrict; 55 } 56 } while (current != NULL); 57 58 free(empty_restrict); 59} 60 61 62/* Tests */ 63 64 65extern void test_RestrictionsAreEmptyAfterInit(void); 66void test_RestrictionsAreEmptyAfterInit(void) 67{ 68 69 restrict_u *rl4 = malloc(sizeof(restrict_u)); 70 restrict_u *rl6 = malloc(sizeof(restrict_u)); 71 72 memset(rl4, 0, sizeof(restrict_u)); 73 memset(rl6, 0, sizeof(restrict_u)); 74 75 TEST_ASSERT_EQUAL(rl4->count, restrictlist4->count); 76 TEST_ASSERT_EQUAL(rl4->rflags, restrictlist4->rflags); 77 TEST_ASSERT_EQUAL(rl4->mflags, restrictlist4->mflags); 78 TEST_ASSERT_EQUAL(rl4->expire, restrictlist4->expire); 79 TEST_ASSERT_EQUAL(rl4->u.v4.addr, restrictlist4->u.v4.addr); 80 TEST_ASSERT_EQUAL(rl4->u.v4.mask, restrictlist4->u.v4.mask); 81 82 TEST_ASSERT_EQUAL(rl6->count, restrictlist6->count); 83 TEST_ASSERT_EQUAL(rl6->rflags, restrictlist6->rflags); 84 TEST_ASSERT_EQUAL(rl6->mflags, restrictlist6->mflags); 85 TEST_ASSERT_EQUAL(rl6->expire, restrictlist6->expire); 86 87 free(rl4); 88 free(rl6); 89} 90 91 92extern void test_ReturnsCorrectDefaultRestrictions(void); 93void test_ReturnsCorrectDefaultRestrictions(void) 94{ 95 sockaddr_u sockaddr = create_sockaddr_u(AF_INET, 96 54321, "63.161.169.137"); 97 r4addr r4a; 98 99 restrictions(&sockaddr, &r4a); 100 101 TEST_ASSERT_EQUAL(0, r4a.rflags); 102} 103 104 105extern void test_HackingDefaultRestriction(void); 106void test_HackingDefaultRestriction(void) 107{ 108 /* 109 * We change the flag of the default restriction, 110 * and check if restriction() returns that flag 111 */ 112 113 const u_short rflags = 42; 114 r4addr r4a; 115 116 sockaddr_u resaddr = create_sockaddr_u(AF_INET, 117 54321, "0.0.0.0"); 118 sockaddr_u resmask = create_sockaddr_u(AF_INET, 119 54321, "0.0.0.0"); 120 121 hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0); 122 123 sockaddr_u sockaddr = create_sockaddr_u(AF_INET, 124 54321, "111.123.251.124"); 125 126 restrictions(&sockaddr, &r4a); 127 TEST_ASSERT_EQUAL(rflags, r4a.rflags); 128} 129 130 131extern void test_CantRemoveDefaultEntry(void); 132void test_CantRemoveDefaultEntry(void) 133{ 134 sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "0.0.0.0"); 135 sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "0.0.0.0"); 136 r4addr r4a; 137 138 hack_restrict(RESTRICT_REMOVE, &resaddr, &resmask, -1, 0, 0, 0); 139 140 restrictions(&resaddr, &r4a); 141 TEST_ASSERT_EQUAL(0, r4a.rflags); 142} 143 144 145extern void test_AddingNewRestriction(void); 146void test_AddingNewRestriction(void) 147{ 148 sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.33.44"); 149 sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "128.0.0.0"); 150 r4addr r4a; 151 152 const u_short rflags = 42; 153 154 hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0); 155 156 restrictions(&resaddr, &r4a); 157 TEST_ASSERT_EQUAL(rflags, r4a.rflags); 158} 159 160 161extern void test_TheMostFittingRestrictionIsMatched(void); 162void test_TheMostFittingRestrictionIsMatched(void) 163{ 164 sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44"); 165 166 sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44"); 167 sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0"); 168 169 sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20"); 170 sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0"); 171 172 /* it also matches, but we prefer the one above, as it's more specific */ 173 sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44"); 174 sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0"); 175 r4addr r4a; 176 177 hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0); 178 hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0); 179 hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0); 180 181 restrictions(&resaddr_target, &r4a); 182 TEST_ASSERT_EQUAL(22, r4a.rflags); 183} 184 185 186extern void test_DeletedRestrictionIsNotMatched(void); 187void test_DeletedRestrictionIsNotMatched(void) 188{ 189 sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44"); 190 191 sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44"); 192 sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0"); 193 194 sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20"); 195 sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0"); 196 197 sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44"); 198 sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0"); 199 r4addr r4a; 200 201 hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0); 202 hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0); 203 hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0); 204 205 /* deleting the best match*/ 206 hack_restrict(RESTRICT_REMOVE, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0); 207 208 restrictions(&resaddr_target, &r4a); 209 TEST_ASSERT_EQUAL(128, r4a.rflags); 210} 211 212 213extern void test_RestrictUnflagWorks(void); 214void test_RestrictUnflagWorks(void) 215{ 216 sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.30.20"); 217 sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "255.255.0.0"); 218 r4addr r4a; 219 220 hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, 11, 0); 221 222 hack_restrict(RESTRICT_UNFLAG, &resaddr, &resmask, -1, 0, 10, 0); 223 224 restrictions(&resaddr, &r4a); 225 TEST_ASSERT_EQUAL(1, r4a.rflags); 226} 227