From 8ff732756edff645ba258f3cbf0017925f5a452b Mon Sep 17 00:00:00 2001
From: Piotr Sawicki
Date: Mon, 29 May 2017 08:16:59 +0200
Subject: [PATCH] Make sure that Connman is used as a DNS proxy
Change-Id: Id91f8090be354c18e4a2f2fd66766f3bf98878dd
---
packaging/security-tests.spec | 2 ++
src/nether-tests/CMakeLists.txt | 2 ++
src/nether-tests/nether_tests.cpp | 11 +++++++++++
src/nether-tests/setup-nether-tests-dns.sh | 26 ++++++++++++++++++++++++++
src/nether-tests/teardown-nether-tests-dns.sh | 22 ++++++++++++++++++++++
5 files changed, 63 insertions(+)
create mode 100644 src/nether-tests/setup-nether-tests-dns.sh
create mode 100644 src/nether-tests/teardown-nether-tests-dns.sh
diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec
index a2d7fa2..def481e 100644
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -85,6 +85,8 @@ echo "security-tests postinst done ..."
/usr/bin/test-performance-check.sh
/usr/bin/setup-nether-tests-nns.sh
/usr/bin/teardown-nether-tests-nns.sh
+/usr/bin/setup-nether-tests-dns.sh
+/usr/bin/teardown-nether-tests-dns.sh
/etc/dbus-1/system.d/security-tests.conf
diff --git a/src/nether-tests/CMakeLists.txt b/src/nether-tests/CMakeLists.txt
index 95d9eca..b08c24e 100644
--- a/src/nether-tests/CMakeLists.txt
+++ b/src/nether-tests/CMakeLists.txt
@@ -71,6 +71,8 @@ INSTALL(TARGETS ${TARGET_NETHER_TESTS} DESTINATION /usr/bin)
INSTALL(FILES
${PROJECT_SOURCE_DIR}/src/nether-tests/setup-nether-tests-nns.sh
${PROJECT_SOURCE_DIR}/src/nether-tests/teardown-nether-tests-nns.sh
+ ${PROJECT_SOURCE_DIR}/src/nether-tests/setup-nether-tests-dns.sh
+ ${PROJECT_SOURCE_DIR}/src/nether-tests/teardown-nether-tests-dns.sh
DESTINATION bin
PERMISSIONS OWNER_READ
OWNER_WRITE
diff --git a/src/nether-tests/nether_tests.cpp b/src/nether-tests/nether_tests.cpp
index dbfe746..b9e20da 100644
--- a/src/nether-tests/nether_tests.cpp
+++ b/src/nether-tests/nether_tests.cpp
@@ -56,6 +56,9 @@ const std::string NETHER_NETNS_NAME_TEST = "nether_test_network_ns";
const std::string NETNS_RUN_DIR = "/var/run/netns"; // taken from iproute2
const std::string NETHER_NETNS_SETUP_COMMAND = "/usr/bin/setup-nether-tests-nns.sh " + NETHER_NETNS_NAME_TEST;
const std::string NETHER_NETNS_TEARDOWN_COMMAND = "/usr/bin/teardown-nether-tests-nns.sh " + NETHER_NETNS_NAME_TEST;
+const std::string NETHER_DNS_SETUP_COMMAND = "/usr/bin/setup-nether-tests-dns.sh";
+const std::string NETHER_DNS_TEARDOWN_COMMAND = "/usr/bin/teardown-nether-tests-dns.sh";
+
const ssize_t NET_BUFFER_SIZE = 1024;
const int UDP_MESSAGES_COUNT = 20000;
@@ -1394,6 +1397,10 @@ RUNNER_TEST_GROUP_INIT(NETHER_LOCAL_DNS_CONNECTION)
RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_granted)
{
RUNNER_IGNORED_MSG("Disabled until the implementation of handling of DNS queries is finished.");
+
+ ScopedShellScriptRunner networkDNSRunner(NETHER_DNS_SETUP_COMMAND,
+ NETHER_DNS_TEARDOWN_COMMAND);
+
const auto getHostAddress = [](void) {
struct hostent *server = gethostbyname(DNS_TEST_ADDRESS.c_str());
RUNNER_ASSERT_MSG(server != nullptr, "Couldn't find host "
@@ -1406,6 +1413,10 @@ RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_granted)
RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_denied)
{
RUNNER_IGNORED_MSG("Disabled until the implementation of handling of DNS queries is finished.");
+
+ ScopedShellScriptRunner networkDNSRunner(NETHER_DNS_SETUP_COMMAND,
+ NETHER_DNS_TEARDOWN_COMMAND);
+
const auto getHostAddress = [](void) {
struct hostent *server = gethostbyname(DNS_TEST_ADDRESS.c_str());
RUNNER_ASSERT_MSG(server == nullptr, "Host was found " << DNS_TEST_ADDRESS);
diff --git a/src/nether-tests/setup-nether-tests-dns.sh b/src/nether-tests/setup-nether-tests-dns.sh
new file mode 100644
index 0000000..c3e1fea
--- /dev/null
+++ b/src/nether-tests/setup-nether-tests-dns.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+#####################################################################
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#####################################################################
+
+# make sure the filesystem is mounted in RW mode
+rw
+
+# backup old resolv.conf
+cp /etc/resolv.conf /etc/resolv.conf.back
+
+# configure Connman as a local DNS server
+echo "nameserver 127.0.0.1" > /etc/resolv.conf
diff --git a/src/nether-tests/teardown-nether-tests-dns.sh b/src/nether-tests/teardown-nether-tests-dns.sh
new file mode 100644
index 0000000..0d240f6
--- /dev/null
+++ b/src/nether-tests/teardown-nether-tests-dns.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+#####################################################################
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#####################################################################
+
+# restore old resolv.conf
+mv /etc/resolv.conf.back /etc/resolv.conf
+
+
--
2.7.4