blob: 6b375d0e2c4de277eb7a76accefa158b1a0de44c [file] [log] [blame]
#!/usr/bin/perl
# (C) Sergey Kandaurov
# (C) Nginx, Inc.
# Tests for mail resolver.
###############################################################################
use warnings;
use strict;
use Test::More;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
use Test::Nginx;
use Test::Nginx::SMTP;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
eval { require IO::Socket::SSL; };
plan(skip_all => 'IO::Socket::SSL not installed') if $@;
eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
plan(skip_all => 'IO::Socket::SSL too old') if $@;
local $SIG{PIPE} = 'IGNORE';
my $t = Test::Nginx->new()->has(qw/mail mail_ssl smtp http rewrite/)
->has_daemon('openssl')->plan(11)
->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
daemon off;
events {
}
mail {
auth_http http://127.0.0.1:8080/mail/auth;
smtp_auth none;
server_name locahost;
proxy_timeout 15s;
# prevent useless resend
resolver_timeout 2s;
server {
listen 127.0.0.1:8025;
protocol smtp;
resolver 127.0.0.1:%%PORT_8981_UDP%%
127.0.0.1:%%PORT_8982_UDP%%
127.0.0.1:%%PORT_8983_UDP%%;
}
server {
listen 127.0.0.1:8027;
protocol smtp;
resolver 127.0.0.1:%%PORT_8982_UDP%%;
}
server {
listen 127.0.0.1:8028;
protocol smtp;
resolver 127.0.0.1:%%PORT_8983_UDP%%;
resolver_timeout 1s;
}
server {
listen 127.0.0.1:8029;
protocol smtp;
resolver 127.0.0.1:%%PORT_8984_UDP%%;
}
server {
listen 127.0.0.1:8030;
protocol smtp;
resolver 127.0.0.1:%%PORT_8985_UDP%%;
}
server {
listen 127.0.0.1:8031;
protocol smtp;
resolver 127.0.0.1:%%PORT_8986_UDP%%;
resolver_timeout 1s;
}
server {
listen 127.0.0.1:8032;
protocol smtp;
resolver 127.0.0.1:%%PORT_8987_UDP%%;
}
server {
ssl_certificate_key localhost.key;
ssl_certificate localhost.crt;
listen 127.0.0.1:8033 ssl;
protocol smtp;
resolver 127.0.0.1:%%PORT_8983_UDP%%;
}
}
http {
%%TEST_GLOBALS_HTTP%%
server {
listen 127.0.0.1:8080;
server_name localhost;
location = /mail/auth {
set $reply $http_client_host;
if ($http_client_host !~ UNAVAIL) {
set $reply OK;
}
add_header Auth-Status $reply;
add_header Auth-Server 127.0.0.1;
add_header Auth-Port %%PORT_8026%%;
return 204;
}
}
}
EOF
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
EOF
my $d = $t->testdir();
foreach my $name ('localhost') {
system('openssl req -x509 -new '
. "-config $d/openssl.conf -subj /CN=$name/ "
. "-out $d/$name.crt -keyout $d/$name.key "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for $name: $!\n";
}
$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon);
$t->run_daemon(\&dns_daemon, port($_), $t) foreach (8981 .. 8987);
$t->run();
$t->waitforsocket('127.0.0.1:' . port(8026));
$t->waitforfile($t->testdir . '/' . port($_)) foreach (8981 .. 8987);
###############################################################################
# PTR
my $s = Test::Nginx::SMTP->new();
my $s2 = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->ok('PTR');
$s->send('QUIT');
$s->read();
$s2->read();
$s2->send('EHLO example.com');
$s2->ok('PTR waiting');
# Cached PTR prevents from querying bad ns on port 8983
$s = Test::Nginx::SMTP->new();
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->ok('PTR cached');
$s->send('QUIT');
$s->read();
# SERVFAIL
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8027));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->check(qr/TEMPUNAVAIL/, 'PTR SERVFAIL');
$s->send('QUIT');
$s->read();
# PTR with zero length RDATA
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8028));
$s2 = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8028));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->check(qr/TEMPUNAVAIL/, 'PTR empty');
$s->send('QUIT');
$s->read();
# resolver timeout is set
$s2->read();
$s2->send('EHLO example.com');
$s2->ok('PTR empty waiting');
# CNAME
TODO: {
local $TODO = 'support for CNAME RR';
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8029));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->ok('CNAME');
$s->send('QUIT');
$s->read();
}
# uncompressed answer
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8030));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->ok('uncompressed PTR');
$s->send('QUIT');
$s->read();
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8031));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->check(qr/TEMPUNAVAIL/, 'PTR type');
$s->send('QUIT');
$s->read();
# CNAME and PTR in one answer section
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8032));
$s->read();
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->ok('CNAME with PTR');
$s->send('QUIT');
$s->read();
# before 1.17.3, read event while in resolving resulted in duplicate resolving
TODO: {
todo_skip 'leaves coredump', 1 unless $ENV{TEST_NGINX_UNSAFE}
or $t->has_version('1.17.3');
my %ssl = (
SSL => 1,
SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
SSL_error_trap => sub { die $_[1] },
);
$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8033), %ssl);
$s->send('EHLO example.com');
$s->read();
$s->send('MAIL FROM:<test@example.com> SIZE=100');
$s->read();
$s->read();
$s->send('RCPT TO:<test@example.com>');
$s->check(qr/TEMPUNAVAIL/, 'PTR SSL empty');
$s->send('QUIT');
$s->read();
}
###############################################################################
sub reply_handler {
my ($recv_data, $port) = @_;
my (@name, @rdata);
use constant NOERROR => 0;
use constant SERVFAIL => 2;
use constant NXDOMAIN => 3;
use constant A => 1;
use constant CNAME => 5;
use constant PTR => 12;
use constant DNAME => 39;
use constant IN => 1;
# default values
my ($hdr, $rcode, $ttl) = (0x8180, NOERROR, 3600);
# decode name
my ($len, $offset) = (undef, 12);
while (1) {
$len = unpack("\@$offset C", $recv_data);
last if $len == 0;
$offset++;
push @name, unpack("\@$offset A$len", $recv_data);
$offset += $len;
}
$offset -= 1;
my ($id, $type, $class) = unpack("n x$offset n2", $recv_data);
my $name = join('.', @name);
if ($name eq 'a.example.net' && $type == A) {
push @rdata, rd_addr($ttl, '127.0.0.1');
} elsif ($name eq '1.0.0.127.in-addr.arpa' && $type == PTR) {
if ($port == port(8981)) {
push @rdata, rd_name(PTR, $ttl, 'a.example.net');
} elsif ($port == port(8982)) {
$rcode = SERVFAIL;
} elsif ($port == port(8983)) {
# zero length RDATA
push @rdata, pack("n3N n", 0xc00c, PTR, IN, $ttl, 0);
} elsif ($port == port(8984)) {
# PTR answered with CNAME
push @rdata, rd_name(CNAME, $ttl,
'1.1.0.0.127.in-addr.arpa');
} elsif ($port == port(8985)) {
# uncompressed answer
push @rdata, pack("(C/a*)6x n2N n(C/a*)3x",
('1', '0', '0', '127', 'in-addr', 'arpa'),
PTR, IN, $ttl, 15, ('a', 'example', 'net'));
} elsif ($port == port(8986)) {
push @rdata, rd_name(DNAME, $ttl, 'a.example.net');
} elsif ($port == port(8987)) {
# PTR answered with CNAME+PTR
push @rdata, rd_name(CNAME, $ttl,
'1.1.0.0.127.in-addr.arpa');
push @rdata, pack("n3N n(C/a*)3 x", 0xc034,
PTR, IN, $ttl, 15, ('a', 'example', 'net'));
}
} elsif ($name eq '1.1.0.0.127.in-addr.arpa' && $type == PTR) {
push @rdata, rd_name(PTR, $ttl, 'a.example.net');
}
$len = @name;
pack("n6 (C/a*)$len x n2", $id, $hdr | $rcode, 1, scalar @rdata,
0, 0, @name, $type, $class) . join('', @rdata);
}
sub rd_name {
my ($type, $ttl, $name) = @_;
my ($rdlen, @rdname);
@rdname = split /\./, $name;
$rdlen = length(join '', @rdname) + @rdname + 1;
pack("n3N n(C/a*)* x", 0xc00c, $type, IN, $ttl, $rdlen, @rdname);
}
sub rd_addr {
my ($ttl, $addr) = @_;
my $code = 'split(/\./, $addr)';
# use a special pack string to not zero pad
return pack 'n3N', 0xc00c, A, IN, $ttl if $addr eq '';
pack 'n3N nC4', 0xc00c, A, IN, $ttl, eval "scalar $code", eval($code);
}
sub dns_daemon {
my ($port, $t) = @_;
my ($data, $recv_data);
my $socket = IO::Socket::INET->new(
LocalAddr => '127.0.0.1',
LocalPort => $port,
Proto => 'udp',
)
or die "Can't create listening socket: $!\n";
# signal we are ready
open my $fh, '>', $t->testdir() . '/' . $port;
close $fh;
while (1) {
$socket->recv($recv_data, 65536);
$data = reply_handler($recv_data, $port);
$socket->send($data);
}
}
###############################################################################