2022-08-13 17:04:22 +02:00
|
|
|
// SPDX-FileCopyrightText: 2022 Matteo Settenvini <matteo.settenvini@montecristosoftware.eu>
|
|
|
|
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
|
|
|
|
mod common;
|
|
|
|
|
2022-08-14 23:03:59 +02:00
|
|
|
use {
|
2022-08-15 22:55:35 +02:00
|
|
|
crate::common::Eai,
|
|
|
|
anyhow::Result,
|
2022-08-14 23:03:59 +02:00
|
|
|
libc::{freeaddrinfo, gai_strerror, getaddrinfo},
|
2022-08-18 13:59:11 +02:00
|
|
|
nix::unistd::getuid,
|
|
|
|
once_cell::sync::Lazy,
|
|
|
|
std::collections::HashMap,
|
|
|
|
std::net::{IpAddr, Ipv4Addr, Ipv6Addr},
|
|
|
|
std::time::Duration,
|
|
|
|
tokio::time::timeout,
|
2022-08-14 23:03:59 +02:00
|
|
|
};
|
2022-08-13 17:04:22 +02:00
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
static CLOUDFLARE_PARENTALCONTROL_ADDRS: Lazy<Vec<IpAddr>> = Lazy::new(|| {
|
|
|
|
vec![
|
|
|
|
IpAddr::V4(Ipv4Addr::new(1, 1, 1, 3)),
|
|
|
|
IpAddr::V4(Ipv4Addr::new(1, 0, 0, 3)),
|
|
|
|
IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1113)),
|
|
|
|
IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1003)),
|
|
|
|
]
|
|
|
|
});
|
|
|
|
|
2022-08-13 17:04:22 +02:00
|
|
|
#[test]
|
2022-08-18 13:59:11 +02:00
|
|
|
#[ignore]
|
2022-08-15 22:55:35 +02:00
|
|
|
fn nss_module_is_loaded() -> Result<()> {
|
|
|
|
common::setup()?;
|
2022-08-13 17:04:22 +02:00
|
|
|
|
2022-08-14 23:03:59 +02:00
|
|
|
let hostname = std::ffi::CString::new("gnome.org").unwrap();
|
|
|
|
unsafe {
|
|
|
|
let mut addr = std::ptr::null_mut();
|
2022-08-15 22:55:35 +02:00
|
|
|
let getaddrinfo_status = getaddrinfo(
|
2022-08-14 23:03:59 +02:00
|
|
|
hostname.as_ptr(),
|
|
|
|
std::ptr::null(),
|
|
|
|
std::ptr::null(),
|
|
|
|
&mut addr,
|
2022-08-15 22:55:35 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));
|
|
|
|
assert_eq!(
|
|
|
|
getaddrinfo_status,
|
|
|
|
0,
|
|
|
|
"Unable to resolve hostname, getaddrinfo failed: {}",
|
|
|
|
error.to_str().unwrap()
|
|
|
|
);
|
|
|
|
freeaddrinfo(addr);
|
2022-08-14 23:03:59 +02:00
|
|
|
};
|
2022-08-15 22:55:35 +02:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
#[tokio::test]
|
|
|
|
#[ignore]
|
|
|
|
async fn application_dns_is_nxdomain() -> Result<()> {
|
|
|
|
let dbus = common::mock_dbus(HashMap::from([(
|
|
|
|
getuid(),
|
|
|
|
vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
|
|
|
|
)]));
|
2022-08-15 22:55:35 +02:00
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
common::setup()?;
|
2022-08-15 22:55:35 +02:00
|
|
|
let hostname = std::ffi::CString::new("use-application-dns.net").unwrap();
|
|
|
|
unsafe {
|
|
|
|
let mut addr = std::ptr::null_mut();
|
|
|
|
let getaddrinfo_status = getaddrinfo(
|
|
|
|
hostname.as_ptr(),
|
|
|
|
std::ptr::null(),
|
|
|
|
std::ptr::null(),
|
|
|
|
&mut addr,
|
|
|
|
);
|
|
|
|
|
|
|
|
let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));
|
|
|
|
assert_eq!(
|
|
|
|
getaddrinfo_status,
|
|
|
|
Eai::NoName.0,
|
|
|
|
"Should have gotten no hostname (NXDOMAIN), instead got {}",
|
|
|
|
error.to_str().unwrap()
|
|
|
|
);
|
|
|
|
freeaddrinfo(addr);
|
|
|
|
};
|
2022-08-18 13:59:11 +02:00
|
|
|
|
|
|
|
timeout(Duration::from_secs(1), dbus).await??
|
2022-08-15 22:55:35 +02:00
|
|
|
}
|
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
#[tokio::test]
|
|
|
|
#[ignore]
|
|
|
|
async fn wikipedia_is_unrestricted() -> Result<()> {
|
|
|
|
let dbus = common::mock_dbus(HashMap::from([(
|
|
|
|
getuid(),
|
|
|
|
vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
|
|
|
|
)]));
|
2022-08-15 22:55:35 +02:00
|
|
|
|
|
|
|
let (system_addr, our_addr) = common::resolve_system_and_us("wikipedia.org")?;
|
|
|
|
assert_eq!(system_addr, our_addr);
|
2022-08-18 13:59:11 +02:00
|
|
|
timeout(Duration::from_secs(1), dbus).await??
|
2022-08-15 22:55:35 +02:00
|
|
|
}
|
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
#[tokio::test]
|
2022-08-15 22:55:35 +02:00
|
|
|
#[ignore]
|
2022-08-18 13:59:11 +02:00
|
|
|
async fn adultsite_is_restricted() -> Result<()> {
|
|
|
|
let dbus = common::mock_dbus(HashMap::from([(
|
|
|
|
getuid(),
|
|
|
|
vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
|
|
|
|
)]));
|
|
|
|
|
2022-08-15 22:55:35 +02:00
|
|
|
let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;
|
|
|
|
assert_ne!(system_addr, our_addr);
|
|
|
|
assert_eq!(our_addr, IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)));
|
2022-08-18 13:59:11 +02:00
|
|
|
timeout(Duration::from_secs(1), dbus).await??
|
2022-08-15 22:55:35 +02:00
|
|
|
}
|
|
|
|
|
2022-08-18 13:59:11 +02:00
|
|
|
#[tokio::test]
|
2022-08-15 22:55:35 +02:00
|
|
|
#[ignore]
|
2022-08-18 13:59:11 +02:00
|
|
|
async fn privileged_user_bypasses_restrictions() -> Result<()> {
|
|
|
|
let dbus = common::mock_dbus(HashMap::from([(getuid(), vec![ /* no restriction */])]));
|
2022-08-15 22:55:35 +02:00
|
|
|
|
|
|
|
let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;
|
|
|
|
assert_eq!(system_addr, our_addr);
|
2022-08-18 13:59:11 +02:00
|
|
|
timeout(Duration::from_secs(1), dbus).await??
|
2022-08-13 17:04:22 +02:00
|
|
|
}
|