author | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-06-02 10:30:17 UTC |
committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-06-02 18:31:28 UTC |
parent | 4373f56a82b15643d000f0d313f1cce8e7c9eda9 |
dnsoverride.go | +36 | -0 |
test/Dockerfile | +4 | -0 |
test/cover.sh | +2 | -0 |
test/t-14-tls_tracking/A/chasquid.conf | +10 | -0 |
test/t-14-tls_tracking/A/domains/srv-A/.keep | +0 | -0 |
test/t-14-tls_tracking/B/chasquid.conf | +10 | -0 |
test/t-14-tls_tracking/B/domains/srv-B/.keep | +0 | -0 |
test/t-14-tls_tracking/config/chasquid.conf | +10 | -0 |
test/t-14-tls_tracking/content | +4 | -0 |
test/t-14-tls_tracking/dnsmasq.conf | +24 | -0 |
test/t-14-tls_tracking/hosts | +2 | -0 |
test/t-14-tls_tracking/msmtprc | +14 | -0 |
test/t-14-tls_tracking/run.sh | +83 | -0 |
test/util/lib.sh | +4 | -3 |
diff --git a/dnsoverride.go b/dnsoverride.go new file mode 100644 index 0000000..02972a5 --- /dev/null +++ b/dnsoverride.go @@ -0,0 +1,36 @@ +// Support for overriding DNS lookups, for testing purposes. +// This is only used in tests, when the "dnsoverride" tag is active. +// It requires Go >= 1.8. +// +// +build dnsoverride + +package main + +import ( + "context" + "flag" + "net" + "time" +) + +var ( + dnsAddr = flag.String("testing__dns_addr", "127.0.0.1:9053", + "DNS server address to use, for testing purposes only") +) + +var dialer = &net.Dialer{ + // We're going to talk to localhost, so have a short timeout so we fail + // fast. Otherwise the callers might hang indefinitely when trying to + // dial the DNS server. + Timeout: 2 * time.Second, +} + +func dial(ctx context.Context, network, address string) (net.Conn, error) { + return dialer.DialContext(ctx, network, *dnsAddr) +} + +func init() { + // Override the resolver to talk with our local server for testing. + net.DefaultResolver.PreferGo = true + net.DefaultResolver.Dial = dial +} diff --git a/test/Dockerfile b/test/Dockerfile index 8f61212..41c0d5d 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -29,6 +29,10 @@ RUN apt-get install -y -q gettext-base dovecot-imapd RUN apt-get install -y -q exim4-daemon-light RUN cd test/t-02-exim && mkdir -p .exim4 && ln -s /usr/sbin/exim4 .exim4/ +# Packages for the (optional) TLS tracking test. +RUN apt-get install -y -q dnsmasq + + RUN go get -d ./... RUN go install ./... diff --git a/test/cover.sh b/test/cover.sh index d64b0eb..657f21e 100755 --- a/test/cover.sh +++ b/test/cover.sh @@ -42,6 +42,8 @@ go run "${UTILDIR}/gocovcat.go" .coverage/*.out \ go tool cover -func="$COVER_DIR/all.out" | sort -k 3 -n > "$COVER_DIR/func.txt" go tool cover -html="$COVER_DIR/all.out" -o "$COVER_DIR/chasquid.html" +echo +grep total .coverage/func.txt echo echo "Coverage report can be found in:" echo file://$COVER_DIR/chasquid.html diff --git a/test/t-14-tls_tracking/A/chasquid.conf b/test/t-14-tls_tracking/A/chasquid.conf new file mode 100644 index 0000000..3120200 --- /dev/null +++ b/test/t-14-tls_tracking/A/chasquid.conf @@ -0,0 +1,10 @@ +smtp_address: ":1025" +submission_address: ":1587" +submission_over_tls_address: ":1465" +monitoring_address: ":1099" + +mail_delivery_agent_bin: "test-mda" +mail_delivery_agent_args: "%to%" + +data_dir: "../.data-A" +mail_log_path: "../.logs-A/mail_log" diff --git a/test/t-14-tls_tracking/A/domains/srv-A/.keep b/test/t-14-tls_tracking/A/domains/srv-A/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/t-14-tls_tracking/B/chasquid.conf b/test/t-14-tls_tracking/B/chasquid.conf new file mode 100644 index 0000000..7cd0d88 --- /dev/null +++ b/test/t-14-tls_tracking/B/chasquid.conf @@ -0,0 +1,10 @@ +smtp_address: ":2025" +submission_address: ":2587" +submission_over_tls_address: ":2465" +monitoring_address: ":2099" + +mail_delivery_agent_bin: "test-mda" +mail_delivery_agent_args: "%to%" + +data_dir: "../.data-B" +mail_log_path: "../.logs-B/mail_log" diff --git a/test/t-14-tls_tracking/B/domains/srv-B/.keep b/test/t-14-tls_tracking/B/domains/srv-B/.keep new file mode 100644 index 0000000..e69de29 diff --git a/test/t-14-tls_tracking/config/chasquid.conf b/test/t-14-tls_tracking/config/chasquid.conf new file mode 100644 index 0000000..cf76e8a --- /dev/null +++ b/test/t-14-tls_tracking/config/chasquid.conf @@ -0,0 +1,10 @@ +smtp_address: ":1025" +submission_address: ":1587" +submission_over_tls_address: ":1465" +monitoring_address: ":1099" + +mail_delivery_agent_bin: "test-mda" +mail_delivery_agent_args: "%to%" + +data_dir: "../.data" +mail_log_path: "../.logs/mail_log" diff --git a/test/t-14-tls_tracking/content b/test/t-14-tls_tracking/content new file mode 100644 index 0000000..76a8b16 --- /dev/null +++ b/test/t-14-tls_tracking/content @@ -0,0 +1,4 @@ +Subject: Prueba desde el test + +Crece desde el test el futuro +Crece desde el test diff --git a/test/t-14-tls_tracking/dnsmasq.conf b/test/t-14-tls_tracking/dnsmasq.conf new file mode 100644 index 0000000..2b69bb1 --- /dev/null +++ b/test/t-14-tls_tracking/dnsmasq.conf @@ -0,0 +1,24 @@ +# Configuration for dnsmasq, for testing purposes. + +interface=lo +port=9053 +no-resolv +no-poll +no-hosts + +log-queries + +# Note we need both ipv4 and ipv6 A record because some test environments may +# not support one or the other. + +# srv-a zone +address=/srv-a/::1 +address=/srv-a/127.0.0.1 +mx-host=srv-a,srv-a,10 +txt-record=srv-a,"v=spf1 a" + +# srv-b zone +address=/srv-b/::1 +address=/srv-b/127.0.0.1 +mx-host=srv-b,srv-b,10 +txt-record=srv-b,"v=spf1 a" diff --git a/test/t-14-tls_tracking/hosts b/test/t-14-tls_tracking/hosts new file mode 100644 index 0000000..b2ae8db --- /dev/null +++ b/test/t-14-tls_tracking/hosts @@ -0,0 +1,2 @@ +srv-A localhost +srv-B localhost diff --git a/test/t-14-tls_tracking/msmtprc b/test/t-14-tls_tracking/msmtprc new file mode 100644 index 0000000..a46c7eb --- /dev/null +++ b/test/t-14-tls_tracking/msmtprc @@ -0,0 +1,14 @@ +account default + +host srv-A +port 1587 + +tls on +tls_trust_file A/certs/srv-A/fullchain.pem + +from userA@srv-A + +auth on +user userA@srv-A +password userA + diff --git a/test/t-14-tls_tracking/run.sh b/test/t-14-tls_tracking/run.sh new file mode 100755 index 0000000..2fd25ef --- /dev/null +++ b/test/t-14-tls_tracking/run.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +# Test TLS tracking features, which require faking SPF. + +set -e +. $(dirname ${0})/../util/lib.sh + +init + +if ! dnsmasq --version > /dev/null; then + skip "dnsmasq binary is not functional" + exit 0 +fi + +# To fake SPF we need to override the resolver, which is only supported in Go +# >= 1.8, so this test depends on that version. +# TODO: remove this once we only support go >= 1.8. +MAJOR=$(go version | sed 's/.*go\([0-9]\)\..*/\1/') +MINOR=$(go version | sed 's/.*go[0-9]\.\([0-9]\+\).*/\1/') +DEVEL=$(go version | sed 's/.* devel .*/devel/g') +if [ "$DEVEL" != "devel" ] && [ "$MAJOR" -eq 1 ] && [ "$MINOR" -le 7 ]; then + skip "go version ($MAJOR.$MINOR) too old to run this test" +fi + +# Build with the DNS override, so we can fake DNS records. +export GOTAGS="dnsoverride" + +# Launch dnsmasq in the background using our configuration. +# We run with -d as it takes care of a lot of options (log file, pid file, +# etc.) for our use case. +# It listens on localhost:9053 as configuration. +dnsmasq --conf-file=dnsmasq.conf -d >> .dnsmasq.log 2>&1 & + + +# Two chasquid servers: +# A - listens on :1025, hosts srv-A +# B - listens on :2025, hosts srv-B + +CONFDIR=A generate_certs_for srv-A +CONFDIR=A add_user userA@srv-A userA + +CONFDIR=B generate_certs_for srv-B +CONFDIR=B add_user userB@srv-B userB + +rm -rf .data-A .data-B .mail .certs +mkdir -p .logs-A .logs-B .mail .certs + +# Put public certs in .certs, and use it as our trusted cert dir. +cp A/certs/srv-A/fullchain.pem .certs/srv-a.pem +cp B/certs/srv-B/fullchain.pem .certs/srv-b.pem +export SSL_CERT_DIR=$PWD/.certs/ + +chasquid -v=2 --logfile=.logs-A/chasquid.log --config_dir=A \ + --testing__dns_addr=127.0.0.1:9053 \ + --testing__max_received_headers=5 \ + --testing__outgoing_smtp_port=2025 & +chasquid -v=2 --logfile=.logs-B/chasquid.log --config_dir=B \ + --testing__dns_addr=127.0.0.1:9053 \ + --testing__outgoing_smtp_port=1025 & + +wait_until_ready 1025 +wait_until_ready 2025 +wait_until_ready 9053 + +run_msmtp userB@srv-B < content + +wait_for_file .mail/userb@srv-b +mail_diff content .mail/userb@srv-b + +# A should have a secure outgoing connection to srv-b. +if ! grep -q "outgoing_sec_level: TLS_SECURE" ".data-A/domaininfo/s:srv-b"; +then + fail "A is missing the domaininfo for srv-b" +fi + +# B should have a secure incoming connection from srv-a. +if ! grep -q "incoming_sec_level: TLS_CLIENT" ".data-B/domaininfo/s:srv-a"; +then + fail "B is missing the domaininfo for srv-a" +fi + +success + diff --git a/test/util/lib.sh b/test/util/lib.sh index 6e1b4ea..3c86ac5 100644 --- a/test/util/lib.sh +++ b/test/util/lib.sh @@ -11,7 +11,7 @@ function init() { cd ${TBASE} if [ "${RACE}" == "1" ]; then - RACE="-race" + GOFLAGS="$GOFLAGS -race" fi # Remove the directory where test-mda will deliver mail, so previous @@ -30,7 +30,7 @@ function chasquid() { return fi - ( cd ${TBASE}/../../; go build ${RACE} . ) + ( cd ${TBASE}/../../; go build $GOFLAGS -tags="$GOTAGS" . ) # HOSTALIASES: so we "fake" hostnames. # PATH: so chasquid can call test-mda without path issues. @@ -45,7 +45,8 @@ function chasquid_cover() { # Build the coverage-enabled binary. # See coverage_test.go for more details. ( cd ${TBASE}/../../; - go test -covermode=count -coverpkg=./... -c -tags coveragebin ) + go test -covermode=count -coverpkg=./... -c \ + -tags="coveragebin $GOTAGS" $GOFLAGS ) # Run the coverage-enabled binary, named "chasquid.test" for hacky # reasons. See the chasquid function above for details on the