auth_srv_unittest.cc 8.66 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
// Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.

// $Id$

#include <gtest/gtest.h>

#include <dns/buffer.h>
#include <dns/name.h>
#include <dns/message.h>
#include <dns/messagerenderer.h>
#include <dns/rrclass.h>
#include <dns/rrtype.h>

#include <auth/auth_srv.h>

#include <dns/tests/unittest_util.h>

using isc::UnitTestUtil;
using namespace std;
using namespace isc::dns;

namespace {
class AuthSrvTest : public ::testing::Test {
protected:
    AuthSrvTest() : request_message(Message::RENDER),
38
                    parse_message(Message::PARSE), default_qid(0x1035),
39
                    opcode(Opcode(Opcode::QUERY())), qname("www.example.com"),
40
                    qclass(RRClass::IN()), qtype(RRType::A()), ibuffer(NULL),
41 42 43 44 45 46
                    request_obuffer(0), request_renderer(request_obuffer),
                    response_obuffer(0), response_renderer(response_obuffer)
    {}
    AuthSrv server;
    Message request_message;
    Message parse_message;
47 48 49 50 51
    const qid_t default_qid;
    const Opcode opcode;
    const Name qname;
    const RRClass qclass;
    const RRType qtype;
52
    InputBuffer* ibuffer;
53 54 55 56 57
    OutputBuffer request_obuffer;
    MessageRenderer request_renderer;
    OutputBuffer response_obuffer;
    MessageRenderer response_renderer;
    vector<uint8_t> data;
58 59

    void createDataFromFile(const char* const datafile);
60 61
};

62 63 64 65 66 67 68 69 70 71 72 73
// These are flags to indicate whether the corresponding flag bit of the
// DNS header is to be set in the test cases.  (Note that the flag values
// is irrelevant to their wire-format values)
const unsigned int QR_FLAG = 0x1;
const unsigned int AA_FLAG = 0x2;
const unsigned int TC_FLAG = 0x4;
const unsigned int RD_FLAG = 0x8;
const unsigned int RA_FLAG = 0x10;
const unsigned int AD_FLAG = 0x20;
const unsigned int CD_FLAG = 0x40;

void
74 75 76 77
AuthSrvTest::createDataFromFile(const char* const datafile) {
    delete ibuffer;
    data.clear();

78
    UnitTestUtil::readWireData(datafile, data);
79
    ibuffer = new InputBuffer(&data[0], data.size());
80 81
}

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
void
headerCheck(const Message& message, const qid_t qid, const Rcode& rcode,
            const uint16_t opcodeval, const unsigned int flags,
            const unsigned int qdcount,
            const unsigned int ancount, const unsigned int nscount,
            const unsigned int arcount)
{
    EXPECT_EQ(qid, message.getQid());
    EXPECT_EQ(rcode, message.getRcode());
    EXPECT_EQ(opcodeval, message.getOpcode().getCode());
    EXPECT_EQ((flags & QR_FLAG) == 1, message.getHeaderFlag(MessageFlag::QR()));
    EXPECT_EQ((flags & AA_FLAG) == 1, message.getHeaderFlag(MessageFlag::AA()));
    EXPECT_EQ((flags & TC_FLAG) == 1, message.getHeaderFlag(MessageFlag::TC()));
    EXPECT_EQ((flags & RA_FLAG) == 1, message.getHeaderFlag(MessageFlag::RA()));
    EXPECT_EQ((flags & RD_FLAG) == 1, message.getHeaderFlag(MessageFlag::RD()));
    EXPECT_EQ((flags & AD_FLAG) == 1, message.getHeaderFlag(MessageFlag::AD()));
    EXPECT_EQ((flags & CD_FLAG) == 1, message.getHeaderFlag(MessageFlag::CD()));

    EXPECT_EQ(qdcount, message.getRRCount(Section::QUESTION()));
    EXPECT_EQ(ancount, message.getRRCount(Section::ANSWER()));
    EXPECT_EQ(nscount, message.getRRCount(Section::AUTHORITY()));
    EXPECT_EQ(arcount, message.getRRCount(Section::ADDITIONAL()));
}

// Unsupported requests.  Should result in NOTIMP.
TEST_F(AuthSrvTest, unsupportedRequest) {
    for (unsigned int i = 1; i < 16; ++i) {
        // set Opcode to 'i', which iterators over all possible codes except
        // the standard query (0)
111
        createDataFromFile("testdata/simplequery_fromWire");
112 113 114
        data[2] = ((i << 3) & 0xff);

        parse_message.clear(Message::PARSE);
115
        EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
116
                                              response_renderer, true, false));
117 118 119
        headerCheck(parse_message, default_qid, Rcode::NOTIMP(), i, QR_FLAG,
                    0, 0, 0, 0);
    }
120
}
121 122 123

// Multiple questions.  Should result in FORMERR.
TEST_F(AuthSrvTest, multiQuestion) {
124 125
    createDataFromFile("testdata/multiquestion_fromWire");
    EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
126
                                          response_renderer, true, false));
127
    headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
128 129 130 131 132 133 134 135 136 137 138 139
                QR_FLAG, 2, 0, 0, 0);

    QuestionIterator qit = parse_message.beginQuestion();
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::A(), (*qit)->getType());
    ++qit;
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::AAAA(), (*qit)->getType());
    ++qit;
    EXPECT_TRUE(qit == parse_message.endQuestion());
140 141
}

142 143 144
// Incoming data doesn't even contain the complete header.  Must be silently
// dropped.
TEST_F(AuthSrvTest, shortMessage) {
145 146 147 148 149 150 151 152 153 154 155
    createDataFromFile("testdata/shortmessage_fromWire");
    EXPECT_EQ(false, server.processMessage(*ibuffer, parse_message,
                                           response_renderer, true, false));
}

// Response messages.  Must be silently dropped, whether it's a valid response
// or malformed or could otherwise cause a protocol error.
TEST_F(AuthSrvTest, response) {
    // A valid (although unusual) response
    createDataFromFile("testdata/simpleresponse_fromWire");
    EXPECT_EQ(false, server.processMessage(*ibuffer, parse_message,
156
                                           response_renderer, true, false));
157 158 159 160 161 162 163 164 165 166 167

    // A response with a broken question section.  must be dropped rather than
    // returning FORMERR.
    createDataFromFile("testdata/shortresponse_fromWire");
    EXPECT_EQ(false, server.processMessage(*ibuffer, parse_message,
                                           response_renderer, true, false));    

    // A response to iquery.  must be dropped rather than returning NOTIMP.
    createDataFromFile("testdata/iqueryresponse_fromWire");
    EXPECT_EQ(false, server.processMessage(*ibuffer, parse_message,
                                           response_renderer, true, false));    
168 169 170 171 172 173 174 175 176 177 178 179
}

// Query with a broken question
TEST_F(AuthSrvTest, shortQuestion) {
    createDataFromFile("testdata/shortquestion_fromWire");
    EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
                                           response_renderer, true, false));
    // Since the query's question is broken, the question section of the
    // response should be empty.
    headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
                QR_FLAG, 0, 0, 0, 0);
}
180

181 182 183 184
// Query with a broken answer section
TEST_F(AuthSrvTest, shortAnswer) {
    createDataFromFile("testdata/shortanswer_fromWire");
    EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
185
                                           response_renderer, true, false));
186 187 188

    // This is a bogus query, but question section is valid.  So the response
    // should copy the question section.
189 190 191
    headerCheck(parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
                QR_FLAG, 1, 0, 0, 0);

192 193 194 195 196 197
    QuestionIterator qit = parse_message.beginQuestion();
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::A(), (*qit)->getType());
    ++qit;
    EXPECT_TRUE(qit == parse_message.endQuestion());
198 199
}

200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
// Query with unsupported version of EDNS.
TEST_F(AuthSrvTest, ednsBadVers) {
    createDataFromFile("testdata/queryBadEDNS_fromWire");
    EXPECT_EQ(true, server.processMessage(*ibuffer, parse_message,
                                           response_renderer, true, false));

    // The response must have an EDNS OPT RR in the additional section.
    // Note that the DNSSEC DO bit is cleared even if this bit in the query
    // is set.  This is a limitation of the current implementation.
    headerCheck(parse_message, default_qid, Rcode::BADVERS(), opcode.getCode(),
                QR_FLAG, 1, 0, 0, 1);
    EXPECT_EQ(4096, parse_message.getUDPSize());
    EXPECT_FALSE(parse_message.isDNSSECSupported());
}

215
}