Initial set of IDNA tests.

2018-03-19 16:12:47 +00:00
parent 950c354b3d
commit 6755118493
10 changed files with 363 additions and 3 deletions
--- a/bin/tests/system/Makefile.in
+++ b/bin/tests/system/Makefile.in
@@ -60,7 +60,7 @@ PARALLEL = rpzrecurse serve-stale dnssec \
 	   dns64 @DNSTAP@ dscp dsdigest dyndb \
 	   ednscompliance emptyzones \
 	   fetchlimit filter-aaaa formerr forward \
-	   geoip glue inline integrity ixfr keepalive \
+	   geoip glue idna inline integrity ixfr keepalive \
 	   legacy limits logfileconfig \
 	   masterfile masterformat metadata mkeys \
 	   names notify nslookup nsupdate nzd2nzf \
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -94,7 +94,7 @@ PARALLELDIRS="acl additional addzone allow-query auth autosign \
 	dns64 dnssec @DNSTAP@ dscp dsdigest dyndb \
 	ednscompliance emptyzones \
 	fetchlimit filter-aaaa formerr forward \
-	geoip glue inline integrity ixfr keepalive \
+	geoip glue idna inline integrity ixfr keepalive \
 	legacy limits logfileconfig \
        masterfile masterformat metadata mkeys \
        names notify nslookup nsupdate nzd2nzf \
--- a/bin/tests/system/conf.sh.win32
+++ b/bin/tests/system/conf.sh.win32
@@ -91,7 +91,7 @@ SEQUENTIALDIRS="acl additional addzone autosign builtin \
 	 database digdelv dlv dlvauto dlz dlzexternal dname \
 	 dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa \
 	 ednscompliance emptyzones \
-	 fetchlimit filter-aaaa formerr forward geoip glue gost inline ixfr \
+	 fetchlimit filter-aaaa formerr forward geoip glue gost idna inline ixfr \
 	 keepalive @KEYMGR@ legacy limits logfileconfig masterfile \
 	 masterformat metadata mkeys names notify nslookup nsupdate \
 	 nzd2nzf padding pending pipelined @PKCS11_TEST@ reclimit \
--- a/bin/tests/system/idna/clean.sh
+++ b/bin/tests/system/idna/clean.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+rm -f */named.memstats
+rm -f */named.run
+rm -f */named.conf
+rm -f dig.out.*
+rm -f ns*/named.lock
--- a/bin/tests/system/idna/ns1/named.conf.in
+++ b/bin/tests/system/idna/ns1/named.conf.in
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS1
+
+options {
+	query-source address 10.53.0.1;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { fd92:7065:b8e:ffff::1; };
+	recursion no;
+	notify yes;
+	dnssec-enable no;
+	dnssec-validation no;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
--- a/bin/tests/system/idna/ns1/root.db
+++ b/bin/tests/system/idna/ns1/root.db
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+a.root-servers.nil.	AAAA	fd92:7065:b8e:ffff::1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2
+ns2.example.		AAAA	fd92:7065:b8e:ffff::2
--- a/bin/tests/system/idna/prereq.sh
+++ b/bin/tests/system/idna/prereq.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$FEATURETEST --with-idn
+if [ $? -ne 1 ]; then
+    echo_i "This test requires that BIND be built with IDN support"
+    exit 
+fi
+exit 0
--- a/bin/tests/system/idna/setup.sh
+++ b/bin/tests/system/idna/setup.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$SHELL clean.sh
+copy_setports ns1/named.conf.in ns1/named.conf
--- a/bin/tests/system/idna/tests.sh
+++ b/bin/tests/system/idna/tests.sh
@@ -0,0 +1,248 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+# This set of tests check the behavior of the IDNA options in "dig".
+#
+# "dig" supports two IDNA-related options:
+#
+# +[no]idnin -  Translates a domain name into punycode format before sending
+#               the query to the server.
+# +[no]idnout - Translates the received punycode domain names into appropriate
+#               unicode characters before displaying.
+#
+# The tests run "dig" against an authoritative server configured with a minimal
+# root zone and nothing else.  As a result, all queries will result in an
+# NXDOMAIN.  The server will return the qname sent, which "dig" will display
+# according to the options selected.  This returned string is compared with
+# the qname originally sent.
+#
+# In the comments below, the following nomenclature (taken from RFC 5890) is
+# used:
+#
+# A-label: Label comprising ASCII characters that starts xn-- and whose
+#          characters after the xn-- are a valid output of the Punycode
+#          algorithm.
+#
+# Fake A-label: An A-label whose characters after the xn-- are not valid
+#          Punycode output.
+#
+# U-label: Unicode (native character) form of a label.
+#
+# For the purpose of this test script, U-labels do not include labels that
+# comprise purely ASCII characters, which are referred to as "ASCII-labels"
+# here. Valid ASCII-labels comprise letters, digits and hyphens and do not
+# start with a hyphen.
+#
+# References:
+# 1. http://www.unicode.org/reports/tr46/#Deviations
+# 2. http://www.unicode.org/reports/tr46/#IDNAComparison
+
+# Using dig insecure mode as we are not testing DNSSEC here
+DIGCMD="$DIG -i -p ${PORT} @10.53.0.1"
+
+# Initialize test count and status return
+n=0
+status=0
+
+
+# Function for extracting the question name reported by "dig".
+#
+# This is the first field after the line starting ";; QUESTION SECTION:".
+# The string returned includes the trailing period.
+
+qname() {
+    awk 'BEGIN { qs = 0; } \
+        /;; QUESTION SECTION:/ { qs = 1; next; } \
+        qs == 1 {sub(";", "", $1) ; print $1; exit 0; }' \
+        $1
+}
+
+# Function for performing the test where "dig" is expected to succeed.
+#
+#   $1 - Description of the test
+#   $2 - Dig command additional options
+#   $3 - Name being queried
+#   $4 - The name that should be displayed by "dig".  Note that names displayed
+#        by "dig" will always have a trailing period, so this parameter should
+#        have that period as well.
+
+idna_test() {
+    n=`expr $n + 1`
+    description=$1
+    if [ "$2" != "" ]; then
+        description="${description}: $2"
+    fi
+    echo_i "$description ($n)"
+
+    ret=0
+    $DIGCMD $2 $3 > dig.out.$n 2>&1
+    if [ $? -ne 0 ]; then
+        echo_i "failed: dig returned error status $?"
+        ret=1
+    else
+        actual=`qname dig.out.$n`
+        if [ "$4" != "$actual" ]; then
+            echo_i "failed: expected answer $4, actual result $actual"
+            ret=1
+        fi
+    fi
+    status=`expr $status + $ret`
+}
+
+# Function for performing test where "dig" is expected to fail
+#
+# $1 - $3: As for idna_test function
+
+idna_fail() {
+    n=`expr $n + 1`
+    description=$1
+    if [ "$2" != "" ]; then
+        description="${description}: $2"
+    fi
+    echo_i "$description ($n)"
+
+    ret=0
+    $DIGCMD $2 $3 > dig.out.$n 2>&1
+    if [ $? -eq 0 ]; then
+        echo_i "failed: dig command unexpectedly succeeded"
+        ret=1
+    fi
+    status=`expr $status + $ret`
+}
+
+# Tests of valid ASCII-label.
+#
+# +noidnin: The label is sent unchanged to the server.
+# +idnin:   The label is lower-cased and sent to the server.
+#
+# The +[no]idnout flag has no effect on the result.
+
+text="Checking valid ASCII label"
+idna_test "$text" ""                   LocalhosT localhost.
+idna_test "$text" "+noidnin +noidnout" LocalhosT LocalhosT.
+idna_test "$text" "+noidnin +idnout"   LocalhosT LocalhosT.
+idna_test "$text" "+idnin   +noidnout" LocalhosT localhost.
+idna_test "$text" "+idnin   +idnout"   LocalhosT localhost.
+
+
+
+# Tests of a valid U-label.
+#
+# +noidnin +noidnout: The label is sent as a unicode octet stream and dig will
+#                     display the string in the \nnn format.
+# +noidnin +idnout:   As for the previous case.
+# +idnin   +noidnout: The label is converted to the xn-- format.  "dig"
+#                     displays the returned xn-- text.
+# +idnin   +idnout:   The label is converted to the xn-- format.  "dig"
+#                     converts the returned xn-- string back to the original
+#                     unicode text.
+#
+# Note that ASCII characters are converted to lower-case.
+
+text="Checking valid non-ASCII label"
+idna_test "$text" ""                   "München" "münchen." 
+idna_test "$text" "+noidnin +noidnout" "München" "M\195\188nchen."
+idna_test "$text" "+noidnin +idnout"   "München" "M\195\188nchen."
+idna_test "$text" "+idnin   +noidnout" "München" "xn--mnchen-3ya."
+idna_test "$text" "+idnin   +idnout"   "München" "münchen." 
+
+
+
+# Tests of transitional processing of a valid U-label
+#
+# IDNA2003 introduced national character sets but, unfortunately, didn't
+# support several characters properly.  One of those was the German character
+# "ß" (the "Eszett" or "sharp s"), which was interpreted as "ss".  So the
+# domain “faß.de” domain (for example) was processed as “fass.de”.
+#
+# This was corrected in IDNA2008, although some vendors that adopted this
+# standard chose to keep the existing IDNA2003 translation for this character
+# to prevent problems (e.g. people visiting www.faß.example would, under
+# IDNA2003, go to www.fass.example but under IDNA2008 would end up at
+# www.fa\195\159.example - a different web site).
+#
+# BIND has adopted a hard transition, so this test checks that the transitional
+# mapping is not used.  The tests are essentially the same as for the valid
+# U-label.
+
+text="Checking that non-transitional IDNA processing is used"
+idna_test "$text" ""                   "faß.de" "faß.de."
+idna_test "$text" "+noidnin +noidnout" "faß.de" "fa\195\159.de."
+idna_test "$text" "+noidnin +idnout"   "faß.de" "fa\195\159.de."
+idna_test "$text" "+idnin   +noidnout" "faß.de" "xn--fa-hia.de."
+idna_test "$text" "+idnin   +idnout"   "faß.de" "faß.de."
+
+# Another problem character.  The final character in the first label mapped
+# onto the Greek sigma character ("σ") in IDNA2003.
+
+text="Second check that non-transitional IDNA processing is used"
+idna_test "$text" ""                   "βόλος.com" "βόλος.com." 
+idna_test "$text" "+noidnin +noidnout" "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
+idna_test "$text" "+noidnin +idnout"   "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
+idna_test "$text" "+idnin   +noidnout" "βόλος.com" "xn--nxasmm1c.com."
+idna_test "$text" "+idnin   +idnout"   "βόλος.com" "βόλος.com." 
+
+
+
+# Tests of a valid A-label (i.e. starting xn--)
+#
+# +noidnout: The string is sent as-is to the server and the returned qname is
+#            displayed in the same form.
+# +idnout:   The string is sent as-is to the server and the returned qname is
+#            displayed as the corresponding U-label.
+#
+# The "+[no]idnin" flag has no effect in these cases.
+
+text="Checking valid A-label"
+idna_test "$text" ""                   "xn--nxasmq6b.com" "βόλοσ.com." 
+idna_test "$text" "+noidnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
+idna_test "$text" "+noidnin +idnout"   "xn--nxasmq6b.com" "βόλοσ.com." 
+idna_test "$text" "+idnin +noidnout"   "xn--nxasmq6b.com" "xn--nxasmq6b.com."
+idna_test "$text" "+idnin +idnout"     "xn--nxasmq6b.com" "βόλοσ.com." A
+
+
+
+# Tests of a fake A-label
+#
+# +noidnin: The label is sent as-is to the server and dig will display the
+#           returned fake A-label in the same form.
+# +idnin:   "dig" should report that the label is not correct.
+#
+# The +[no]idnout options should not have any effect on the test.
+
+text="Checking invalid A-label"
+idna_fail "$text" ""                   "xn--ahahah"
+idna_test "$text" "+noidnin +noidnout" "xn--ahahah" "xn--ahahah."
+idna_test "$text" "+noidnin +idnout"   "xn--ahahah" "xn--ahahah."
+idna_fail "$text" "+idnin   +noidnout" "xn--ahahah"
+idna_fail "$text" "+idnin   +idnout"   "xn--ahahah"
+
+
+
+# Tests of a valid unicode string but an invalid U-label
+#
+# Symbols are not valid IDNA names.
+#
+# +noidnin: "dig" should send unicode octets to the server and display the
+#           returned qname in the same form.
+# +idnin:   "dig" should generate an error.
+#
+# The +[no]idnout options should not have any effect on the test.
+
+text="Checking invalid U-label"
+idna_fail "$text" ""                   "❤︎.com"
+idna_test "$text" "+noidnin +noidnout" "❤︎.com" "\226\157\164\239\184\142.com."
+idna_test "$text" "+noidnin +idnout"   "❤︎.com" "\226\157\164\239\184\142.com."
+idna_fail "$text" "+idnin   +noidnout" "❤︎.com"
+idna_fail "$text" "+idnin   +idnout"   "❤︎.com"
+
+exit $status
--- a/util/copyrights
+++ b/util/copyrights
@@ -1374,6 +1374,13 @@
 ./bin/tests/system/gost/prereq.sh		SH	2010,2012,2014,2016,2018
 ./bin/tests/system/gost/setup.sh		SH	2010,2012,2014,2016,2017,2018
 ./bin/tests/system/gost/tests.sh		SH	2010,2012,2013,2016,2018
+./bin/tests/system/idna/clean.sh		SH	2018
+./bin/tests/system/idna/ns1/named.conf		CONF-C	2018
+./bin/tests/system/idna/ns1/named.conf.in	CONF-C	2018
+./bin/tests/system/idna/ns1/root.db		ZONE	2018
+./bin/tests/system/idna/prereq.sh		SH	2018
+./bin/tests/system/idna/setup.sh		SH	2018
+./bin/tests/system/idna/tests.sh		SH	2018
 ./bin/tests/system/ifconfig.bat			BAT	2016,2018
 ./bin/tests/system/ifconfig.sh			SH	2000,2001,2002,2003,2004,2007,2008,2009,2010,2012,2013,2016,2018
 ./bin/tests/system/inline/.gitignore		X	2014,2018