1/* $NetBSD: acl_test.c,v 1.2 2024/02/21 22:52:49 christos Exp $ */ 2 3/* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16#include <inttypes.h> 17#include <sched.h> /* IWYU pragma: keep */ 18#include <setjmp.h> 19#include <stdarg.h> 20#include <stddef.h> 21#include <stdio.h> 22#include <stdlib.h> 23#include <string.h> 24#include <unistd.h> 25 26#define UNIT_TESTING 27#include <cmocka.h> 28 29#include <isc/print.h> 30#include <isc/string.h> 31#include <isc/util.h> 32 33#include <dns/acl.h> 34 35#include <tests/dns.h> 36 37#define BUFLEN 255 38#define BIGBUFLEN (70 * 1024) 39#define TEST_ORIGIN "test" 40 41/* test that dns_acl_isinsecure works */ 42ISC_RUN_TEST_IMPL(dns_acl_isinsecure) { 43 isc_result_t result; 44 dns_acl_t *any = NULL; 45 dns_acl_t *none = NULL; 46 dns_acl_t *notnone = NULL; 47 dns_acl_t *notany = NULL; 48#if defined(HAVE_GEOIP2) 49 dns_acl_t *geoip = NULL; 50 dns_acl_t *notgeoip = NULL; 51 dns_aclelement_t *de; 52#endif /* HAVE_GEOIP2 */ 53 54 UNUSED(state); 55 56 result = dns_acl_any(mctx, &any); 57 assert_int_equal(result, ISC_R_SUCCESS); 58 59 result = dns_acl_none(mctx, &none); 60 assert_int_equal(result, ISC_R_SUCCESS); 61 62 result = dns_acl_create(mctx, 1, ¬none); 63 assert_int_equal(result, ISC_R_SUCCESS); 64 65 result = dns_acl_create(mctx, 1, ¬any); 66 assert_int_equal(result, ISC_R_SUCCESS); 67 68 result = dns_acl_merge(notnone, none, false); 69 assert_int_equal(result, ISC_R_SUCCESS); 70 71 result = dns_acl_merge(notany, any, false); 72 assert_int_equal(result, ISC_R_SUCCESS); 73 74#if defined(HAVE_GEOIP2) 75 result = dns_acl_create(mctx, 1, &geoip); 76 assert_int_equal(result, ISC_R_SUCCESS); 77 78 de = geoip->elements; 79 assert_non_null(de); 80 strlcpy(de->geoip_elem.as_string, "AU", 81 sizeof(de->geoip_elem.as_string)); 82 de->geoip_elem.subtype = dns_geoip_country_code; 83 de->type = dns_aclelementtype_geoip; 84 de->negative = false; 85 assert_true(geoip->length < geoip->alloc); 86 dns_acl_node_count(geoip)++; 87 de->node_num = dns_acl_node_count(geoip); 88 geoip->length++; 89 90 result = dns_acl_create(mctx, 1, ¬geoip); 91 assert_int_equal(result, ISC_R_SUCCESS); 92 93 result = dns_acl_merge(notgeoip, geoip, false); 94 assert_int_equal(result, ISC_R_SUCCESS); 95#endif /* HAVE_GEOIP2 */ 96 97 assert_true(dns_acl_isinsecure(any)); /* any; */ 98 assert_false(dns_acl_isinsecure(none)); /* none; */ 99 assert_false(dns_acl_isinsecure(notany)); /* !any; */ 100 assert_false(dns_acl_isinsecure(notnone)); /* !none; */ 101 102#if defined(HAVE_GEOIP2) 103 assert_true(dns_acl_isinsecure(geoip)); /* geoip; */ 104 assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */ 105#endif /* HAVE_GEOIP2 */ 106 107 dns_acl_detach(&any); 108 dns_acl_detach(&none); 109 dns_acl_detach(¬any); 110 dns_acl_detach(¬none); 111#if defined(HAVE_GEOIP2) 112 dns_acl_detach(&geoip); 113 dns_acl_detach(¬geoip); 114#endif /* HAVE_GEOIP2 */ 115} 116 117ISC_TEST_LIST_START 118ISC_TEST_ENTRY(dns_acl_isinsecure) 119ISC_TEST_LIST_END 120 121ISC_TEST_MAIN 122