xref: /netbsd-src/external/mpl/bind/dist/tests/dns/acl_test.c (revision bcda20f65a8566e103791ec395f7f499ef322704) 
1 /*	$NetBSD: acl_test.c,v 1.3 2025/01/26 16:25:47 christos Exp $	*/
2 
3 /*
4  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5  *
6  * SPDX-License-Identifier: MPL-2.0
7  *
8  * This Source Code Form is subject to the terms of the Mozilla Public
9  * License, v. 2.0. If a copy of the MPL was not distributed with this
10  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
11  *
12  * See the COPYRIGHT file distributed with this work for additional
13  * information regarding copyright ownership.
14  */
15 
16 #include <inttypes.h>
17 #include <sched.h> /* IWYU pragma: keep */
18 #include <setjmp.h>
19 #include <stdarg.h>
20 #include <stddef.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <unistd.h>
25 
26 #define UNIT_TESTING
27 #include <cmocka.h>
28 
29 #include <isc/string.h>
30 #include <isc/util.h>
31 
32 #include <dns/acl.h>
33 
34 #include <tests/dns.h>
35 
36 #define BUFLEN	    255
37 #define BIGBUFLEN   (70 * 1024)
38 #define TEST_ORIGIN "test"
39 
40 /* test that dns_acl_isinsecure works */
41 ISC_RUN_TEST_IMPL(dns_acl_isinsecure) {
42 	isc_result_t result;
43 	dns_acl_t *any = NULL;
44 	dns_acl_t *none = NULL;
45 	dns_acl_t *notnone = NULL;
46 	dns_acl_t *notany = NULL;
47 #if defined(HAVE_GEOIP2)
48 	dns_acl_t *geoip = NULL;
49 	dns_acl_t *notgeoip = NULL;
50 	dns_aclelement_t *de;
51 #endif /* HAVE_GEOIP2 */
52 
53 	UNUSED(state);
54 
55 	result = dns_acl_any(mctx, &any);
56 	assert_int_equal(result, ISC_R_SUCCESS);
57 
58 	result = dns_acl_none(mctx, &none);
59 	assert_int_equal(result, ISC_R_SUCCESS);
60 
61 	dns_acl_create(mctx, 1, &notnone);
62 
63 	dns_acl_create(mctx, 1, &notany);
64 
65 	result = dns_acl_merge(notnone, none, false);
66 	assert_int_equal(result, ISC_R_SUCCESS);
67 
68 	result = dns_acl_merge(notany, any, false);
69 	assert_int_equal(result, ISC_R_SUCCESS);
70 
71 #if defined(HAVE_GEOIP2)
72 	dns_acl_create(mctx, 1, &geoip);
73 
74 	de = geoip->elements;
75 	assert_non_null(de);
76 	strlcpy(de->geoip_elem.as_string, "AU",
77 		sizeof(de->geoip_elem.as_string));
78 	de->geoip_elem.subtype = dns_geoip_country_code;
79 	de->type = dns_aclelementtype_geoip;
80 	de->negative = false;
81 	assert_true(geoip->length < geoip->alloc);
82 	dns_acl_node_count(geoip)++;
83 	de->node_num = dns_acl_node_count(geoip);
84 	geoip->length++;
85 
86 	dns_acl_create(mctx, 1, &notgeoip);
87 
88 	result = dns_acl_merge(notgeoip, geoip, false);
89 	assert_int_equal(result, ISC_R_SUCCESS);
90 #endif /* HAVE_GEOIP2 */
91 
92 	assert_true(dns_acl_isinsecure(any));	   /* any; */
93 	assert_false(dns_acl_isinsecure(none));	   /* none; */
94 	assert_false(dns_acl_isinsecure(notany));  /* !any; */
95 	assert_false(dns_acl_isinsecure(notnone)); /* !none; */
96 
97 #if defined(HAVE_GEOIP2)
98 	assert_true(dns_acl_isinsecure(geoip));	    /* geoip; */
99 	assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */
100 #endif						    /* HAVE_GEOIP2 */
101 
102 	dns_acl_detach(&any);
103 	dns_acl_detach(&none);
104 	dns_acl_detach(&notany);
105 	dns_acl_detach(&notnone);
106 #if defined(HAVE_GEOIP2)
107 	dns_acl_detach(&geoip);
108 	dns_acl_detach(&notgeoip);
109 #endif /* HAVE_GEOIP2 */
110 }
111 
112 ISC_TEST_LIST_START
113 ISC_TEST_ENTRY(dns_acl_isinsecure)
114 ISC_TEST_LIST_END
115 
116 ISC_TEST_MAIN
117