Ejemplo n.º 1
0
class Client:
    def setup_class(self):
        self.client = RpcdClientBase(protocol="http")

    def setup_method(self, method):
        self.client.authenticate('admin', 'admin')

    def teardown_method(self, method):
        self.client.logout()
Ejemplo n.º 2
0
    def main(self):
        """return True if all tests are successful"""
        self.client = RpcdClientBase(protocol="http", host="localhost")
        try:
            self.client.authenticate('admin', 'admin')

            self.configureNetwork()

            old_config = self.client.call('ufwi_ruleset', 'getConfig')
            new_config = deepcopy(old_config)
            new_config['global']['firewall_type'] = NUFW_GATEWAY
            new_config['iptables']['log_type'] = 'ULOG'

            try:
                self.client.call('ufwi_ruleset', 'setConfig', new_config)

                failures = 0
                if self.options.rulesets:
                    rulesets = [
                        (path_join(self.directory, ruleset) + ".xml")
                        for ruleset in self.rulesets]
                else:
                    rulesets = glob(path_join(self.directory, "*.xml"))

                print "Rulesets:", rulesets
                for ruleset in rulesets:
                    ok = self.testRuleset(ruleset)
                    if not ok:
                        failures += 1
                        if self.options.exitfirst:
                            break

                if failures:
                    print "%s failures!" % failures
                    return False
            finally:
                self.client.call('ufwi_ruleset', 'setConfig', old_config)
        finally:
            self.client.logout()

        return True
Ejemplo n.º 3
0
class RunTests:
    def __init__(self):
        self.parseOptions()
        self.setupLog()

        cwd = dirname(__file__)
        parent_dir = path_join(cwd, '..')
        sys.path.insert(0, parent_dir)
        self.directory = path_join(cwd, "rulesets")

    def parseOptions(self):
        parser = OptionParser(usage="%prog [options] [test1 test2 ...]")
        parser.add_option("--regenerate", help="Regenerate tests instead of testing",
            action="store_true", default=False)
        parser.add_option("-x", "--exitfirst", help="Exit on first error",
            action="store_true", default=False)
        parser.add_option("-r", "--rulesets", help="Exit on first error",
            action="store", default="")
        self.options, unused = parser.parse_args()

    def setupLog(self):
        basicConfig(level=CRITICAL)

    def createRules(self, source):
        ruleset_filename = path_join(RULESET_DIR, "rulesets", "test.xml")
        old_ruleset_filename = ruleset_filename + ".old"
        local_ipv4 = path_join(RULESET_DIR, 'local_rules_ipv4.d')
        local_ipv4_tmp = local_ipv4 + '.tmp'
        if exists(old_ruleset_filename):
            raise Exception("%s already exists!" % old_ruleset_filename)
        if exists(local_ipv4_tmp):
            raise Exception("%s already exists!" % local_ipv4_tmp)

        rules = {}

        try:
            rename(ruleset_filename, old_ruleset_filename)
        except OSError:
            old_ruleset_filename = None

        try:
            copyfile(source, ruleset_filename)
            self.client.call('ufwi_ruleset', 'rulesetOpen', 'ruleset', "test")
            rename(local_ipv4, local_ipv4_tmp)
            try:
                result = self.client.call('ufwi_ruleset', 'applyRules', False, True)
                if not result['applied']:
                    errors = '\n'.join(result['errors'])
                    raise Exception("Apply errors:\n%s" % errors)

                result = self.client.call('ufwi_ruleset', 'ldapRules', 'acls-ipv4', tuple())
                rules['ldap_ipv4'] = result['ldap']

                result = self.client.call('ufwi_ruleset', 'ldapRules', 'acls-ipv6', tuple())
                rules['ldap_ipv6'] = result['ldap']
            finally:
                rename(local_ipv4_tmp, local_ipv4)
        finally:
            if old_ruleset_filename:
                rename(old_ruleset_filename, ruleset_filename)
        self.client.call('ufwi_ruleset', 'rulesetClose')

        for key, filename in (
        ('iptables_ipv4', 'new_rules_ipv4'),
        ('iptables_ipv6', 'new_rules_ipv6')):
            with open(path_join(RULESET_DIR, filename)) as fp:
                lines = [line.rstrip() for line in fp]
                # ignore the header and footer:
                # - first line contains version and timestamp
                # - last line contains a timestamp
                rules[key] = lines[1:-1]
        return rules

    def checkRules(self, source, key, ufwi_ruleset):
        # bart.xml => bart.iptables_ipv4
        correct = source[:-3] + key
        prefix = "%s:%s" % (basename(source)[:-4], key)

        if self.options.regenerate:
            if ufwi_ruleset:
                print "%s: file regenerated" % prefix
                with open(correct, "w") as fp:
                    for line in ufwi_ruleset:
                        print >>fp, line
            elif exists(correct):
                print "%s: remove file (no rule)" % prefix
                unlink(correct)
            return True

        text1 = ufwi_ruleset
        if exists(correct):
            with open(correct) as fp:
                text2 = [line.rstrip() for line in fp]
        else:
            text2 = tuple()
        diff = list(context_diff(text1, text2))
        if diff:
            print "%s: FAILURE!" % prefix
            for line in diff:
                print line.rstrip()
            return False
        print "%s: ok" % prefix
        return True

    def main(self):
        """return True if all tests are successful"""
        self.client = RpcdClientBase(protocol="http", host="localhost")
        try:
            self.client.authenticate('admin', 'admin')

            self.configureNetwork()

            old_config = self.client.call('ufwi_ruleset', 'getConfig')
            new_config = deepcopy(old_config)
            new_config['global']['firewall_type'] = NUFW_GATEWAY
            new_config['iptables']['log_type'] = 'ULOG'

            try:
                self.client.call('ufwi_ruleset', 'setConfig', new_config)

                failures = 0
                if self.options.rulesets:
                    rulesets = [
                        (path_join(self.directory, ruleset) + ".xml")
                        for ruleset in self.rulesets]
                else:
                    rulesets = glob(path_join(self.directory, "*.xml"))

                print "Rulesets:", rulesets
                for ruleset in rulesets:
                    ok = self.testRuleset(ruleset)
                    if not ok:
                        failures += 1
                        if self.options.exitfirst:
                            break

                if failures:
                    print "%s failures!" % failures
                    return False
            finally:
                self.client.call('ufwi_ruleset', 'setConfig', old_config)
        finally:
            self.client.logout()

        return True

    def testRuleset(self, ruleset):
        print "Test %s" % basename(ruleset)
        rules = self.createRules(ruleset)
        ok = True
        for key in rules:
            ok &= self.checkRules(ruleset, key, rules[key])
            if not ok and self.options.exitfirst:
                break
        return ok

    def configureNetwork(self):
        """
            Custom network configuration
        """
        serialized = self.client.call('network', 'getNetconfig')
        print serialized
        # serialized =
        # self.takeNuconfWriteRole()
        # self.client.call('network', 'setNetconfig', serialized)
        # self.client.call('config', 'apply')

    def takeNuconfWriteRole(self):
        """
            Takes the ufwi_conf_write role
        """
        try:
            self.client.call("session", "acquire", "ufwi_conf_write")
        except RpcdError:
            pass
        try:
            self.client.call("ufwi_conf", "takeWriteRole")
        except RpcdError:
            pass
Ejemplo n.º 4
0
 def setup_class(self):
     self.client = RpcdClientBase(protocol="http")