def test_AliasConflictsWithVhost(self):
config_str="""
[{
"hostname": "$default",
"groups": {
"$default": {
"maxSessions": 1
}
}
},
{
"hostname": "conflict-with-vhost",
"aliases": "$default",
"groups": {
"$default": {
"maxSessions": 1
}
}
}]
"""
manager = MockPolicyManager()
policy = PolicyLocal(manager)
ruleset = json.loads(config_str)
denied = False
try:
policy.create_ruleset(ruleset[0])
policy.create_ruleset(ruleset[1])
except PolicyError as e:
denied = True
self.assertTrue(denied, "Ruleset alias names other vhost but condition not detected.")
def test_SameAliasOnTwoVhosts(self):
config_str="""
[{
"hostname": "$default",
"aliases": "a,b,c,d,e",
"groups": {
"$default": {
"maxSessions": 1
}
}
},
{
"hostname": "doshormigas",
"aliases": "i,h,g,f,e",
"groups": {
"$default": {
"maxSessions": 1
}
}
}]
"""
manager = MockPolicyManager()
policy = PolicyLocal(manager)
ruleset = json.loads(config_str)
denied = False
try:
policy.create_ruleset(ruleset[0])
policy.create_ruleset(ruleset[1])
except PolicyError as e:
denied = True
self.assertTrue(denied, "Rulesets duplicate same alias in two vhosts but condition not detected.")
def test_AliasesRenameOwnVhost(self):
config_str="""
[{
"hostname": "$default",
"allowUnknownUser": true,
"aliases": "$default",
"groups": {
"$default": {
"remoteHosts": "*",
"allowDynamicSource": true,
"allowAnonymousSender": true,
"sources": "$management, examples, q1",
"targets": "$management, examples, q1",
"maxSessions": 1
}
}
}]
"""
manager = MockPolicyManager()
policy = PolicyLocal(manager)
ruleset = json.loads(config_str)
denied = False
try:
policy.create_ruleset(ruleset[0])
except PolicyError:
denied = True
self.assertTrue(denied, "Ruleset duplicates vhost and alias but condition not detected.")
class PolicyFileApplicationFallback(TestCase):
manager = MockPolicyManager()
policy = PolicyLocal(manager)
policy.test_load_config()
def test_bad_app_fallback(self):
# Show that with no fallback the user cannot connect
self.assertTrue(
self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '')
# Enable the fallback defaultVhost and show the same user can now connect
self.policy.set_default_vhost('photoserver')
settingsname = self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5)
self.assertTrue(settingsname == 'test')
# Show that the fallback settings are returned
upolicy = {}
self.assertTrue(
self.policy.lookup_settings('phony*app*name', settingsname, upolicy)
)
self.assertTrue(upolicy['maxFrameSize'] == 444444)
self.assertTrue(upolicy['maxMessageSize'] == 444444)
self.assertTrue(upolicy['maxSessionWindow'] == 444444)
self.assertTrue(upolicy['maxSessions'] == 4)
self.assertTrue(upolicy['maxSenders'] == 44)
self.assertTrue(upolicy['maxReceivers'] == 44)
self.assertTrue(upolicy['allowAnonymousSender'])
self.assertTrue(upolicy['allowDynamicSource'])
self.assertTrue(upolicy['targets'] == 'a,private,')
self.assertTrue(upolicy['sources'] == 'a,private,')
# Disable fallback and show failure again
self.policy.set_default_vhost('')
self.assertTrue(
self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '')
class PolicyFile(TestCase):
manager = MockPolicyManager()
policy = PolicyLocal(manager)
policy.test_load_config()
def test_policy1_test_zeke_ok(self):
p1 = PolicyFile.policy.lookup_user('zeke', '192.168.100.5', 'photoserver', '192.168.100.5:33333', 1)
self.assertTrue(p1 == 'test')
upolicy = {}
self.assertTrue(
PolicyFile.policy.lookup_settings('photoserver', p1, upolicy)
)
self.assertTrue(upolicy['maxFrameSize'] == 444444)
self.assertTrue(upolicy['maxMessageSize'] == 444444)
self.assertTrue(upolicy['maxSessionWindow'] == 444444)
self.assertTrue(upolicy['maxSessions'] == 4)
self.assertTrue(upolicy['maxSenders'] == 44)
self.assertTrue(upolicy['maxReceivers'] == 44)
self.assertTrue(upolicy['allowAnonymousSender'])
self.assertTrue(upolicy['allowDynamicSource'])
self.assertTrue(upolicy['targets'] == 'a,private,')
self.assertTrue(upolicy['sources'] == 'a,private,')
def test_policy1_test_zeke_bad_IP(self):
self.assertTrue(
PolicyFile.policy.lookup_user('zeke', '10.18.0.1', 'photoserver', "connid", 2) == '')
self.assertTrue(
PolicyFile.policy.lookup_user('zeke', '72.135.2.9', 'photoserver', "connid", 3) == '')
self.assertTrue(
PolicyFile.policy.lookup_user('zeke', '127.0.0.1', 'photoserver', "connid", 4) == '')
def test_policy1_test_zeke_bad_app(self):
self.assertTrue(
PolicyFile.policy.lookup_user('zeke', '192.168.100.5','galleria', "connid", 5) == '')
def test_policy1_test_users_same_permissions(self):
zname = PolicyFile.policy.lookup_user('zeke', '192.168.100.5', 'photoserver', '192.168.100.5:33333', 6)
yname = PolicyFile.policy.lookup_user('ynot', '10.48.255.254', 'photoserver', '192.168.100.5:33334', 7)
self.assertTrue( zname == yname )
def test_policy1_lookup_unknown_application(self):
upolicy = {}
self.assertFalse(
PolicyFile.policy.lookup_settings('unknown', 'doesntmatter', upolicy)
)
def test_policy1_lookup_unknown_usergroup(self):
upolicy = {}
self.assertFalse(
PolicyFile.policy.lookup_settings('photoserver', 'unknown', upolicy)
)
def test_AliasOperationalLookup(self):
manager = MockPolicyManager()
policy = PolicyLocal(manager)
policy.test_load_config()
# For this test the test config defines vhost 'photoserver'.
# This test accesses that vhost using the alias name 'antialias'.
settingsname = policy.lookup_user('zeke', '192.168.100.5', 'antialias', "connid", 5)
self.assertTrue(settingsname == 'test')
upolicy = {}
self.assertTrue(
policy.lookup_settings('antialias', settingsname, upolicy)
)
self.assertTrue(upolicy['maxFrameSize'] == 444444)
self.assertTrue(upolicy['sources'] == 'a,private,')
