def test_04_check_overrideclient(self):
proxy_def = " 10.0.0.12, 1.2.3.4/16> 192.168.1.0/24, 172.16.0.1 " \
">10.0.0.0/8 "
r = parse_proxy(proxy_def)
self.assertEqual(len(r), 3)
for proxy, clients in r.items():
if IPAddress("10.0.0.12") in proxy:
self.assertTrue(IPAddress("1.2.3.4") in clients)
elif IPAddress("1.2.3.3") in proxy:
self.assertTrue(IPAddress("192.168.1.1") in clients)
elif IPAddress("172.16.0.1") in proxy:
self.assertEqual(clients, IPNetwork("10.0.0.0/8"))
else:
assert("The proxy {0!s} was not found!".format(proxy))
self.assertTrue(check_proxy("10.0.0.12", "1.2.3.4", proxy_def))
self.assertFalse(check_proxy("10.0.0.11", "1.2.3.4", proxy_def))
self.assertTrue(check_proxy("1.2.3.10", "192.168.1.12", proxy_def))
self.assertFalse(check_proxy("172.16.0.1", "1.2.3.4", proxy_def))
self.assertTrue(check_proxy("172.16.0.1", "10.1.2.3", proxy_def))
# Wrong proxy setting. No commas (issue 526)
proxy_def = " 10.0.0.12 1.2.3.4/16> 192.168.1.0/24 172.16.0.1 " \
">10.0.0.0/8 "
self.assertRaises(AddrFormatError, parse_proxy, proxy_def)
self.assertFalse(check_proxy("10.0.0.12", "1.2.3.4", proxy_def))
def test_04_check_overrideclient(self):
proxy_def = " 10.0.0.12, 1.2.3.4/16> 192.168.1.0/24, 172.16.0.1 " \
">10.0.0.0/8 "
r = parse_proxy(proxy_def)
self.assertEqual(len(r), 3)
for proxy, clients in r.items():
if IPAddress("10.0.0.12") in proxy:
self.assertTrue(IPAddress("1.2.3.4") in clients)
elif IPAddress("1.2.3.3") in proxy:
self.assertTrue(IPAddress("192.168.1.1") in clients)
elif IPAddress("172.16.0.1") in proxy:
self.assertEqual(clients, IPNetwork("10.0.0.0/8"))
else:
assert ("The proxy {0!s} was not found!".format(proxy))
self.assertTrue(check_proxy("10.0.0.12", "1.2.3.4", proxy_def))
self.assertFalse(check_proxy("10.0.0.11", "1.2.3.4", proxy_def))
self.assertTrue(check_proxy("1.2.3.10", "192.168.1.12", proxy_def))
self.assertFalse(check_proxy("172.16.0.1", "1.2.3.4", proxy_def))
self.assertTrue(check_proxy("172.16.0.1", "10.1.2.3", proxy_def))
# Wrong proxy setting. No commas (issue 526)
proxy_def = " 10.0.0.12 1.2.3.4/16> 192.168.1.0/24 172.16.0.1 " \
">10.0.0.0/8 "
self.assertRaises(AddrFormatError, parse_proxy, proxy_def)
self.assertFalse(check_proxy("10.0.0.12", "1.2.3.4", proxy_def))
def test_04b_check_overrideclient(self):
proxy_def = " 10.0.0.12, 1.2.3.4/16> 192.168.1.0/24, 172.16.0.1 " \
">10.0.0.0/8 "
r = parse_proxy(proxy_def)
self.assertEqual(len(r), 3)
self.assertIn((IPNetwork("1.2.3.4/16"), IPNetwork("192.168.1.0/24")), r)
self.assertIn((IPNetwork("10.0.0.12/32"), IPNetwork("0.0.0.0/0")), r)
self.assertIn((IPNetwork("172.16.0.1/32"), IPNetwork("10.0.0.0/8")), r)
# check paths with only a single hop
self.assertEqual(check_proxy(list(map(IPAddress, ["10.0.0.12", "1.2.3.4"])), proxy_def),
IPAddress("1.2.3.4")) # 10.0.0.12 may map to 1.2.3.4
self.assertEqual(check_proxy(list(map(IPAddress, ["10.0.0.11", "1.2.3.4"])), proxy_def),
IPAddress("10.0.0.11")) # 10.0.0.11 may not map to 1.2.3.4
self.assertEqual(check_proxy(list(map(IPAddress, ["1.2.3.10", "192.168.1.12"])), proxy_def),
IPAddress("192.168.1.12")) # 1.2.3.10 may map to 192.168.1.12
self.assertEqual(check_proxy(list(map(IPAddress, ["172.16.0.1", "1.2.3.4"])), proxy_def),
IPAddress("172.16.0.1")) # 172.16.0.1 may not map to 1.2.3.4
self.assertEqual(check_proxy(list(map(IPAddress, ["172.16.0.1", "10.1.2.3"])), proxy_def),
IPAddress("10.1.2.3")) # 172.16.0.1 may map to 10.1.2.3
# Wrong proxy setting. No commas (issue 526)
proxy_def = " 10.0.0.12 1.2.3.4/16> 192.168.1.0/24 172.16.0.1 " \
">10.0.0.0/8 "
self.assertRaises(AddrFormatError, parse_proxy, proxy_def)
# 10.0.0.12 is not allowed to map because the proxy settings are invalid
self.assertEqual(check_proxy(list(map(IPAddress, ["10.0.0.12", "1.2.3.4"])), proxy_def),
IPAddress("10.0.12"))
# check paths with several hops
# 1.2.3.4 -------> 10.0.0.1 -------> 192.168.1.1 --------> privacyIDEA
# client proxy1 proxy2
path_to_client = list(map(IPAddress, ["192.168.1.1", "10.0.0.1", "1.2.3.4"]))
# no proxy setting: client IP is proxy2
self.assertEqual(check_proxy(path_to_client, ""),
IPAddress("192.168.1.1"))
# proxy2 may map to 10.0.1.x: client IP is proxy2
self.assertEqual(check_proxy(path_to_client, "192.168.1.1>10.0.1.0/24"),
IPAddress("192.168.1.1"))
# proxy2 may map to 10.0.0.x: client IP is proxy1
self.assertEqual(check_proxy(path_to_client, "192.168.1.1>10.0.0.0/24"),
IPAddress("10.0.0.1"))
# proxy2 may map to 10.0.0.x, which may map to 2.3.4.x but not 1.2.3.4, so
# the proxy definition does not match and the client IP is proxy2
self.assertEqual(check_proxy(path_to_client, "192.168.1.1>10.0.0.0/24>2.3.4.0/24"),
IPAddress("192.168.1.1"))
# 10.0.0.x may map to 2.3.4.x, but it doesn't matter because there is proxy2 inbetween
self.assertEqual(check_proxy(path_to_client, "10.0.0.0/24>2.3.4.0/24"),
IPAddress("192.168.1.1"))
# proxy2 may map to 10.0.0.x, which may map to 1.2.x.x or 2.3.4.x, so client IP is 1.2.3.4
self.assertEqual(check_proxy(path_to_client,
"192.168.1.1>10.0.0.0/24>2.3.4.0/24, 192.168.1.1>10.0.0.0/24>1.2.0.0/16"),
IPAddress("1.2.3.4"))
# the order of proxy definitions is irrelevant
self.assertEqual(check_proxy(path_to_client,
"192.168.1.1>10.0.0.0/24>1.2.0.0/16, 192.168.1.1>10.0.0.0/24>2.3.4.0/24"),
IPAddress("1.2.3.4"))
# proxy2 may map anywhere, and the next proxy may also map anywhere,
# so we end up with 1.2.3.4
self.assertEqual(check_proxy(path_to_client,
"192.168.1.1>0.0.0.0/0>0.0.0.0/0"),
IPAddress("1.2.3.4"))
# but if the next proxy may only map to 2.x.x.x, the proxy path does not match and we end up with proxy2.
self.assertEqual(check_proxy(path_to_client,
"192.168.1.1>0.0.0.0/0>2.0.0.0/8"),
IPAddress("192.168.1.1"))
# another example
path_to_client = list(map(IPAddress, ["10.1.1.1", "10.2.3.4", "192.168.1.1"]))
self.assertEqual(check_proxy(path_to_client,
"10.1.1.1/32>10.2.3.0/24>192.168.0.0/16"),
IPAddress("192.168.1.1"))
self.assertEqual(check_proxy(path_to_client,
"10.1.1.1/32>192.168.0.0/16"),
IPAddress("10.1.1.1"))
self.assertEqual(check_proxy(path_to_client,
"10.1.1.1/32>10.2.3.0/24>192.168.3.0/24"),
IPAddress("10.1.1.1"))