From 8ff732756edff645ba258f3cbf0017925f5a452b Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Mon, 29 May 2017 08:16:59 +0200 Subject: [PATCH] Make sure that Connman is used as a DNS proxy Change-Id: Id91f8090be354c18e4a2f2fd66766f3bf98878dd --- packaging/security-tests.spec | 2 ++ src/nether-tests/CMakeLists.txt | 2 ++ src/nether-tests/nether_tests.cpp | 11 +++++++++++ src/nether-tests/setup-nether-tests-dns.sh | 26 ++++++++++++++++++++++++++ src/nether-tests/teardown-nether-tests-dns.sh | 22 ++++++++++++++++++++++ 5 files changed, 63 insertions(+) create mode 100644 src/nether-tests/setup-nether-tests-dns.sh create mode 100644 src/nether-tests/teardown-nether-tests-dns.sh diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index a2d7fa2..def481e 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -85,6 +85,8 @@ echo "security-tests postinst done ..." /usr/bin/test-performance-check.sh /usr/bin/setup-nether-tests-nns.sh /usr/bin/teardown-nether-tests-nns.sh +/usr/bin/setup-nether-tests-dns.sh +/usr/bin/teardown-nether-tests-dns.sh /etc/dbus-1/system.d/security-tests.conf diff --git a/src/nether-tests/CMakeLists.txt b/src/nether-tests/CMakeLists.txt index 95d9eca..b08c24e 100644 --- a/src/nether-tests/CMakeLists.txt +++ b/src/nether-tests/CMakeLists.txt @@ -71,6 +71,8 @@ INSTALL(TARGETS ${TARGET_NETHER_TESTS} DESTINATION /usr/bin) INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/nether-tests/setup-nether-tests-nns.sh ${PROJECT_SOURCE_DIR}/src/nether-tests/teardown-nether-tests-nns.sh + ${PROJECT_SOURCE_DIR}/src/nether-tests/setup-nether-tests-dns.sh + ${PROJECT_SOURCE_DIR}/src/nether-tests/teardown-nether-tests-dns.sh DESTINATION bin PERMISSIONS OWNER_READ OWNER_WRITE diff --git a/src/nether-tests/nether_tests.cpp b/src/nether-tests/nether_tests.cpp index dbfe746..b9e20da 100644 --- a/src/nether-tests/nether_tests.cpp +++ b/src/nether-tests/nether_tests.cpp @@ -56,6 +56,9 @@ const std::string NETHER_NETNS_NAME_TEST = "nether_test_network_ns"; const std::string NETNS_RUN_DIR = "/var/run/netns"; // taken from iproute2 const std::string NETHER_NETNS_SETUP_COMMAND = "/usr/bin/setup-nether-tests-nns.sh " + NETHER_NETNS_NAME_TEST; const std::string NETHER_NETNS_TEARDOWN_COMMAND = "/usr/bin/teardown-nether-tests-nns.sh " + NETHER_NETNS_NAME_TEST; +const std::string NETHER_DNS_SETUP_COMMAND = "/usr/bin/setup-nether-tests-dns.sh"; +const std::string NETHER_DNS_TEARDOWN_COMMAND = "/usr/bin/teardown-nether-tests-dns.sh"; + const ssize_t NET_BUFFER_SIZE = 1024; const int UDP_MESSAGES_COUNT = 20000; @@ -1394,6 +1397,10 @@ RUNNER_TEST_GROUP_INIT(NETHER_LOCAL_DNS_CONNECTION) RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_granted) { RUNNER_IGNORED_MSG("Disabled until the implementation of handling of DNS queries is finished."); + + ScopedShellScriptRunner networkDNSRunner(NETHER_DNS_SETUP_COMMAND, + NETHER_DNS_TEARDOWN_COMMAND); + const auto getHostAddress = [](void) { struct hostent *server = gethostbyname(DNS_TEST_ADDRESS.c_str()); RUNNER_ASSERT_MSG(server != nullptr, "Couldn't find host " @@ -1406,6 +1413,10 @@ RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_granted) RUNNER_CHILD_TEST(nether_check_gethostbyname_internet_access_denied) { RUNNER_IGNORED_MSG("Disabled until the implementation of handling of DNS queries is finished."); + + ScopedShellScriptRunner networkDNSRunner(NETHER_DNS_SETUP_COMMAND, + NETHER_DNS_TEARDOWN_COMMAND); + const auto getHostAddress = [](void) { struct hostent *server = gethostbyname(DNS_TEST_ADDRESS.c_str()); RUNNER_ASSERT_MSG(server == nullptr, "Host was found " << DNS_TEST_ADDRESS); diff --git a/src/nether-tests/setup-nether-tests-dns.sh b/src/nether-tests/setup-nether-tests-dns.sh new file mode 100644 index 0000000..c3e1fea --- /dev/null +++ b/src/nether-tests/setup-nether-tests-dns.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +##################################################################### +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##################################################################### + +# make sure the filesystem is mounted in RW mode +rw + +# backup old resolv.conf +cp /etc/resolv.conf /etc/resolv.conf.back + +# configure Connman as a local DNS server +echo "nameserver 127.0.0.1" > /etc/resolv.conf diff --git a/src/nether-tests/teardown-nether-tests-dns.sh b/src/nether-tests/teardown-nether-tests-dns.sh new file mode 100644 index 0000000..0d240f6 --- /dev/null +++ b/src/nether-tests/teardown-nether-tests-dns.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +##################################################################### +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##################################################################### + +# restore old resolv.conf +mv /etc/resolv.conf.back /etc/resolv.conf + + -- 2.7.4