def test_040_windowsL2TPlocalDirectory(self): wan_IP = uvmContext.networkManager().getFirstWanAddress() if (l2tpClientHostResult != 0): raise unittest2.SkipTest("l2tpClientHostResult not available") if (not wan_IP in l2tpServerHosts): raise unittest2.SkipTest("No paried L2TP client available") uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) createL2TPconfig("LOCAL_DIRECTORY") timeout = 480 found = False # Send command for Windows VPN connect. vpnServerResult = remote_control.run_command( "rasdial.exe %s %s %s" % (wan_IP, l2tpLocalUser, l2tpLocalPassword), host=l2tpClientHost) while not found and timeout > 0: timeout -= 1 time.sleep(1) virtUsers = app.getVirtualUsers() for user in virtUsers['list']: if user['clientUsername'] == l2tpLocalUser: found = True # Send command for Windows VPN disconnect. vpnServerResult = remote_control.run_command("rasdial.exe %s /d" % (wan_IP), host=l2tpClientHost) uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) assert (found)
def test_040_localCaptivePortalToSecondRack(self): global defaultRackCaptivePortal remote_control.run_command("rm -f /tmp/policy_test_040*") defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id) assert (defaultRackCaptivePortal != None) defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings() # turn default capture rule on and basic login defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY" defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN" defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData) # Create local directory user 'test20' uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) # check host table and remove username for host IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) userHost['username'] = "" userHost['usernameCaptivePortal'] = "" uvmContext.hostTable().setHostTableEntry(remote_control.clientIP,userHost) # userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) # print userHost nukeRules() appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId)) # check that basic captive page is shown result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/") assert (result == 0) search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out") assert (search == 0) # check if local directory login and password works ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True) ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind ) captureIP = ip[0] print 'Capture IP address is %s' % captureIP appid = str(defaultRackCaptivePortal.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'") assert (result == 0) # verify the username is assigned to the IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) assert (userHost['username'] == "test20") userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) # firewall on rack 2 is blocking all, we should not get the test.untangle.com page result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/") search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out") assert (search != 0) # Or the captive page search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out") assert (search != 0) # Logout result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout") assert (result == 0) search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out") assert (search == 0) # remove captive portal and test user uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] ) defaultRackCaptivePortal = None
def finalTearDown(self): global app, appAD, appWeb uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) if app != None: uvmContext.appManager().destroy(app.getAppSettings()["id"]) app = None if appAD != None: uvmContext.appManager().destroy(appAD.getAppSettings()["id"]) appAD = None if appWeb != None: uvmContext.appManager().destroy(appWeb.getAppSettings()["id"]) appWeb = None
def initialSetUp(self): global appData, app, appDataRD, appDataAD, appAD, appWeb, adResult, radiusResult, test_untangle_com_ip, captureIP if (uvmContext.appManager().isInstantiated(self.appName())): print "ERROR: App %s already installed" % self.appName() raise unittest2.SkipTest('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) appData = app.getCaptivePortalSettings() if (uvmContext.appManager().isInstantiated(self.appNameAD())): print "ERROR: App %s already installed" % self.appNameAD() raise unittest2.SkipTest('app %s already instantiated' % self.appName()) appAD = uvmContext.appManager().instantiate(self.appNameAD(), defaultRackId) appDataAD = appAD.getSettings().get('activeDirectorySettings') appDataRD = appAD.getSettings().get('radiusSettings') if (uvmContext.appManager().isInstantiated(self.appNameWeb())): print "ERROR: App %s already installed" % self.appNameWeb() raise unittest2.SkipTest('app %s already instantiated' % self.appNameWeb()) appWeb = uvmContext.appManager().instantiate(self.appNameWeb(), defaultRackId) adResult = subprocess.call( ["ping", "-c", "1", global_functions.adServer], stdout=subprocess.PIPE, stderr=subprocess.PIPE) radiusResult = subprocess.call( ["ping", "-c", "1", global_functions.radiusServer], stdout=subprocess.PIPE, stderr=subprocess.PIPE) # Create local directory user 'test20' uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") # remove previous temp files remote_control.run_command("rm -f /tmp/capture_test_*")
def test_070_createClientVPNTunnelLocalUserPass(self): global appData, vpnServerResult, vpnClientResult if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest2.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value( app, "connect") running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP, ) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command( "pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest2.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"] = True siteName = appData['siteName'] appData['exports']['list'].append( create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) #enable user/password authentication, set to local directory appData['authUserPass'] = True appData["authenticationType"] = "LOCAL_DIRECTORY" app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink( vpnClientName, "zip") #create Local Directory User for authentication uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert (result == 0) #create credentials file containing username/password remote_control.run_command("echo " + ovpnlocaluser + " > /tmp/authUserPassFile; echo " + ovpnPasswd + " >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP) #connect to openvpn using the file remote_control.run_command( "cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail if tunnel doesn't connect assert (timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command( "ping -c 2 " + remote_control.clientIP, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ', '') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) # openvpn takes time to shut down time.sleep(3) assert (result == 0) assert (listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN', 'Connection Events', None, 1) assert (events != None) found = global_functions.check_events(events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName) assert (found) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value( app, "connect") assert (pre_events_connect < post_events_connect) #remove Local Directory User uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())