1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2013 The FreeBSD Foundation
5 *
6 * This software was developed by Pawel Jakub Dawidek under sponsorship from
7 * the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 */
30
31 #include <sys/cdefs.h>
32 #include <sys/capsicum.h>
33 #include <sys/nv.h>
34
35 #include <arpa/inet.h>
36 #include <netinet/in.h>
37
38 #include <assert.h>
39 #include <err.h>
40 #include <errno.h>
41 #include <netdb.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #include <unistd.h>
46
47 #include <libcasper.h>
48 #include <casper/cap_dns.h>
49
50 #include <atf-c.h>
51
52 #define GETHOSTBYNAME 0x01
53 #define GETHOSTBYNAME2_AF_INET 0x02
54 #define GETHOSTBYNAME2_AF_INET6 0x04
55 #define GETHOSTBYADDR_AF_INET 0x08
56 #define GETHOSTBYADDR_AF_INET6 0x10
57 #define GETADDRINFO_AF_UNSPEC 0x20
58 #define GETADDRINFO_AF_INET 0x40
59 #define GETADDRINFO_AF_INET6 0x80
60
61 static bool
addrinfo_compare(struct addrinfo * ai0,struct addrinfo * ai1)62 addrinfo_compare(struct addrinfo *ai0, struct addrinfo *ai1)
63 {
64 struct addrinfo *at0, *at1;
65
66 if (ai0 == NULL && ai1 == NULL)
67 return (true);
68 if (ai0 == NULL || ai1 == NULL)
69 return (false);
70
71 at0 = ai0;
72 at1 = ai1;
73 while (true) {
74 if ((at0->ai_flags == at1->ai_flags) &&
75 (at0->ai_family == at1->ai_family) &&
76 (at0->ai_socktype == at1->ai_socktype) &&
77 (at0->ai_protocol == at1->ai_protocol) &&
78 (at0->ai_addrlen == at1->ai_addrlen) &&
79 (memcmp(at0->ai_addr, at1->ai_addr,
80 at0->ai_addrlen) == 0)) {
81 if (at0->ai_canonname != NULL &&
82 at1->ai_canonname != NULL) {
83 if (strcmp(at0->ai_canonname,
84 at1->ai_canonname) != 0) {
85 return (false);
86 }
87 }
88
89 if (at0->ai_canonname == NULL &&
90 at1->ai_canonname != NULL) {
91 return (false);
92 }
93 if (at0->ai_canonname != NULL &&
94 at1->ai_canonname == NULL) {
95 return (false);
96 }
97
98 if (at0->ai_next == NULL && at1->ai_next == NULL)
99 return (true);
100 if (at0->ai_next == NULL || at1->ai_next == NULL)
101 return (false);
102
103 at0 = at0->ai_next;
104 at1 = at1->ai_next;
105 } else {
106 return (false);
107 }
108 }
109
110 /* NOTREACHED */
111 fprintf(stderr, "Dead code reached in addrinfo_compare()\n");
112 exit(1);
113 }
114
115 static bool
hostent_aliases_compare(char ** aliases0,char ** aliases1)116 hostent_aliases_compare(char **aliases0, char **aliases1)
117 {
118 int i0, i1;
119
120 if (aliases0 == NULL && aliases1 == NULL)
121 return (true);
122 if (aliases0 == NULL || aliases1 == NULL)
123 return (false);
124
125 for (i0 = 0; aliases0[i0] != NULL; i0++) {
126 for (i1 = 0; aliases1[i1] != NULL; i1++) {
127 if (strcmp(aliases0[i0], aliases1[i1]) == 0)
128 break;
129 }
130 if (aliases1[i1] == NULL)
131 return (false);
132 }
133
134 return (true);
135 }
136
137 static bool
hostent_addr_list_compare(char ** addr_list0,char ** addr_list1,int length)138 hostent_addr_list_compare(char **addr_list0, char **addr_list1, int length)
139 {
140 int i0, i1;
141
142 if (addr_list0 == NULL && addr_list1 == NULL)
143 return (true);
144 if (addr_list0 == NULL || addr_list1 == NULL)
145 return (false);
146
147 for (i0 = 0; addr_list0[i0] != NULL; i0++) {
148 for (i1 = 0; addr_list1[i1] != NULL; i1++) {
149 if (memcmp(addr_list0[i0], addr_list1[i1], length) == 0)
150 break;
151 }
152 if (addr_list1[i1] == NULL)
153 return (false);
154 }
155
156 return (true);
157 }
158
159 static bool
hostent_compare(const struct hostent * hp0,const struct hostent * hp1)160 hostent_compare(const struct hostent *hp0, const struct hostent *hp1)
161 {
162
163 if (hp0 == NULL && hp1 != NULL)
164 return (true);
165
166 if (hp0 == NULL || hp1 == NULL)
167 return (false);
168
169 if (hp0->h_name != NULL || hp1->h_name != NULL) {
170 if (hp0->h_name == NULL || hp1->h_name == NULL)
171 return (false);
172 if (strcmp(hp0->h_name, hp1->h_name) != 0)
173 return (false);
174 }
175
176 if (!hostent_aliases_compare(hp0->h_aliases, hp1->h_aliases))
177 return (false);
178 if (!hostent_aliases_compare(hp1->h_aliases, hp0->h_aliases))
179 return (false);
180
181 if (hp0->h_addrtype != hp1->h_addrtype)
182 return (false);
183
184 if (hp0->h_length != hp1->h_length)
185 return (false);
186
187 if (!hostent_addr_list_compare(hp0->h_addr_list, hp1->h_addr_list,
188 hp0->h_length)) {
189 return (false);
190 }
191 if (!hostent_addr_list_compare(hp1->h_addr_list, hp0->h_addr_list,
192 hp0->h_length)) {
193 return (false);
194 }
195
196 return (true);
197 }
198
199 static void
runtest(cap_channel_t * capdns,unsigned int expected)200 runtest(cap_channel_t *capdns, unsigned int expected)
201 {
202 unsigned int result, failure;
203 struct addrinfo *ais, *aic, hints, *hintsp;
204 struct hostent *hps, *hpc;
205 struct in_addr ip4;
206 struct in6_addr ip6;
207 int caperr, syserr;
208
209 failure = result = 0;
210
211 hps = gethostbyname("example.com");
212 if (hps == NULL) {
213 failure |= GETHOSTBYNAME;
214 fprintf(stderr, "Unable to resolve %s IPv4.\n", "example.com");
215 } else {
216 hpc = cap_gethostbyname(capdns, "example.com");
217 if (hostent_compare(hps, hpc))
218 result |= GETHOSTBYNAME;
219 }
220
221 hps = gethostbyname2("example.com", AF_INET);
222 if (hps == NULL) {
223 failure |= GETHOSTBYNAME2_AF_INET;
224 fprintf(stderr, "Unable to resolve %s IPv4.\n", "example.com");
225 } else {
226 hpc = cap_gethostbyname2(capdns, "example.com", AF_INET);
227 if (hostent_compare(hps, hpc))
228 result |= GETHOSTBYNAME2_AF_INET;
229 }
230
231 hps = gethostbyname2("example.com", AF_INET6);
232 if (hps == NULL) {
233 failure |= GETHOSTBYNAME2_AF_INET6;
234 fprintf(stderr, "Unable to resolve %s IPv6.\n", "example.com");
235 } else {
236 hpc = cap_gethostbyname2(capdns, "example.com", AF_INET6);
237 if (hostent_compare(hps, hpc))
238 result |= GETHOSTBYNAME2_AF_INET6;
239 }
240
241 hints.ai_flags = 0;
242 hints.ai_family = AF_UNSPEC;
243 hints.ai_socktype = 0;
244 hints.ai_protocol = 0;
245 hints.ai_addrlen = 0;
246 hints.ai_addr = NULL;
247 hints.ai_canonname = NULL;
248 hints.ai_next = NULL;
249
250 hintsp = &hints;
251
252 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais);
253 if (syserr != 0) {
254 failure |= GETADDRINFO_AF_UNSPEC;
255 fprintf(stderr,
256 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n",
257 gai_strerror(syserr));
258 } else {
259 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp,
260 &aic);
261 if (caperr == 0) {
262 if (addrinfo_compare(ais, aic))
263 result |= GETADDRINFO_AF_UNSPEC;
264 freeaddrinfo(ais);
265 freeaddrinfo(aic);
266 }
267 }
268
269 hints.ai_family = AF_INET;
270 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais);
271 if (syserr != 0) {
272 failure |= GETADDRINFO_AF_INET;
273 fprintf(stderr,
274 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n",
275 gai_strerror(syserr));
276 } else {
277 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp,
278 &aic);
279 if (caperr == 0) {
280 if (addrinfo_compare(ais, aic))
281 result |= GETADDRINFO_AF_INET;
282 freeaddrinfo(ais);
283 freeaddrinfo(aic);
284 }
285 }
286
287 hints.ai_family = AF_INET6;
288 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais);
289 if (syserr != 0) {
290 failure |= GETADDRINFO_AF_INET6;
291 fprintf(stderr,
292 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n",
293 gai_strerror(syserr));
294 } else {
295 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp,
296 &aic);
297 if (caperr == 0) {
298 if (addrinfo_compare(ais, aic))
299 result |= GETADDRINFO_AF_INET6;
300 freeaddrinfo(ais);
301 freeaddrinfo(aic);
302 }
303 }
304
305 /* XXX: hardcoded addresses for "google-public-dns-a.google.com". */
306 #define GOOGLE_DNS_IPV4 "8.8.8.8"
307 #define GOOGLE_DNS_IPV6 "2001:4860:4860::8888"
308
309 inet_pton(AF_INET, GOOGLE_DNS_IPV4, &ip4);
310 hps = gethostbyaddr(&ip4, sizeof(ip4), AF_INET);
311 if (hps == NULL) {
312 failure |= GETHOSTBYADDR_AF_INET;
313 fprintf(stderr, "Unable to resolve %s.\n", GOOGLE_DNS_IPV4);
314 } else {
315 hpc = cap_gethostbyaddr(capdns, &ip4, sizeof(ip4), AF_INET);
316 if (hostent_compare(hps, hpc))
317 result |= GETHOSTBYADDR_AF_INET;
318 }
319
320 inet_pton(AF_INET6, GOOGLE_DNS_IPV6, &ip6);
321 hps = gethostbyaddr(&ip6, sizeof(ip6), AF_INET6);
322 if (hps == NULL) {
323 failure |= GETHOSTBYADDR_AF_INET6;
324 fprintf(stderr, "Unable to resolve %s.\n", GOOGLE_DNS_IPV6);
325 } else {
326 hpc = cap_gethostbyaddr(capdns, &ip6, sizeof(ip6), AF_INET6);
327 if (hostent_compare(hps, hpc)) {
328 caperr = h_errno;
329 result |= GETHOSTBYADDR_AF_INET6;
330 }
331 }
332
333 /*
334 * If we had any failures, make sure that all lookups failed. If some
335 * succeeded and some failed, there's a problem with the test or the DNS
336 * and we should not fail silently.
337 */
338 if (failure != 0) {
339 ATF_REQUIRE_MSG(failure == (GETHOSTBYNAME |
340 GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
341 GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET |
342 GETADDRINFO_AF_INET6 |
343 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6),
344 "expected all tests to fail, got 0x%x", failure);
345 atf_tc_skip(
346 "no name lookups succeeded, tests require Internet access");
347 }
348 ATF_REQUIRE_MSG(result == expected,
349 "expected 0x%x, got 0x%x", expected, result);
350 }
351
352 static cap_channel_t *
cap_dns_init(void)353 cap_dns_init(void)
354 {
355 cap_channel_t *capcas, *capdns;
356
357 capcas = cap_init();
358 ATF_REQUIRE(capcas != NULL);
359
360 capdns = cap_service_open(capcas, "system.dns");
361 ATF_REQUIRE(capdns != NULL);
362
363 cap_close(capcas);
364
365 return (capdns);
366 }
367
368 ATF_TC(dns_no_limits);
ATF_TC_HEAD(dns_no_limits,tc)369 ATF_TC_HEAD(dns_no_limits, tc)
370 {
371 }
ATF_TC_BODY(dns_no_limits,tc)372 ATF_TC_BODY(dns_no_limits, tc)
373 {
374 cap_channel_t *capdns;
375
376 capdns = cap_dns_init();
377
378 runtest(capdns,
379 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
380 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
381 GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET |
382 GETADDRINFO_AF_INET6));
383
384 cap_close(capdns);
385 }
386
387 ATF_TC(dns_all_limits);
ATF_TC_HEAD(dns_all_limits,tc)388 ATF_TC_HEAD(dns_all_limits, tc)
389 {
390 }
ATF_TC_BODY(dns_all_limits,tc)391 ATF_TC_BODY(dns_all_limits, tc)
392 {
393 cap_channel_t *capdns;
394 const char *types[2];
395 int families[2];
396
397 capdns = cap_dns_init();
398
399 types[0] = "NAME2ADDR";
400 types[1] = "ADDR2NAME";
401 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
402 families[0] = AF_INET;
403 families[1] = AF_INET6;
404 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
405 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
406 cap_dns_family_limit(capdns, NULL, 0) == -1);
407 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
408 cap_dns_type_limit(capdns, NULL, 0) == -1);
409
410 runtest(capdns,
411 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
412 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 |
413 GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
414
415 cap_close(capdns);
416 }
417
418 ATF_TC(dns_name_limit);
ATF_TC_HEAD(dns_name_limit,tc)419 ATF_TC_HEAD(dns_name_limit, tc)
420 {
421 }
ATF_TC_BODY(dns_name_limit,tc)422 ATF_TC_BODY(dns_name_limit, tc)
423 {
424 cap_channel_t *capdns;
425 const char *types[2];
426 int families[2];
427
428 capdns = cap_dns_init();
429
430 types[0] = "NAME2ADDR";
431 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
432 types[1] = "ADDR2NAME";
433 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
434 cap_dns_type_limit(capdns, types, 2) == -1);
435 types[0] = "ADDR2NAME";
436 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
437 cap_dns_type_limit(capdns, types, 1) == -1);
438 families[0] = AF_INET;
439 families[1] = AF_INET6;
440 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
441
442 runtest(capdns,
443 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 |
444 GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6));
445
446 cap_close(capdns);
447 }
448
449 ATF_TC(dns_addr_limit);
ATF_TC_HEAD(dns_addr_limit,tc)450 ATF_TC_HEAD(dns_addr_limit, tc)
451 {
452 }
ATF_TC_BODY(dns_addr_limit,tc)453 ATF_TC_BODY(dns_addr_limit, tc)
454 {
455 cap_channel_t *capdns;
456 const char *types[2];
457 int families[2];
458
459 capdns = cap_dns_init();
460
461 types[0] = "ADDR2NAME";
462 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
463 types[1] = "NAME2ADDR";
464 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
465 cap_dns_type_limit(capdns, types, 2) == -1);
466 types[0] = "NAME2ADDR";
467 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
468 cap_dns_type_limit(capdns, types, 1) == -1);
469 families[0] = AF_INET;
470 families[1] = AF_INET6;
471 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
472
473 runtest(capdns,
474 (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6));
475
476 cap_close(capdns);
477 }
478
479 ATF_TC(dns_inet_limit);
ATF_TC_HEAD(dns_inet_limit,tc)480 ATF_TC_HEAD(dns_inet_limit, tc)
481 {
482 }
ATF_TC_BODY(dns_inet_limit,tc)483 ATF_TC_BODY(dns_inet_limit, tc)
484 {
485 cap_channel_t *capdns;
486 const char *types[2];
487 int families[2];
488
489 capdns = cap_dns_init();
490
491 types[0] = "NAME2ADDR";
492 types[1] = "ADDR2NAME";
493 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
494 families[0] = AF_INET;
495 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
496 families[1] = AF_INET6;
497 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
498 cap_dns_family_limit(capdns, families, 2) == -1);
499 families[0] = AF_INET6;
500 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
501 cap_dns_family_limit(capdns, families, 1) == -1);
502
503 runtest(capdns,
504 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYADDR_AF_INET |
505 GETADDRINFO_AF_INET));
506
507 cap_close(capdns);
508 }
509
510 ATF_TC(dns_inet6_limit);
ATF_TC_HEAD(dns_inet6_limit,tc)511 ATF_TC_HEAD(dns_inet6_limit, tc)
512 {
513 }
ATF_TC_BODY(dns_inet6_limit,tc)514 ATF_TC_BODY(dns_inet6_limit, tc)
515 {
516 cap_channel_t *capdns;
517 const char *types[2];
518 int families[2];
519
520 capdns = cap_dns_init();
521
522 types[0] = "NAME2ADDR";
523 types[1] = "ADDR2NAME";
524 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
525 families[0] = AF_INET6;
526 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
527 families[1] = AF_INET;
528 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
529 cap_dns_family_limit(capdns, families, 2) == -1);
530 families[0] = AF_INET;
531 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
532 cap_dns_family_limit(capdns, families, 1) == -1);
533
534 runtest(capdns,
535 (GETHOSTBYNAME2_AF_INET6 | GETHOSTBYADDR_AF_INET6 |
536 GETADDRINFO_AF_INET6));
537
538 cap_close(capdns);
539 }
540
541 ATF_TC(dns_name_inet_limit);
ATF_TC_HEAD(dns_name_inet_limit,tc)542 ATF_TC_HEAD(dns_name_inet_limit, tc)
543 {
544 }
ATF_TC_BODY(dns_name_inet_limit,tc)545 ATF_TC_BODY(dns_name_inet_limit, tc)
546 {
547 cap_channel_t *capdns;
548 const char *types[2];
549 int families[2];
550
551 capdns = cap_dns_init();
552
553 types[0] = "NAME2ADDR";
554 types[1] = "ADDR2NAME";
555 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
556 families[0] = AF_INET;
557 families[1] = AF_INET6;
558 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
559 types[0] = "NAME2ADDR";
560 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
561 types[1] = "ADDR2NAME";
562 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
563 cap_dns_type_limit(capdns, types, 2) == -1);
564 types[0] = "ADDR2NAME";
565 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
566 cap_dns_type_limit(capdns, types, 1) == -1);
567 families[0] = AF_INET;
568 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
569 families[1] = AF_INET6;
570 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
571 cap_dns_family_limit(capdns, families, 2) == -1);
572 families[0] = AF_INET6;
573 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
574 cap_dns_family_limit(capdns, families, 1) == -1);
575
576 runtest(capdns,
577 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETADDRINFO_AF_INET));
578
579 cap_close(capdns);
580 }
581
582 ATF_TC(dns_name_inet6_limit);
ATF_TC_HEAD(dns_name_inet6_limit,tc)583 ATF_TC_HEAD(dns_name_inet6_limit, tc)
584 {
585 }
ATF_TC_BODY(dns_name_inet6_limit,tc)586 ATF_TC_BODY(dns_name_inet6_limit, tc)
587 {
588 cap_channel_t *capdns;
589 const char *types[2];
590 int families[2];
591
592 capdns = cap_dns_init();
593
594 types[0] = "NAME2ADDR";
595 types[1] = "ADDR2NAME";
596 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
597 families[0] = AF_INET6;
598 families[1] = AF_INET;
599 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
600 types[0] = "NAME2ADDR";
601 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
602 types[1] = "ADDR2NAME";
603 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
604 cap_dns_type_limit(capdns, types, 2) == -1);
605 types[0] = "ADDR2NAME";
606 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
607 cap_dns_type_limit(capdns, types, 1) == -1);
608 families[0] = AF_INET6;
609 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
610 families[1] = AF_INET;
611 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
612 cap_dns_family_limit(capdns, families, 2) == -1);
613 families[0] = AF_INET;
614 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
615 cap_dns_family_limit(capdns, families, 1) == -1);
616
617 runtest(capdns,
618 (GETHOSTBYNAME2_AF_INET6 | GETADDRINFO_AF_INET6));
619
620 cap_close(capdns);
621 }
622
623 ATF_TC(dns_addr_inet_limit);
ATF_TC_HEAD(dns_addr_inet_limit,tc)624 ATF_TC_HEAD(dns_addr_inet_limit, tc)
625 {
626 }
ATF_TC_BODY(dns_addr_inet_limit,tc)627 ATF_TC_BODY(dns_addr_inet_limit, tc)
628 {
629 cap_channel_t *capdns;
630 const char *types[2];
631 int families[2];
632
633 capdns = cap_dns_init();
634
635 types[0] = "NAME2ADDR";
636 types[1] = "ADDR2NAME";
637 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
638 families[0] = AF_INET;
639 families[1] = AF_INET6;
640 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
641 types[0] = "ADDR2NAME";
642 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
643 types[1] = "NAME2ADDR";
644 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
645 cap_dns_type_limit(capdns, types, 2) == -1);
646 types[0] = "NAME2ADDR";
647 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
648 cap_dns_type_limit(capdns, types, 1) == -1);
649 families[0] = AF_INET;
650 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
651 families[1] = AF_INET6;
652 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
653 cap_dns_family_limit(capdns, families, 2) == -1);
654 families[0] = AF_INET6;
655 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
656 cap_dns_family_limit(capdns, families, 1) == -1);
657
658 runtest(capdns, GETHOSTBYADDR_AF_INET);
659
660 cap_close(capdns);
661 }
662
663 ATF_TC(dns_addr_inet6_limit);
ATF_TC_HEAD(dns_addr_inet6_limit,tc)664 ATF_TC_HEAD(dns_addr_inet6_limit, tc)
665 {
666 }
ATF_TC_BODY(dns_addr_inet6_limit,tc)667 ATF_TC_BODY(dns_addr_inet6_limit, tc)
668 {
669 cap_channel_t *capdns;
670 const char *types[2];
671 int families[2];
672
673 capdns = cap_dns_init();
674
675 types[0] = "NAME2ADDR";
676 types[1] = "ADDR2NAME";
677 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0);
678 families[0] = AF_INET6;
679 families[1] = AF_INET;
680 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0);
681 types[0] = "ADDR2NAME";
682 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0);
683 types[1] = "NAME2ADDR";
684 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
685 cap_dns_type_limit(capdns, types, 2) == -1);
686 types[0] = "NAME2ADDR";
687 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
688 cap_dns_type_limit(capdns, types, 1) == -1);
689 families[0] = AF_INET6;
690 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0);
691 families[1] = AF_INET;
692 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
693 cap_dns_family_limit(capdns, families, 2) == -1);
694 families[0] = AF_INET;
695 ATF_REQUIRE_ERRNO(ENOTCAPABLE,
696 cap_dns_family_limit(capdns, families, 1) == -1);
697
698 runtest(capdns, GETHOSTBYADDR_AF_INET6);
699
700 cap_close(capdns);
701 }
702
ATF_TP_ADD_TCS(tp)703 ATF_TP_ADD_TCS(tp)
704 {
705 ATF_TP_ADD_TC(tp, dns_no_limits);
706 ATF_TP_ADD_TC(tp, dns_all_limits);
707 ATF_TP_ADD_TC(tp, dns_name_limit);
708 ATF_TP_ADD_TC(tp, dns_addr_limit);
709 ATF_TP_ADD_TC(tp, dns_inet_limit);
710 ATF_TP_ADD_TC(tp, dns_inet6_limit);
711 ATF_TP_ADD_TC(tp, dns_name_inet_limit);
712 ATF_TP_ADD_TC(tp, dns_name_inet6_limit);
713 ATF_TP_ADD_TC(tp, dns_addr_inet_limit);
714 ATF_TP_ADD_TC(tp, dns_addr_inet6_limit);
715
716 return atf_no_error();
717 }
718