Example #1
0
 def setUp(self):
     startNufw(["-s"])
     config = NuauthConf()
     config["nuauth_log_users"] = '9'
     config["mysql_prefix_version"] = '1'
     if POSTGRESQL:
         config.need_restart = True
         self.conn = pgdb.connect(
             host=DB_SERVER,
             user=DB_USER,
             password=DB_PASSWORD,
             database=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"pgsql"'
         config["nuauth_user_session_logs_module"] = '"pgsql"'
     else:
         self.conn = MySQLdb.Connect(
             host=DB_SERVER,
             user=DB_USER,
             passwd=DB_PASSWORD,
             db=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"mysql"'
         config["nuauth_user_session_logs_module"] = '"mysql"'
     self.users = USERDB
     self.user = self.users[0]
     self.acls = PlaintextAcl()
     self.acls.addAcl("web", VALID_PORT, self.user.gid, log_prefix=LOG_PREFIX)
     self.users.install(config)
     self.acls.install(config)
     self.nuauth = Nuauth(config)
     self.start_time = int(time()-1.1)
Example #2
0
 def setUp(self):
     startNufw(["-s"])
     config = NuauthConf()
     config["nuauth_log_users"] = '9'
     config["mysql_prefix_version"] = '1'
     if POSTGRESQL:
         config.need_restart = True
         self.conn = pgdb.connect(host=DB_SERVER,
                                  user=DB_USER,
                                  password=DB_PASSWORD,
                                  database=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"pgsql"'
         config["nuauth_user_session_logs_module"] = '"pgsql"'
     else:
         self.conn = MySQLdb.Connect(host=DB_SERVER,
                                     user=DB_USER,
                                     passwd=DB_PASSWORD,
                                     db=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"mysql"'
         config["nuauth_user_session_logs_module"] = '"mysql"'
     self.users = USERDB
     self.user = self.users[0]
     self.acls = PlaintextAcl()
     self.acls.addAcl("web",
                      VALID_PORT,
                      self.user.gid,
                      log_prefix=LOG_PREFIX)
     self.users.install(config)
     self.acls.install(config)
     self.nuauth = Nuauth(config)
     self.start_time = int(time() - 1.1)
Example #3
0
    def testNufwIgnoreFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()
Example #4
0
    def testNufwIgnoreFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()
Example #5
0
    def setUp(self):
        self.port = VALID_PORT
        self.mark = 1
        self.shift = 8
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("guest", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift))
        self.acls.install(config)

        # Load nuauth
        config["nuauth_finalize_packet_module"] = '"mark_flag"'
        config["mark_flag_mark_shift"] = 0
        config["mark_flag_flag_shift"] = self.shift
        config["mark_flag_nbits"] = 16

        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw(["-m"])
        self.client = self.user.createClientWithCerts()
Example #6
0
    def testInvalidCert(self):
        invalid_cacert = config.get("test_cert", "invalid_cacert")
        self.nufw = startNufw(["-a", invalid_cacert])
        self.connectNuauthNufw()

        self.assert_(self.get_tls_cert_invalid())
        self.nufw.stop()
Example #7
0
    def testValidCert(self):
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
Example #8
0
    def setUp(self):
        self.iptables = Iptables()
        self.iptables.command('-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE' % (VALID_PORT, HOST))
        config = NuauthConf()

        self.nuauth = Nuauth(config)
        self.nufw = startNufw()
Example #9
0
    def setUp(self):
        self.port = VALID_PORT
        self.mark = 1
        self.shift = 8
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("guest", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("port",
                         self.port,
                         self.user.gid,
                         flags=(self.mark << self.shift))
        self.acls.install(config)

        # Load nuauth
        config["nuauth_finalize_packet_module"] = '"mark_flag"'
        config["mark_flag_mark_shift"] = 0
        config["mark_flag_flag_shift"] = self.shift
        config["mark_flag_nbits"] = 16

        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw(["-m"])
        self.client = self.user.createClientWithCerts()
Example #10
0
    def testNotStrictMode(self):

        self.nufw = startNufw(["-s"])
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
Example #11
0
    def testStrictMode(self):

        self.nufw = startNufw(["-d","127.0.0.1"])
        self.connectNuauthNufw()

        self.assert_(not self.nufw_connection_is_established())

        self.nufw.stop()
Example #12
0
    def setUp(self):
        self.iptables = Iptables()
        self.iptables.command(
            '-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE'
            % (VALID_PORT, HOST))
        config = NuauthConf()

        self.nuauth = Nuauth(config)
        self.nufw = startNufw()
Example #13
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.host = HOST
        self.config = NuauthConf()
        self.acls = self.func_acls()

        # Start nuauth with new config
        self.users.install(self.config)
        self.nufw = startNufw(["-s"])
Example #14
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.config = NuauthConf()
        self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath("../conf/periods.xml")
        self.acls = PlaintextAcl()

        # Start nuauth with new config
        self.users.install(self.config)
        self.nufw = startNufw(["-s"])
Example #15
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.acls = PlaintextAcl()
        self.acls.addAcl("web", VALID_PORT, self.users[0].gid+1)
        self.config = NuauthConf()
        self.config["nuauth_packet_timeout"] = "1"

        self.users.install(self.config)
        self.acls.install(self.config)
        self.nufw = startNufw(["-s"])
Example #16
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.acls = PlaintextAcl()
        self.acls.addAcl("web", VALID_PORT, self.users[0].gid + 1)
        self.config = NuauthConf()
        self.config["nuauth_packet_timeout"] = "1"

        self.users.install(self.config)
        self.acls.install(self.config)
        self.nufw = startNufw(["-s"])
Example #17
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.config = NuauthConf()
        self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath(
            "../conf/periods.xml")
        self.acls = PlaintextAcl()

        # Start nuauth with new config
        self.users.install(self.config)
        self.nufw = startNufw(["-s"])
Example #18
0
    def setUp(self):
        self.port = VALID_PORT
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("web", self.port, self.user.gid)
        self.acls.install(config)

        # Load nuauth
        config["nuauth_do_ip_authentication"] = '1'
        config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
        config["ipauth_guest_username"] = '******' % self.user.login
        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw()
Example #19
0
    def setUp(self):
        self.dst_host = socket.gethostbyname(HOST)

        self.config = NuauthConf()
        self.acls = PlaintextAcl()
        self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' )
        self.acls.install(self.config)

        self.period = PlainPeriodXML()
        self.period.addPeriod(Period("10 secs", duration = 10))
        self.period.install(self.config)

        self.users = USERDB
        self.users.install(self.config)
        self.nuauth = Nuauth(self.config)
        self.nufw = startNufw()

        self.iptables = Iptables()
        self.iptables.flush()
        self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host)
        self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
Example #20
0
    def setUp(self):
        self.dst_host = socket.gethostbyname(HOST)

        self.config = NuauthConf()
        self.acls = PlaintextAcl()
        self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period="10 secs")
        self.acls.install(self.config)

        self.period = PlainPeriodXML()
        self.period.addPeriod(Period("10 secs", duration=10))
        self.period.install(self.config)

        self.users = USERDB
        self.users.install(self.config)
        self.nuauth = Nuauth(self.config)
        self.nufw = startNufw()

        self.iptables = Iptables()
        self.iptables.flush()
        self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE" % self.dst_host)
        self.iptables.command("-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP" % self.dst_host)
Example #21
0
    def setUp(self):
        self.port = VALID_PORT
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("web", self.port, self.user.gid)
        self.acls.install(config)

        # Load nuauth
        config["nuauth_do_ip_authentication"] = '1'
        config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
        config["ipauth_guest_username"] = '******' % self.user.login
        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw()