1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2013 The FreeBSD Foundation 5 * All rights reserved. 6 * 7 * This software was developed by Pawel Jakub Dawidek under sponsorship from 8 * the FreeBSD Foundation. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <sys/capsicum.h> 36 #include <sys/nv.h> 37 38 #include <arpa/inet.h> 39 #include <netinet/in.h> 40 41 #include <assert.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <netdb.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <unistd.h> 49 50 #include <libcasper.h> 51 #include <casper/cap_dns.h> 52 53 #include <atf-c.h> 54 55 #define GETHOSTBYNAME 0x01 56 #define GETHOSTBYNAME2_AF_INET 0x02 57 #define GETHOSTBYNAME2_AF_INET6 0x04 58 #define GETHOSTBYADDR_AF_INET 0x08 59 #define GETHOSTBYADDR_AF_INET6 0x10 60 #define GETADDRINFO_AF_UNSPEC 0x20 61 #define GETADDRINFO_AF_INET 0x40 62 #define GETADDRINFO_AF_INET6 0x80 63 64 static bool 65 addrinfo_compare(struct addrinfo *ai0, struct addrinfo *ai1) 66 { 67 struct addrinfo *at0, *at1; 68 69 if (ai0 == NULL && ai1 == NULL) 70 return (true); 71 if (ai0 == NULL || ai1 == NULL) 72 return (false); 73 74 at0 = ai0; 75 at1 = ai1; 76 while (true) { 77 if ((at0->ai_flags == at1->ai_flags) && 78 (at0->ai_family == at1->ai_family) && 79 (at0->ai_socktype == at1->ai_socktype) && 80 (at0->ai_protocol == at1->ai_protocol) && 81 (at0->ai_addrlen == at1->ai_addrlen) && 82 (memcmp(at0->ai_addr, at1->ai_addr, 83 at0->ai_addrlen) == 0)) { 84 if (at0->ai_canonname != NULL && 85 at1->ai_canonname != NULL) { 86 if (strcmp(at0->ai_canonname, 87 at1->ai_canonname) != 0) { 88 return (false); 89 } 90 } 91 92 if (at0->ai_canonname == NULL && 93 at1->ai_canonname != NULL) { 94 return (false); 95 } 96 if (at0->ai_canonname != NULL && 97 at1->ai_canonname == NULL) { 98 return (false); 99 } 100 101 if (at0->ai_next == NULL && at1->ai_next == NULL) 102 return (true); 103 if (at0->ai_next == NULL || at1->ai_next == NULL) 104 return (false); 105 106 at0 = at0->ai_next; 107 at1 = at1->ai_next; 108 } else { 109 return (false); 110 } 111 } 112 113 /* NOTREACHED */ 114 fprintf(stderr, "Dead code reached in addrinfo_compare()\n"); 115 exit(1); 116 } 117 118 static bool 119 hostent_aliases_compare(char **aliases0, char **aliases1) 120 { 121 int i0, i1; 122 123 if (aliases0 == NULL && aliases1 == NULL) 124 return (true); 125 if (aliases0 == NULL || aliases1 == NULL) 126 return (false); 127 128 for (i0 = 0; aliases0[i0] != NULL; i0++) { 129 for (i1 = 0; aliases1[i1] != NULL; i1++) { 130 if (strcmp(aliases0[i0], aliases1[i1]) == 0) 131 break; 132 } 133 if (aliases1[i1] == NULL) 134 return (false); 135 } 136 137 return (true); 138 } 139 140 static bool 141 hostent_addr_list_compare(char **addr_list0, char **addr_list1, int length) 142 { 143 int i0, i1; 144 145 if (addr_list0 == NULL && addr_list1 == NULL) 146 return (true); 147 if (addr_list0 == NULL || addr_list1 == NULL) 148 return (false); 149 150 for (i0 = 0; addr_list0[i0] != NULL; i0++) { 151 for (i1 = 0; addr_list1[i1] != NULL; i1++) { 152 if (memcmp(addr_list0[i0], addr_list1[i1], length) == 0) 153 break; 154 } 155 if (addr_list1[i1] == NULL) 156 return (false); 157 } 158 159 return (true); 160 } 161 162 static bool 163 hostent_compare(const struct hostent *hp0, const struct hostent *hp1) 164 { 165 166 if (hp0 == NULL && hp1 != NULL) 167 return (true); 168 169 if (hp0 == NULL || hp1 == NULL) 170 return (false); 171 172 if (hp0->h_name != NULL || hp1->h_name != NULL) { 173 if (hp0->h_name == NULL || hp1->h_name == NULL) 174 return (false); 175 if (strcmp(hp0->h_name, hp1->h_name) != 0) 176 return (false); 177 } 178 179 if (!hostent_aliases_compare(hp0->h_aliases, hp1->h_aliases)) 180 return (false); 181 if (!hostent_aliases_compare(hp1->h_aliases, hp0->h_aliases)) 182 return (false); 183 184 if (hp0->h_addrtype != hp1->h_addrtype) 185 return (false); 186 187 if (hp0->h_length != hp1->h_length) 188 return (false); 189 190 if (!hostent_addr_list_compare(hp0->h_addr_list, hp1->h_addr_list, 191 hp0->h_length)) { 192 return (false); 193 } 194 if (!hostent_addr_list_compare(hp1->h_addr_list, hp0->h_addr_list, 195 hp0->h_length)) { 196 return (false); 197 } 198 199 return (true); 200 } 201 202 static void 203 runtest(cap_channel_t *capdns, unsigned int expected) 204 { 205 unsigned int result, failure; 206 struct addrinfo *ais, *aic, hints, *hintsp; 207 struct hostent *hps, *hpc; 208 struct in_addr ip4; 209 struct in6_addr ip6; 210 int caperr, syserr; 211 212 failure = result = 0; 213 214 hps = gethostbyname("example.com"); 215 if (hps == NULL) { 216 failure |= GETHOSTBYNAME; 217 fprintf(stderr, "Unable to resolve %s IPv4.\n", "example.com"); 218 } else { 219 hpc = cap_gethostbyname(capdns, "example.com"); 220 if (hostent_compare(hps, hpc)) 221 result |= GETHOSTBYNAME; 222 } 223 224 hps = gethostbyname2("example.com", AF_INET); 225 if (hps == NULL) { 226 failure |= GETHOSTBYNAME2_AF_INET; 227 fprintf(stderr, "Unable to resolve %s IPv4.\n", "example.com"); 228 } else { 229 hpc = cap_gethostbyname2(capdns, "example.com", AF_INET); 230 if (hostent_compare(hps, hpc)) 231 result |= GETHOSTBYNAME2_AF_INET; 232 } 233 234 hps = gethostbyname2("example.com", AF_INET6); 235 if (hps == NULL) { 236 failure |= GETHOSTBYNAME2_AF_INET6; 237 fprintf(stderr, "Unable to resolve %s IPv6.\n", "example.com"); 238 } else { 239 hpc = cap_gethostbyname2(capdns, "example.com", AF_INET6); 240 if (hostent_compare(hps, hpc)) 241 result |= GETHOSTBYNAME2_AF_INET6; 242 } 243 244 hints.ai_flags = 0; 245 hints.ai_family = AF_UNSPEC; 246 hints.ai_socktype = 0; 247 hints.ai_protocol = 0; 248 hints.ai_addrlen = 0; 249 hints.ai_addr = NULL; 250 hints.ai_canonname = NULL; 251 hints.ai_next = NULL; 252 253 hintsp = &hints; 254 255 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais); 256 if (syserr != 0) { 257 failure |= GETADDRINFO_AF_UNSPEC; 258 fprintf(stderr, 259 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n", 260 gai_strerror(syserr)); 261 } else { 262 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, 263 &aic); 264 if (caperr == 0) { 265 if (addrinfo_compare(ais, aic)) 266 result |= GETADDRINFO_AF_UNSPEC; 267 freeaddrinfo(ais); 268 freeaddrinfo(aic); 269 } 270 } 271 272 hints.ai_family = AF_INET; 273 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais); 274 if (syserr != 0) { 275 failure |= GETADDRINFO_AF_INET; 276 fprintf(stderr, 277 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n", 278 gai_strerror(syserr)); 279 } else { 280 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, 281 &aic); 282 if (caperr == 0) { 283 if (addrinfo_compare(ais, aic)) 284 result |= GETADDRINFO_AF_INET; 285 freeaddrinfo(ais); 286 freeaddrinfo(aic); 287 } 288 } 289 290 hints.ai_family = AF_INET6; 291 syserr = getaddrinfo("freebsd.org", "25", hintsp, &ais); 292 if (syserr != 0) { 293 failure |= GETADDRINFO_AF_INET6; 294 fprintf(stderr, 295 "Unable to issue [system] getaddrinfo() for AF_UNSPEC: %s\n", 296 gai_strerror(syserr)); 297 } else { 298 caperr = cap_getaddrinfo(capdns, "freebsd.org", "25", hintsp, 299 &aic); 300 if (caperr == 0) { 301 if (addrinfo_compare(ais, aic)) 302 result |= GETADDRINFO_AF_INET6; 303 freeaddrinfo(ais); 304 freeaddrinfo(aic); 305 } 306 } 307 308 /* XXX: hardcoded addresses for "google-public-dns-a.google.com". */ 309 #define GOOGLE_DNS_IPV4 "8.8.8.8" 310 #define GOOGLE_DNS_IPV6 "2001:4860:4860::8888" 311 312 inet_pton(AF_INET, GOOGLE_DNS_IPV4, &ip4); 313 hps = gethostbyaddr(&ip4, sizeof(ip4), AF_INET); 314 if (hps == NULL) { 315 failure |= GETHOSTBYADDR_AF_INET; 316 fprintf(stderr, "Unable to resolve %s.\n", GOOGLE_DNS_IPV4); 317 } else { 318 hpc = cap_gethostbyaddr(capdns, &ip4, sizeof(ip4), AF_INET); 319 if (hostent_compare(hps, hpc)) 320 result |= GETHOSTBYADDR_AF_INET; 321 } 322 323 inet_pton(AF_INET6, GOOGLE_DNS_IPV6, &ip6); 324 hps = gethostbyaddr(&ip6, sizeof(ip6), AF_INET6); 325 if (hps == NULL) { 326 failure |= GETHOSTBYADDR_AF_INET6; 327 fprintf(stderr, "Unable to resolve %s.\n", GOOGLE_DNS_IPV6); 328 } else { 329 hpc = cap_gethostbyaddr(capdns, &ip6, sizeof(ip6), AF_INET6); 330 if (hostent_compare(hps, hpc)) { 331 caperr = h_errno; 332 result |= GETHOSTBYADDR_AF_INET6; 333 } 334 } 335 336 /* 337 * If we had any failures, make sure that all lookups failed. If some 338 * succeeded and some failed, there's a problem with the test or the DNS 339 * and we should not fail silently. 340 */ 341 if (failure != 0) { 342 ATF_REQUIRE_MSG(failure == (GETHOSTBYNAME | 343 GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | 344 GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET | 345 GETADDRINFO_AF_INET6 | 346 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6), 347 "expected all tests to fail, got 0x%x", failure); 348 atf_tc_skip( 349 "no name lookups succeeded, tests require Internet access"); 350 } 351 ATF_REQUIRE_MSG(result == expected, 352 "expected 0x%x, got 0x%x", expected, result); 353 } 354 355 static cap_channel_t * 356 cap_dns_init(void) 357 { 358 cap_channel_t *capcas, *capdns; 359 360 capcas = cap_init(); 361 ATF_REQUIRE(capcas != NULL); 362 363 capdns = cap_service_open(capcas, "system.dns"); 364 ATF_REQUIRE(capdns != NULL); 365 366 cap_close(capcas); 367 368 return (capdns); 369 } 370 371 ATF_TC(dns_no_limits); 372 ATF_TC_HEAD(dns_no_limits, tc) 373 { 374 } 375 ATF_TC_BODY(dns_no_limits, tc) 376 { 377 cap_channel_t *capdns; 378 379 capdns = cap_dns_init(); 380 381 runtest(capdns, 382 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | 383 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 | 384 GETADDRINFO_AF_UNSPEC | GETADDRINFO_AF_INET | 385 GETADDRINFO_AF_INET6)); 386 387 cap_close(capdns); 388 } 389 390 ATF_TC(dns_all_limits); 391 ATF_TC_HEAD(dns_all_limits, tc) 392 { 393 } 394 ATF_TC_BODY(dns_all_limits, tc) 395 { 396 cap_channel_t *capdns; 397 const char *types[2]; 398 int families[2]; 399 400 capdns = cap_dns_init(); 401 402 types[0] = "NAME2ADDR"; 403 types[1] = "ADDR2NAME"; 404 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 405 families[0] = AF_INET; 406 families[1] = AF_INET6; 407 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 408 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 409 cap_dns_family_limit(capdns, NULL, 0) == -1); 410 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 411 cap_dns_type_limit(capdns, NULL, 0) == -1); 412 413 runtest(capdns, 414 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | 415 GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6 | 416 GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6)); 417 418 cap_close(capdns); 419 } 420 421 ATF_TC(dns_name_limit); 422 ATF_TC_HEAD(dns_name_limit, tc) 423 { 424 } 425 ATF_TC_BODY(dns_name_limit, tc) 426 { 427 cap_channel_t *capdns; 428 const char *types[2]; 429 int families[2]; 430 431 capdns = cap_dns_init(); 432 433 types[0] = "NAME2ADDR"; 434 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 435 types[1] = "ADDR2NAME"; 436 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 437 cap_dns_type_limit(capdns, types, 2) == -1); 438 types[0] = "ADDR2NAME"; 439 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 440 cap_dns_type_limit(capdns, types, 1) == -1); 441 families[0] = AF_INET; 442 families[1] = AF_INET6; 443 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 444 445 runtest(capdns, 446 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYNAME2_AF_INET6 | 447 GETADDRINFO_AF_INET | GETADDRINFO_AF_INET6)); 448 449 cap_close(capdns); 450 } 451 452 ATF_TC(dns_addr_limit); 453 ATF_TC_HEAD(dns_addr_limit, tc) 454 { 455 } 456 ATF_TC_BODY(dns_addr_limit, tc) 457 { 458 cap_channel_t *capdns; 459 const char *types[2]; 460 int families[2]; 461 462 capdns = cap_dns_init(); 463 464 types[0] = "ADDR2NAME"; 465 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 466 types[1] = "NAME2ADDR"; 467 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 468 cap_dns_type_limit(capdns, types, 2) == -1); 469 types[0] = "NAME2ADDR"; 470 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 471 cap_dns_type_limit(capdns, types, 1) == -1); 472 families[0] = AF_INET; 473 families[1] = AF_INET6; 474 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 475 476 runtest(capdns, 477 (GETHOSTBYADDR_AF_INET | GETHOSTBYADDR_AF_INET6)); 478 479 cap_close(capdns); 480 } 481 482 ATF_TC(dns_inet_limit); 483 ATF_TC_HEAD(dns_inet_limit, tc) 484 { 485 } 486 ATF_TC_BODY(dns_inet_limit, tc) 487 { 488 cap_channel_t *capdns; 489 const char *types[2]; 490 int families[2]; 491 492 capdns = cap_dns_init(); 493 494 types[0] = "NAME2ADDR"; 495 types[1] = "ADDR2NAME"; 496 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 497 families[0] = AF_INET; 498 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 499 families[1] = AF_INET6; 500 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 501 cap_dns_family_limit(capdns, families, 2) == -1); 502 families[0] = AF_INET6; 503 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 504 cap_dns_family_limit(capdns, families, 1) == -1); 505 506 runtest(capdns, 507 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETHOSTBYADDR_AF_INET | 508 GETADDRINFO_AF_INET)); 509 510 cap_close(capdns); 511 } 512 513 ATF_TC(dns_inet6_limit); 514 ATF_TC_HEAD(dns_inet6_limit, tc) 515 { 516 } 517 ATF_TC_BODY(dns_inet6_limit, tc) 518 { 519 cap_channel_t *capdns; 520 const char *types[2]; 521 int families[2]; 522 523 capdns = cap_dns_init(); 524 525 types[0] = "NAME2ADDR"; 526 types[1] = "ADDR2NAME"; 527 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 528 families[0] = AF_INET6; 529 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 530 families[1] = AF_INET; 531 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 532 cap_dns_family_limit(capdns, families, 2) == -1); 533 families[0] = AF_INET; 534 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 535 cap_dns_family_limit(capdns, families, 1) == -1); 536 537 runtest(capdns, 538 (GETHOSTBYNAME2_AF_INET6 | GETHOSTBYADDR_AF_INET6 | 539 GETADDRINFO_AF_INET6)); 540 541 cap_close(capdns); 542 } 543 544 ATF_TC(dns_name_inet_limit); 545 ATF_TC_HEAD(dns_name_inet_limit, tc) 546 { 547 } 548 ATF_TC_BODY(dns_name_inet_limit, tc) 549 { 550 cap_channel_t *capdns; 551 const char *types[2]; 552 int families[2]; 553 554 capdns = cap_dns_init(); 555 556 types[0] = "NAME2ADDR"; 557 types[1] = "ADDR2NAME"; 558 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 559 families[0] = AF_INET; 560 families[1] = AF_INET6; 561 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 562 types[0] = "NAME2ADDR"; 563 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 564 types[1] = "ADDR2NAME"; 565 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 566 cap_dns_type_limit(capdns, types, 2) == -1); 567 types[0] = "ADDR2NAME"; 568 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 569 cap_dns_type_limit(capdns, types, 1) == -1); 570 families[0] = AF_INET; 571 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 572 families[1] = AF_INET6; 573 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 574 cap_dns_family_limit(capdns, families, 2) == -1); 575 families[0] = AF_INET6; 576 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 577 cap_dns_family_limit(capdns, families, 1) == -1); 578 579 runtest(capdns, 580 (GETHOSTBYNAME | GETHOSTBYNAME2_AF_INET | GETADDRINFO_AF_INET)); 581 582 cap_close(capdns); 583 } 584 585 ATF_TC(dns_name_inet6_limit); 586 ATF_TC_HEAD(dns_name_inet6_limit, tc) 587 { 588 } 589 ATF_TC_BODY(dns_name_inet6_limit, tc) 590 { 591 cap_channel_t *capdns; 592 const char *types[2]; 593 int families[2]; 594 595 capdns = cap_dns_init(); 596 597 types[0] = "NAME2ADDR"; 598 types[1] = "ADDR2NAME"; 599 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 600 families[0] = AF_INET6; 601 families[1] = AF_INET; 602 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 603 types[0] = "NAME2ADDR"; 604 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 605 types[1] = "ADDR2NAME"; 606 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 607 cap_dns_type_limit(capdns, types, 2) == -1); 608 types[0] = "ADDR2NAME"; 609 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 610 cap_dns_type_limit(capdns, types, 1) == -1); 611 families[0] = AF_INET6; 612 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 613 families[1] = AF_INET; 614 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 615 cap_dns_family_limit(capdns, families, 2) == -1); 616 families[0] = AF_INET; 617 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 618 cap_dns_family_limit(capdns, families, 1) == -1); 619 620 runtest(capdns, 621 (GETHOSTBYNAME2_AF_INET6 | GETADDRINFO_AF_INET6)); 622 623 cap_close(capdns); 624 } 625 626 ATF_TC(dns_addr_inet_limit); 627 ATF_TC_HEAD(dns_addr_inet_limit, tc) 628 { 629 } 630 ATF_TC_BODY(dns_addr_inet_limit, tc) 631 { 632 cap_channel_t *capdns; 633 const char *types[2]; 634 int families[2]; 635 636 capdns = cap_dns_init(); 637 638 types[0] = "NAME2ADDR"; 639 types[1] = "ADDR2NAME"; 640 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 641 families[0] = AF_INET; 642 families[1] = AF_INET6; 643 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 644 types[0] = "ADDR2NAME"; 645 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 646 types[1] = "NAME2ADDR"; 647 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 648 cap_dns_type_limit(capdns, types, 2) == -1); 649 types[0] = "NAME2ADDR"; 650 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 651 cap_dns_type_limit(capdns, types, 1) == -1); 652 families[0] = AF_INET; 653 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 654 families[1] = AF_INET6; 655 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 656 cap_dns_family_limit(capdns, families, 2) == -1); 657 families[0] = AF_INET6; 658 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 659 cap_dns_family_limit(capdns, families, 1) == -1); 660 661 runtest(capdns, GETHOSTBYADDR_AF_INET); 662 663 cap_close(capdns); 664 } 665 666 ATF_TC(dns_addr_inet6_limit); 667 ATF_TC_HEAD(dns_addr_inet6_limit, tc) 668 { 669 } 670 ATF_TC_BODY(dns_addr_inet6_limit, tc) 671 { 672 cap_channel_t *capdns; 673 const char *types[2]; 674 int families[2]; 675 676 capdns = cap_dns_init(); 677 678 types[0] = "NAME2ADDR"; 679 types[1] = "ADDR2NAME"; 680 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 2) == 0); 681 families[0] = AF_INET6; 682 families[1] = AF_INET; 683 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 2) == 0); 684 types[0] = "ADDR2NAME"; 685 ATF_REQUIRE(cap_dns_type_limit(capdns, types, 1) == 0); 686 types[1] = "NAME2ADDR"; 687 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 688 cap_dns_type_limit(capdns, types, 2) == -1); 689 types[0] = "NAME2ADDR"; 690 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 691 cap_dns_type_limit(capdns, types, 1) == -1); 692 families[0] = AF_INET6; 693 ATF_REQUIRE(cap_dns_family_limit(capdns, families, 1) == 0); 694 families[1] = AF_INET; 695 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 696 cap_dns_family_limit(capdns, families, 2) == -1); 697 families[0] = AF_INET; 698 ATF_REQUIRE_ERRNO(ENOTCAPABLE, 699 cap_dns_family_limit(capdns, families, 1) == -1); 700 701 runtest(capdns, GETHOSTBYADDR_AF_INET6); 702 703 cap_close(capdns); 704 } 705 706 ATF_TP_ADD_TCS(tp) 707 { 708 ATF_TP_ADD_TC(tp, dns_no_limits); 709 ATF_TP_ADD_TC(tp, dns_all_limits); 710 ATF_TP_ADD_TC(tp, dns_name_limit); 711 ATF_TP_ADD_TC(tp, dns_addr_limit); 712 ATF_TP_ADD_TC(tp, dns_inet_limit); 713 ATF_TP_ADD_TC(tp, dns_inet6_limit); 714 ATF_TP_ADD_TC(tp, dns_name_inet_limit); 715 ATF_TP_ADD_TC(tp, dns_name_inet6_limit); 716 ATF_TP_ADD_TC(tp, dns_addr_inet_limit); 717 ATF_TP_ADD_TC(tp, dns_addr_inet6_limit); 718 719 return atf_no_error(); 720 } 721