xref: /netbsd-src/external/bsd/ntp/dist/tests/ntpd/ntp_restrict.c (revision cdfa2a7ef92791ba9db70a584a1d904730e6fb46) 
1 /*	$NetBSD: ntp_restrict.c,v 1.3 2020/05/25 20:47:36 christos Exp $	*/
2 
3 #include "config.h"
4 
5 #include "ntpd.h"
6 #include "ntp_lists.h"
7 
8 #include "unity.h"
9 
10 extern void setUp(void);
11 extern void tearDown(void);
12 
13 /* Helper functions */
14 
15 static sockaddr_u
create_sockaddr_u(short sin_family,unsigned short sin_port,char * ip_addr)16 create_sockaddr_u(short sin_family, unsigned short sin_port, char* ip_addr)
17 {
18 	sockaddr_u sockaddr;
19 
20 	sockaddr.sa4.sin_family = AF_INET;
21 	sockaddr.sa4.sin_port = htons(sin_port);
22 	memset(sockaddr.sa4.sin_zero, 0, 8);
23 	sockaddr.sa4.sin_addr.s_addr = inet_addr(ip_addr);
24 
25 	return sockaddr;
26 }
27 
28 
setUp(void)29 void setUp(void)
30 {
31 	init_restrict();
32 }
33 
34 
tearDown(void)35 void tearDown(void)
36 {
37 	restrict_u *empty_restrict = malloc(sizeof(restrict_u));
38 	memset(empty_restrict, 0, sizeof(restrict_u));
39 
40 	restrict_u *current;
41 
42 	do {
43 		UNLINK_HEAD_SLIST(current, restrictlist4, link);
44 		if (current != NULL)
45 		{
46 			*current = *empty_restrict;
47 		}
48 	} while (current != NULL);
49 
50 	do {
51 		UNLINK_HEAD_SLIST(current, restrictlist6, link);
52 		if (current != NULL)
53 		{
54 			*current = *empty_restrict;
55 		}
56 	} while (current != NULL);
57 
58 	free(empty_restrict);
59 }
60 
61 
62 /* Tests */
63 
64 
65 extern void test_RestrictionsAreEmptyAfterInit(void);
test_RestrictionsAreEmptyAfterInit(void)66 void test_RestrictionsAreEmptyAfterInit(void)
67 {
68 
69 	restrict_u *rl4 = malloc(sizeof(restrict_u));
70 	restrict_u *rl6 = malloc(sizeof(restrict_u));
71 
72 	memset(rl4, 0, sizeof(restrict_u));
73 	memset(rl6, 0, sizeof(restrict_u));
74 
75 	TEST_ASSERT_EQUAL(rl4->count, restrictlist4->count);
76 	TEST_ASSERT_EQUAL(rl4->rflags, restrictlist4->rflags);
77 	TEST_ASSERT_EQUAL(rl4->mflags, restrictlist4->mflags);
78 	TEST_ASSERT_EQUAL(rl4->expire, restrictlist4->expire);
79 	TEST_ASSERT_EQUAL(rl4->u.v4.addr, restrictlist4->u.v4.addr);
80 	TEST_ASSERT_EQUAL(rl4->u.v4.mask, restrictlist4->u.v4.mask);
81 
82 	TEST_ASSERT_EQUAL(rl6->count, restrictlist6->count);
83 	TEST_ASSERT_EQUAL(rl6->rflags, restrictlist6->rflags);
84 	TEST_ASSERT_EQUAL(rl6->mflags, restrictlist6->mflags);
85 	TEST_ASSERT_EQUAL(rl6->expire, restrictlist6->expire);
86 
87 	free(rl4);
88 	free(rl6);
89 }
90 
91 
92 extern void test_ReturnsCorrectDefaultRestrictions(void);
test_ReturnsCorrectDefaultRestrictions(void)93 void test_ReturnsCorrectDefaultRestrictions(void)
94 {
95 	sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
96 		54321, "63.161.169.137");
97 	r4addr	r4a;
98 
99 	restrictions(&sockaddr, &r4a);
100 
101 	TEST_ASSERT_EQUAL(0, r4a.rflags);
102 }
103 
104 
105 extern void test_HackingDefaultRestriction(void);
test_HackingDefaultRestriction(void)106 void test_HackingDefaultRestriction(void)
107 {
108 	/*
109 	*	We change the flag of the default restriction,
110 	*	and check if restriction() returns that flag
111 	*/
112 
113 	const u_short rflags = 42;
114 	r4addr r4a;
115 
116 	sockaddr_u resaddr = create_sockaddr_u(AF_INET,
117 		54321, "0.0.0.0");
118 	sockaddr_u resmask = create_sockaddr_u(AF_INET,
119 		54321, "0.0.0.0");
120 
121 	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
122 
123 	sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
124 		54321, "111.123.251.124");
125 
126 	restrictions(&sockaddr, &r4a);
127 	TEST_ASSERT_EQUAL(rflags, r4a.rflags);
128 }
129 
130 
131 extern void test_CantRemoveDefaultEntry(void);
test_CantRemoveDefaultEntry(void)132 void test_CantRemoveDefaultEntry(void)
133 {
134 	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
135 	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
136 	r4addr r4a;
137 
138 	hack_restrict(RESTRICT_REMOVE, &resaddr, &resmask, -1, 0, 0, 0);
139 
140 	restrictions(&resaddr, &r4a);
141 	TEST_ASSERT_EQUAL(0, r4a.rflags);
142 }
143 
144 
145 extern void test_AddingNewRestriction(void);
test_AddingNewRestriction(void)146 void test_AddingNewRestriction(void)
147 {
148 	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
149 	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "128.0.0.0");
150 	r4addr r4a;
151 
152 	const u_short rflags = 42;
153 
154 	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, rflags, 0);
155 
156 	restrictions(&resaddr, &r4a);
157 	TEST_ASSERT_EQUAL(rflags, r4a.rflags);
158 }
159 
160 
161 extern void test_TheMostFittingRestrictionIsMatched(void);
test_TheMostFittingRestrictionIsMatched(void)162 void test_TheMostFittingRestrictionIsMatched(void)
163 {
164 	sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
165 
166 	sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
167 	sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
168 
169 	sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
170 	sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
171 
172 	/* it also matches, but we prefer the one above, as it's more specific */
173 	sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
174 	sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0");
175 	r4addr r4a;
176 
177 	hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0);
178 	hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
179 	hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0);
180 
181 	restrictions(&resaddr_target, &r4a);
182 	TEST_ASSERT_EQUAL(22, r4a.rflags);
183 }
184 
185 
186 extern void test_DeletedRestrictionIsNotMatched(void);
test_DeletedRestrictionIsNotMatched(void)187 void test_DeletedRestrictionIsNotMatched(void)
188 {
189 	sockaddr_u resaddr_target = create_sockaddr_u(AF_INET, 54321, "11.22.33.44");
190 
191 	sockaddr_u resaddr_not_matching = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
192 	sockaddr_u resmask_not_matching = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
193 
194 	sockaddr_u resaddr_best_match = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
195 	sockaddr_u resmask_best_match = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
196 
197 	sockaddr_u resaddr_second_match = create_sockaddr_u(AF_INET, 54321, "11.99.33.44");
198 	sockaddr_u resmask_second_match = create_sockaddr_u(AF_INET, 54321, "255.0.0.0");
199 	r4addr r4a;
200 
201 	hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, -1, 0, 11, 0);
202 	hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
203 	hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, -1, 0, 128, 0);
204 
205 	/* deleting the best match*/
206 	hack_restrict(RESTRICT_REMOVE, &resaddr_best_match, &resmask_best_match, -1, 0, 22, 0);
207 
208 	restrictions(&resaddr_target, &r4a);
209 	TEST_ASSERT_EQUAL(128, r4a.rflags);
210 }
211 
212 
213 extern void test_RestrictUnflagWorks(void);
test_RestrictUnflagWorks(void)214 void test_RestrictUnflagWorks(void)
215 {
216 	sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "11.22.30.20");
217 	sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "255.255.0.0");
218 	r4addr r4a;
219 
220 	hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, -1, 0, 11, 0);
221 
222 	hack_restrict(RESTRICT_UNFLAG, &resaddr, &resmask, -1, 0, 10, 0);
223 
224 	restrictions(&resaddr, &r4a);
225 	TEST_ASSERT_EQUAL(1, r4a.rflags);
226 }
227