1#ifdef HAVE_CONFIG_H
2#include <config.h>
3#endif
4
5#include <sys/types.h>
6#include <stdio.h>
7#include <unistd.h>
8#include <string.h>
9
10#include <check.h>
11
12#ifdef HAVE_NETINET_IN_H
13#include <netinet/in.h>
14#endif
15#ifdef HAVE_NETINET_IN_SYSTM_H
16#include <netinet/in_systm.h>
17#endif
18#ifdef HAVE_NETINET_IP_H
19#include <netinet/ip.h>
20#endif
21
22#include <pulsecore/log.h>
23#include <pulsecore/macro.h>
24#include <pulsecore/socket.h>
25#include <pulsecore/ipacl.h>
26#include <pulsecore/arpa-inet.h>
27
28static void do_ip_acl_check(const char *s, int fd, int expected) {
29    pa_ip_acl *acl;
30    int result;
31
32    acl = pa_ip_acl_new(s);
33    fail_unless(acl != NULL);
34    result = pa_ip_acl_check(acl, fd);
35    pa_ip_acl_free(acl);
36
37    pa_log_info("%-20s result=%u (should be %u)", s, result, expected);
38    fail_unless(result == expected);
39}
40
41START_TEST (ipacl_test) {
42    struct sockaddr_in sa;
43#ifdef HAVE_IPV6
44    struct sockaddr_in6 sa6;
45#endif
46    int fd;
47    int r;
48
49    fd = socket(PF_INET, SOCK_STREAM, 0);
50    fail_unless(fd >= 0);
51
52    sa.sin_family = AF_INET;
53    sa.sin_port = htons(22);
54    sa.sin_addr.s_addr = inet_addr("127.0.0.1");
55
56    r = connect(fd, (struct sockaddr*) &sa, sizeof(sa));
57    fail_unless(r >= 0);
58
59    do_ip_acl_check("127.0.0.1", fd, 1);
60    do_ip_acl_check("127.0.0.2/0", fd, 1);
61    do_ip_acl_check("127.0.0.1/32", fd, 1);
62    do_ip_acl_check("127.0.0.1/7", fd, 1);
63    do_ip_acl_check("127.0.0.2", fd, 0);
64    do_ip_acl_check("127.0.0.0/8;0.0.0.0/32", fd, 1);
65    do_ip_acl_check("128.0.0.2/9", fd, 0);
66    do_ip_acl_check("::1/9", fd, 0);
67
68    close(fd);
69
70#ifdef HAVE_IPV6
71    if ( (fd = socket(PF_INET6, SOCK_STREAM, 0)) < 0 ) {
72      pa_log_error("Unable to open IPv6 socket, IPv6 tests ignored");
73      return;
74    }
75
76    memset(&sa6, 0, sizeof(sa6));
77    sa6.sin6_family = AF_INET6;
78    sa6.sin6_port = htons(22);
79    fail_unless(inet_pton(AF_INET6, "::1", &sa6.sin6_addr) == 1);
80
81    r = connect(fd, (struct sockaddr*) &sa6, sizeof(sa6));
82    fail_unless(r >= 0);
83
84    do_ip_acl_check("::1", fd, 1);
85    do_ip_acl_check("::1/9", fd, 1);
86    do_ip_acl_check("::/0", fd, 1);
87    do_ip_acl_check("::2/128", fd, 0);
88    do_ip_acl_check("::2/127", fd, 0);
89    do_ip_acl_check("::2/126", fd, 1);
90
91    close(fd);
92#endif
93}
94END_TEST
95
96int main(int argc, char *argv[]) {
97    int failed = 0;
98    Suite *s;
99    TCase *tc;
100    SRunner *sr;
101
102    if (!getenv("MAKE_CHECK"))
103        pa_log_set_level(PA_LOG_DEBUG);
104
105    s = suite_create("IP ACL");
106    tc = tcase_create("ipacl");
107    tcase_add_test(tc, ipacl_test);
108    suite_add_tcase(s, tc);
109
110    sr = srunner_create(s);
111    srunner_run_all(sr, CK_NORMAL);
112    failed = srunner_ntests_failed(sr);
113    srunner_free(sr);
114
115    return (failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
116}
117