class TestClientAuth(TestCase):
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port",
self.port,
self.user.gid,
flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def tearDown(self):
self.acls.desinstall()
self.userdb.desinstall()
self.client.stop()
self.nuauth.stop()
self.iptables.flush()
def testValid(self):
# Connect client and filter port
self.assert_(connectClient(self.client))
self.iptables.filterTcp(self.port)
# Test connection without QoS (accept)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)
# Test connection with QoS (drop)
self.iptables.command(
"-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
class TestClientAuth(TestCase):
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def tearDown(self):
self.acls.desinstall()
self.userdb.desinstall()
self.client.stop()
self.nuauth.stop()
self.iptables.flush()
def testValid(self):
# Connect client and filter port
self.assert_(connectClient(self.client))
self.iptables.filterTcp(self.port)
# Test connection without QoS (accept)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)
# Test connection with QoS (drop)
self.iptables.command("-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
class TestClientCert(TestCase):
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = '"session_authtype"'
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def tearDown(self):
self.nuauth.stop()
self.client.stop()
def testCertAuthGroupOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testCertAuthGroupNOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = '"100"'
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
def testWhitelistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testWhitelistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testBlacklistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testBlacklistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testSASLAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testSASLAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
class TestClientCert(TestCase):
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = "\"session_authtype\""
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
"test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
"test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def tearDown(self):
self.nuauth.stop()
self.client.stop()
def testCertAuthGroupOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testCertAuthGroupNOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"100\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
def testWhitelistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testWhitelistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testBlacklistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testBlacklistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testSASLAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testSASLAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
