def setUp(self):
startNufw(["-s"])
config = NuauthConf()
config["nuauth_log_users"] = '9'
config["mysql_prefix_version"] = '1'
if POSTGRESQL:
config.need_restart = True
self.conn = pgdb.connect(
host=DB_SERVER,
user=DB_USER,
password=DB_PASSWORD,
database=DB_DBNAME)
config["nuauth_user_logs_module"] = '"pgsql"'
config["nuauth_user_session_logs_module"] = '"pgsql"'
else:
self.conn = MySQLdb.Connect(
host=DB_SERVER,
user=DB_USER,
passwd=DB_PASSWORD,
db=DB_DBNAME)
config["nuauth_user_logs_module"] = '"mysql"'
config["nuauth_user_session_logs_module"] = '"mysql"'
self.users = USERDB
self.user = self.users[0]
self.acls = PlaintextAcl()
self.acls.addAcl("web", VALID_PORT, self.user.gid, log_prefix=LOG_PREFIX)
self.users.install(config)
self.acls.install(config)
self.nuauth = Nuauth(config)
self.start_time = int(time()-1.1)
def setUp(self):
startNufw(["-s"])
config = NuauthConf()
config["nuauth_log_users"] = '9'
config["mysql_prefix_version"] = '1'
if POSTGRESQL:
config.need_restart = True
self.conn = pgdb.connect(host=DB_SERVER,
user=DB_USER,
password=DB_PASSWORD,
database=DB_DBNAME)
config["nuauth_user_logs_module"] = '"pgsql"'
config["nuauth_user_session_logs_module"] = '"pgsql"'
else:
self.conn = MySQLdb.Connect(host=DB_SERVER,
user=DB_USER,
passwd=DB_PASSWORD,
db=DB_DBNAME)
config["nuauth_user_logs_module"] = '"mysql"'
config["nuauth_user_session_logs_module"] = '"mysql"'
self.users = USERDB
self.user = self.users[0]
self.acls = PlaintextAcl()
self.acls.addAcl("web",
VALID_PORT,
self.user.gid,
log_prefix=LOG_PREFIX)
self.users.install(config)
self.acls.install(config)
self.nuauth = Nuauth(config)
self.start_time = int(time() - 1.1)
def testNufwIgnoreFQDNCheck(self):
self.startNuauth()
self.nufw = startNufw(["-d", "127.0.0.1"])
self.connectNuauthNufw()
self.assert_(not self.nufw_connection_is_established())
self.nufw.stop()
self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
self.connectNuauthNufw()
self.assert_(self.nufw_connection_is_established())
self.nufw.stop()
self.nuauth.stop()
def testNufwIgnoreFQDNCheck(self):
self.startNuauth()
self.nufw = startNufw(["-d", "127.0.0.1"])
self.connectNuauthNufw()
self.assert_(not self.nufw_connection_is_established())
self.nufw.stop()
self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
self.connectNuauthNufw()
self.assert_(self.nufw_connection_is_established())
self.nufw.stop()
self.nuauth.stop()
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def testInvalidCert(self):
invalid_cacert = config.get("test_cert", "invalid_cacert")
self.nufw = startNufw(["-a", invalid_cacert])
self.connectNuauthNufw()
self.assert_(self.get_tls_cert_invalid())
self.nufw.stop()
def testValidCert(self):
self.nufw = startNufw()
self.connectNuauthNufw()
self.assert_(self.nufw_connection_is_established())
self.nufw.stop()
def setUp(self):
self.iptables = Iptables()
self.iptables.command('-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE' % (VALID_PORT, HOST))
config = NuauthConf()
self.nuauth = Nuauth(config)
self.nufw = startNufw()
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port",
self.port,
self.user.gid,
flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def testNotStrictMode(self):
self.nufw = startNufw(["-s"])
self.connectNuauthNufw()
self.assert_(self.nufw_connection_is_established())
self.nufw.stop()
def testStrictMode(self):
self.nufw = startNufw(["-d","127.0.0.1"])
self.connectNuauthNufw()
self.assert_(not self.nufw_connection_is_established())
self.nufw.stop()
def setUp(self):
self.iptables = Iptables()
self.iptables.command(
'-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE'
% (VALID_PORT, HOST))
config = NuauthConf()
self.nuauth = Nuauth(config)
self.nufw = startNufw()
def setUp(self):
self.iptables = Iptables()
self.users = USERDB
self.host = HOST
self.config = NuauthConf()
self.acls = self.func_acls()
# Start nuauth with new config
self.users.install(self.config)
self.nufw = startNufw(["-s"])
def setUp(self):
self.iptables = Iptables()
self.users = USERDB
self.config = NuauthConf()
self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath("../conf/periods.xml")
self.acls = PlaintextAcl()
# Start nuauth with new config
self.users.install(self.config)
self.nufw = startNufw(["-s"])
def setUp(self):
self.iptables = Iptables()
self.users = USERDB
self.acls = PlaintextAcl()
self.acls.addAcl("web", VALID_PORT, self.users[0].gid+1)
self.config = NuauthConf()
self.config["nuauth_packet_timeout"] = "1"
self.users.install(self.config)
self.acls.install(self.config)
self.nufw = startNufw(["-s"])
def setUp(self):
self.iptables = Iptables()
self.users = USERDB
self.acls = PlaintextAcl()
self.acls.addAcl("web", VALID_PORT, self.users[0].gid + 1)
self.config = NuauthConf()
self.config["nuauth_packet_timeout"] = "1"
self.users.install(self.config)
self.acls.install(self.config)
self.nufw = startNufw(["-s"])
def setUp(self):
self.iptables = Iptables()
self.users = USERDB
self.config = NuauthConf()
self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath(
"../conf/periods.xml")
self.acls = PlaintextAcl()
# Start nuauth with new config
self.users.install(self.config)
self.nufw = startNufw(["-s"])
def setUp(self):
self.port = VALID_PORT
config = NuauthConf()
# Userdb
self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("web", self.port, self.user.gid)
self.acls.install(config)
# Load nuauth
config["nuauth_do_ip_authentication"] = '1'
config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
config["ipauth_guest_username"] = '******' % self.user.login
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw()
def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' )
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration = 10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host)
self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
def setUp(self):
self.dst_host = socket.gethostbyname(HOST)
self.config = NuauthConf()
self.acls = PlaintextAcl()
self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period="10 secs")
self.acls.install(self.config)
self.period = PlainPeriodXML()
self.period.addPeriod(Period("10 secs", duration=10))
self.period.install(self.config)
self.users = USERDB
self.users.install(self.config)
self.nuauth = Nuauth(self.config)
self.nufw = startNufw()
self.iptables = Iptables()
self.iptables.flush()
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE" % self.dst_host)
self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP" % self.dst_host)
def setUp(self):
self.port = VALID_PORT
config = NuauthConf()
# Userdb
self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("web", self.port, self.user.gid)
self.acls.install(config)
# Load nuauth
config["nuauth_do_ip_authentication"] = '1'
config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
config["ipauth_guest_username"] = '******' % self.user.login
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw()