From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from olivedrab.birch.relay.mailchannels.net (olivedrab.birch.relay.mailchannels.net [23.83.209.135]) by sourceware.org (Postfix) with ESMTPS id 4E9883858288 for ; Thu, 18 Aug 2022 16:36:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4E9883858288 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 2DD666C31EF; Thu, 18 Aug 2022 16:36:52 +0000 (UTC) Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AD4656C2F2C; Thu, 18 Aug 2022 16:36:51 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1660840611; a=rsa-sha256; cv=none; b=EKXO22wBSJgL8FqYTmgQahOP626B25SFoVF0td/6oW+yo/omxoapzf6GUF/EDkRZrnTXg7 KDYxqscQdgSpFSOk+MxzB/d0ZynyfQj+v5kmG0J5pBx2+yBICk4fDowPK3eO9jHFjLpACx 37gAFYim1ZCWg8T31uf6s3CdVEyR81A3lHp1yorA/KegNHS2pHyirRZqLENeKpdzqJmnTi XKE3eqZwnoJ6ehlaVbSazgAhYvUQhVpaTNV/s5AKAoVhqnm9n7vfJodNplKnKdF+Y0vexr sEA1bpPWXzgUAiDD1vl3sI0/Vj+iZK/NCHNq2WFc4C8zlSefc7rnfLvGuPJsVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1660840611; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IUktmZ5X7F9GtPTFZhzq7Dn1ACbnErAQFZDlZv0a6/M=; b=ybTTnNZ27/wsVwNP1O/t2pl0gN1CFauAhuVcv5Nwpr8Si97IH8MBFY6Ue48mDZK/4hoWVK J1rbIo/nr5CkCD7mTN+8iFlPVH0vpg9qmQaOLhvmaPRYFILqrVYn6Fkz3dsKMvzNXmj+YT YJ3p/vJbwvjxGN05lmZh0KoLrINMTxk90rJ1EfD7PW4eI41XZWu1X8yCJ/d2TgSGlpUD2R qYeIVafIrA7RK0DcCS1lHV5GAV/c6wzCMk07CqHYHqjl+DdIb5BIhcFzUFyuSpJF3NinVY 1zuFYCg9y77Bw0uNVhqBkm3GntvNC5kLDlT7xS58x8HuSsnpsOl3h59JMKRMVg== ARC-Authentication-Results: i=1; rspamd-7697cc766f-hcqxd; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Grain-Cold: 31846f4f7c32c2bf_1660840611959_4088579712 X-MC-Loop-Signature: 1660840611959:2861643195 X-MC-Ingress-Time: 1660840611959 Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.108.161.97 (trex/6.7.1); Thu, 18 Aug 2022 16:36:51 +0000 Received: from [192.168.0.182] (bras-vprn-toroon4834w-lp130-16-184-147-84-238.dsl.bell.ca [184.147.84.238]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4M7rBW0Ffmz1d; Thu, 18 Aug 2022 09:36:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1660840611; bh=IUktmZ5X7F9GtPTFZhzq7Dn1ACbnErAQFZDlZv0a6/M=; h=Date:Subject:To:From:Content-Type:Content-Transfer-Encoding; b=waakSGVGi9S2cR0ggTFcjCG7nvh8Gh2VSIVdbcuK3EhrwaNZGSaix4CZ1xpma6VNu Iy8qfjGKcQk8HWX58v0166T57b/tKG8m7+U8uU/oa5e7vZDWWQgLDV4WPft3PXir/K gmRSXVDrq5v+xX5Dte5h2qqAy+5J6cAiUEUtfDcEklrMjSUZYyMJrkMvO4dGCGbVbY z3mBVmvQQWrwgeR7+IxyDfROuZ3Av7TgPtjBuwz58UKCWdgB9/FOvHtGeuHkNJvWYZ 0PeXsEZ9Pf0XD7XnYzfC8AotKVYqxMlmKAnlN/YV5hxi4rBhCdRjANdHMe9I+6baXd GB8l5w+9aovOg== Message-ID: <9dc19001-b490-07f6-e18d-717b08968ec1@gotplt.org> Date: Thu, 18 Aug 2022 12:36:49 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH 02/13] resolv: Add tst-resolv-aliases Content-Language: en-US To: Florian Weimer , libc-alpha@sourceware.org References: <151a8d509088c5189e208b27be7ac51abb4ab456.1660123636.git.fweimer@redhat.com> From: Siddhesh Poyarekar In-Reply-To: <151a8d509088c5189e208b27be7ac51abb4ab456.1660123636.git.fweimer@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3038.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2022 16:37:06 -0000 On 2022-08-10 05:30, Florian Weimer via Libc-alpha wrote: > --- > resolv/Makefile | 2 + > resolv/tst-resolv-aliases.c | 267 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 269 insertions(+) > create mode 100644 resolv/tst-resolv-aliases.c > > diff --git a/resolv/Makefile b/resolv/Makefile > index 98b10d97a0..0038bb7028 100644 > --- a/resolv/Makefile > +++ b/resolv/Makefile > @@ -89,6 +89,7 @@ tests += \ > tst-ns_name_pton \ > tst-res_hconf_reorder \ > tst-res_hnok \ > + tst-resolv-aliases \ > tst-resolv-basic \ > tst-resolv-binary \ > tst-resolv-byaddr \ > @@ -259,6 +260,7 @@ $(objpfx)tst-resolv-ai_idn.out: $(gen-locales) > $(objpfx)tst-resolv-ai_idn-latin1.out: $(gen-locales) > $(objpfx)tst-resolv-ai_idn-nolibidn2.out: \ > $(gen-locales) $(objpfx)tst-no-libidn2.so > +$(objpfx)tst-resolv-aliases: $(objpfx)libresolv.so $(shared-thread-library) > $(objpfx)tst-resolv-basic: $(objpfx)libresolv.so $(shared-thread-library) > $(objpfx)tst-resolv-binary: $(objpfx)libresolv.so $(shared-thread-library) > $(objpfx)tst-resolv-byaddr: $(objpfx)libresolv.so $(shared-thread-library) > diff --git a/resolv/tst-resolv-aliases.c b/resolv/tst-resolv-aliases.c > new file mode 100644 > index 0000000000..7c78ddf337 > --- /dev/null > +++ b/resolv/tst-resolv-aliases.c > @@ -0,0 +1,267 @@ > +/* Test alias handling (mainly for gethostbyname). > + Copyright (C) 2022 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/* Set to true for an alternative pass that inserts (ignored) SIG > + records. This does not alter the response, so this property is not > + encoded in the QNAME. The variable needs to be volatile because > + leaf attributes tell GCC that the response function is not > + called. */ > +static volatile bool insert_sig; > + > +static void > +maybe_insert_sig (struct resolv_response_builder *b, const char *owner) > +{ > + resolv_response_open_record (b, owner, C_IN, T_SIG, 60); > + resolv_response_add_data (b, "", 1); > + resolv_response_close_record (b); > +} Why not consolidate this with the implementation in tst-resolv-byaddr? > + > +/* QNAME format: > + > + aADDRESSES-cCNAMES.example.net > + > + CNAMES is the length of the CNAME chain, ADDRESSES is the number of > + addresses in the response. The special value 255 means that there > + are no addresses, and the RCODE is NXDOMAIN. */ > +static void > +response (const struct resolv_response_context *ctx, > + struct resolv_response_builder *b, > + const char *qname, uint16_t qclass, uint16_t qtype) > +{ > + TEST_COMPARE (qclass, C_IN); > + if (qtype != T_A) > + TEST_COMPARE (qtype, T_AAAA); > + > + unsigned int addresses, cnames; > + char *tail; > + if (sscanf (qname, "a%u-c%u%ms", &addresses, &cnames, &tail) == 3) > + { > + if (strcmp (tail, ".example.com") == 0 > + || strcmp (tail, ".example.net.example.net") == 0 > + || strcmp (tail, ".example.net.example.com") == 0) > + /* These only happen after NXDOMAIN. */ > + TEST_VERIFY (addresses == 255); > + else if (strcmp (tail, ".example.net") != 0) > + FAIL_EXIT1 ("invalid QNAME: %s", qname); > + } > + free (tail); > + > + int rcode; > + if (addresses == 255) > + { > + /* Special case: Use no addresses with NXDOMAIN response. */ > + rcode = ns_r_nxdomain; > + addresses = 0; > + } > + else > + rcode = 0; > + > + struct resolv_response_flags flags = { .rcode = rcode }; > + resolv_response_init (b, flags); > + resolv_response_add_question (b, qname, qclass, qtype); > + resolv_response_section (b, ns_s_an); > + maybe_insert_sig (b, qname); > + > + /* Provide the requested number of CNAME records. */ > + char *previous_name = (char *) qname; > + for (int unique = 0; unique < cnames; ++unique) > + { > + resolv_response_open_record (b, previous_name, qclass, T_CNAME, 60); > + char *new_name = xasprintf ("%d.alias.example", unique); > + resolv_response_add_name (b, new_name); > + resolv_response_close_record (b); > + > + maybe_insert_sig (b, qname); > + > + if (previous_name != qname) > + free (previous_name); > + previous_name = new_name; > + } > + > + for (int unique = 0; unique < addresses; ++unique) > + { > + resolv_response_open_record (b, previous_name, qclass, qtype, 60); > + > + if (qtype == T_A) > + { > + char ipv4[4] = {192, 0, 2, 1 + unique}; > + resolv_response_add_data (b, &ipv4, sizeof (ipv4)); > + } > + else if (qtype == T_AAAA) > + { > + char ipv6[16] = > + { > + 0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, > + 1 + unique > + }; > + resolv_response_add_data (b, &ipv6, sizeof (ipv6)); > + } > + resolv_response_close_record (b); > + } > + > + if (previous_name != qname) > + free (previous_name); > +} > + > +static char * > +make_qname (bool do_search, int cnames, int addresses) > +{ > + return xasprintf ("a%d-c%d%s", > + addresses, cnames, do_search ? "" : ".example.net"); > +} > + > +static void > +check_cnames_failure (int af, bool do_search, int cnames, int addresses) > +{ > + char *qname = make_qname (do_search, cnames, addresses); > + > + struct hostent *e; > + if (af == AF_UNSPEC) > + e = gethostbyname (qname); > + else > + e = gethostbyname2 (qname, af); > + > + if (addresses == 0) > + check_hostent (qname, e, "error: NO_RECOVERY\n"); /* Should be NO_DATA. */ Could the response be rewritten so that the check could be for NO_DATA here? Or have I misunderstood the comment? > + else > + check_hostent (qname, e, "error: HOST_NOT_FOUND\n"); > + > + free (qname); > +} > + > +static void > +check (int af, bool do_search, int cnames, int addresses) > +{ > + char *qname = make_qname (do_search, cnames, addresses); > + char *fqdn = make_qname (false, cnames, addresses); > + > + struct hostent *e; > + if (af == AF_UNSPEC) > + e = gethostbyname (qname); > + else > + e = gethostbyname2 (qname, af); > + if (e == NULL) > + FAIL_EXIT1 ("unexpected failure for %d, %d, %d", af, cnames, addresses); > + > + if (af == AF_UNSPEC || af == AF_INET) > + { > + TEST_COMPARE (e->h_addrtype, AF_INET); > + TEST_COMPARE (e->h_length, 4); > + } > + else > + { > + TEST_COMPARE (e->h_addrtype, AF_INET6); > + TEST_COMPARE (e->h_length, 16); > + } > + > + for (int i = 0; i < addresses; ++i) > + { > + char ipv4[4] = {192, 0, 2, 1 + i}; > + char ipv6[16] = > + { 0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 + i }; > + char *expected = e->h_addrtype == AF_INET ? ipv4 : ipv6; > + TEST_COMPARE_BLOB (e->h_addr_list[i], e->h_length, > + expected, e->h_length); > + } > + TEST_VERIFY (e->h_addr_list[addresses] == NULL); > + > + > + if (cnames == 0) > + { > + /* QNAME is fully qualified. */ > + TEST_COMPARE_STRING (e->h_name, fqdn); > + TEST_VERIFY (e->h_aliases[0] == NULL); > + } > + else > + { > + /* Fully-qualified QNAME is demoted to an aliases. */ > + TEST_COMPARE_STRING (e->h_aliases[0], fqdn); > + > + for (int i = 1; i <= cnames; ++i) > + { > + char *expected = xasprintf ("%d.alias.example", i - 1); > + if (i == cnames) > + TEST_COMPARE_STRING (e->h_name, expected); > + else > + TEST_COMPARE_STRING (e->h_aliases[i], expected); > + free (expected); > + } > + TEST_VERIFY (e->h_aliases[cnames] == NULL); > + } > + > + free (fqdn); > + free (qname); > +} > + > +static int > +do_test (void) > +{ > + struct resolv_test *obj = resolv_test_start > + ((struct resolv_redirect_config) > + { > + .response_callback = response, > + .search = { "example.net", "example.com" }, > + }); > + > + static const int families[] = { AF_UNSPEC, AF_INET, AF_INET6 }; > + > + for (int do_insert_sig = 0; do_insert_sig < 2; ++do_insert_sig) > + { > + insert_sig = do_insert_sig; > + > + /* If do_search is true, a bare host name (for example, a1-c1) > + is used. This exercises search path processing and FQDN > + qualification. */ > + for (int do_search = 0; do_search < 2; ++do_search) > + for (const int *paf = families; paf != array_end (families); ++paf) > + { > + for (int cnames = 0; cnames <= 100; ++cnames) > + { > + check_cnames_failure (*paf, do_search, cnames, 0); > + /* Now with NXDOMAIN responses. */ > + check_cnames_failure (*paf, do_search, cnames, 255); > + } > + > + for (int cnames = 0; cnames <= 10; ++cnames) > + for (int addresses = 1; addresses <= 10; ++addresses) > + check (*paf, do_search, cnames, addresses); > + > + /* The current implementation is limited to 47 aliases. > + Addresses do not have such a limit. */ > + check (*paf, do_search, 47, 60); > + } > + } > + > + resolv_test_end (obj); > + > + return 0; > +} > + > +#include