Esempio n. 1
0
 def setUp(self):
     startNufw(["-s"])
     config = NuauthConf()
     config["nuauth_log_users"] = '9'
     config["mysql_prefix_version"] = '1'
     if POSTGRESQL:
         config.need_restart = True
         self.conn = pgdb.connect(host=DB_SERVER,
                                  user=DB_USER,
                                  password=DB_PASSWORD,
                                  database=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"pgsql"'
         config["nuauth_user_session_logs_module"] = '"pgsql"'
     else:
         self.conn = MySQLdb.Connect(host=DB_SERVER,
                                     user=DB_USER,
                                     passwd=DB_PASSWORD,
                                     db=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"mysql"'
         config["nuauth_user_session_logs_module"] = '"mysql"'
     self.users = USERDB
     self.user = self.users[0]
     self.acls = PlaintextAcl()
     self.acls.addAcl("web",
                      VALID_PORT,
                      self.user.gid,
                      log_prefix=LOG_PREFIX)
     self.users.install(config)
     self.acls.install(config)
     self.nuauth = Nuauth(config)
     self.start_time = int(time() - 1.1)
Esempio n. 2
0
 def setUp(self):
     startNufw(["-s"])
     config = NuauthConf()
     config["nuauth_log_users"] = '9'
     config["mysql_prefix_version"] = '1'
     if POSTGRESQL:
         config.need_restart = True
         self.conn = pgdb.connect(
             host=DB_SERVER,
             user=DB_USER,
             password=DB_PASSWORD,
             database=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"pgsql"'
         config["nuauth_user_session_logs_module"] = '"pgsql"'
     else:
         self.conn = MySQLdb.Connect(
             host=DB_SERVER,
             user=DB_USER,
             passwd=DB_PASSWORD,
             db=DB_DBNAME)
         config["nuauth_user_logs_module"] = '"mysql"'
         config["nuauth_user_session_logs_module"] = '"mysql"'
     self.users = USERDB
     self.user = self.users[0]
     self.acls = PlaintextAcl()
     self.acls.addAcl("web", VALID_PORT, self.user.gid, log_prefix=LOG_PREFIX)
     self.users.install(config)
     self.acls.install(config)
     self.nuauth = Nuauth(config)
     self.start_time = int(time()-1.1)
Esempio n. 3
0
    def setUp(self):
        self.iptables = Iptables()
        self.port = VALID_PORT
        self.host = HOST
        self.cacert = config.get("test_cert", "cacert")

        self.nuconfig = NuauthConf()
        self.nuconfig["nuauth_tls_auth_by_cert"] = "0"
        self.nuauth = Nuauth(self.nuconfig)
Esempio n. 4
0
 def startNuauth(self, dict_args=None):
     self.nuconfig = NuauthConf()
     self.nuconfig["nuauth_tls_request_cert"] = "2"
     self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(
         config.get("test_cert", "crl"))
     if dict_args is None:
         dict_args = dict()
     for key in dict_args.keys():
         self.nuconfig[key] = dict_args[key]
     self.nuauth = Nuauth(self.nuconfig)
Esempio n. 5
0
class TestClientCertAuth(TestCase):
    def setUp(self):
        self.nuconfig = NuauthConf()

        cacert = config.get("test_cert", "cacert")

        # Userdb
        self.user = PlaintextUser("user", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(self.nuconfig)

        # Server
        self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
        self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
        self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
            "test_cert", "nuauth_key")
        self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
            "test_cert", "nuauth_cert")
        self.nuauth = Nuauth(self.nuconfig)

    def tearDown(self):
        self.client.stop()
        self.nuauth.stop()
        self.userdb.desinstall()
        self.nuconfig.desinstall()

    def testValidCert(self):
        # Client
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_cert")
        key = config.get("test_cert", "user_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(connectClient(self.client))

    def testInvalidCert(self):
        # Expired certificate
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_invalid_cert")
        key = config.get("test_cert", "user_invalid_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(not connectClient(self.client))
Esempio n. 6
0
class TestClientCertAuth(TestCase):
    def setUp(self):
        self.nuconfig = NuauthConf()

        cacert = config.get("test_cert", "cacert")

        # Userdb
        self.user = PlaintextUser("user", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(self.nuconfig)

        # Server
        self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
        self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
        self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
        self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
        self.nuauth = Nuauth(self.nuconfig)

    def tearDown(self):
        self.client.stop()
        self.nuauth.stop()
        self.userdb.desinstall()
        self.nuconfig.desinstall()

    def testValidCert(self):
        # Client
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_cert")
        key = config.get("test_cert", "user_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(connectClient(self.client))

    def testInvalidCert(self):
        # Expired certificate
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_invalid_cert")
        key = config.get("test_cert", "user_invalid_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(not connectClient(self.client))
Esempio n. 7
0
 def setUp(self):
     # Setup our user DB
     self.config = NuauthConf()
     self.users = USERDB
     self.userA = self.users[0]
     self.userB = self.users[1]
     self.users.install(self.config)
Esempio n. 8
0
    def setUp(self):
        # Load nuauth
        nuconfig = NuauthConf()
        self.nuauth = Nuauth(nuconfig)

        # Create client
        self.client = createClientWithCerts()
Esempio n. 9
0
    def setUp(self):
        self.port = VALID_PORT
        self.mark = 1
        self.shift = 8
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("guest", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("port",
                         self.port,
                         self.user.gid,
                         flags=(self.mark << self.shift))
        self.acls.install(config)

        # Load nuauth
        config["nuauth_finalize_packet_module"] = '"mark_flag"'
        config["mark_flag_mark_shift"] = 0
        config["mark_flag_flag_shift"] = self.shift
        config["mark_flag_nbits"] = 16

        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw(["-m"])
        self.client = self.user.createClientWithCerts()
Esempio n. 10
0
 def startNuauth(self, dict_args=None):
     self.cacert = abspath(config.get("test_cert", "cacert"))
     self.nuconfig = NuauthConf()
     if dict_args is None:
         dict_args = dict()
     for key in dict_args.keys():
         self.nuconfig[key] = dict_args[key]
     self.nuauth = Nuauth(self.nuconfig)
Esempio n. 11
0
 def startNuauth(self, dict_args=None):
     self.nuconfig = NuauthConf()
     self.nuconfig["nuauth_tls_request_cert"] = "2"
     self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl"))
     if dict_args is None:
         dict_args = dict()
     for key in dict_args.keys():
         self.nuconfig[key] = dict_args[key]
     self.nuauth = Nuauth(self.nuconfig)
Esempio n. 12
0
    def setUp(self):
        self.iptables = Iptables()
        self.iptables.command(
            '-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE'
            % (VALID_PORT, HOST))
        config = NuauthConf()

        self.nuauth = Nuauth(config)
        self.nufw = startNufw()
Esempio n. 13
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.host = HOST
        self.config = NuauthConf()
        self.acls = self.func_acls()

        # Start nuauth with new config
        self.users.install(self.config)
        self.nufw = startNufw(["-s"])
Esempio n. 14
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.config = NuauthConf()
        self.config["xml_defs_periodfile"] = '"%s"' % os.path.abspath(
            "../conf/periods.xml")
        self.acls = PlaintextAcl()

        # Start nuauth with new config
        self.users.install(self.config)
        self.nufw = startNufw(["-s"])
Esempio n. 15
0
    def setUp(self):
        self.iptables = Iptables()
        self.users = USERDB
        self.acls = PlaintextAcl()
        self.acls.addAcl("web", VALID_PORT, self.users[0].gid + 1)
        self.config = NuauthConf()
        self.config["nuauth_packet_timeout"] = "1"

        self.users.install(self.config)
        self.acls.install(self.config)
        self.nufw = startNufw(["-s"])
Esempio n. 16
0
    def setUp(self):
        # Prepare our new scripts
        self.script_up = ReplaceFile(SCRIPT_UP, SCRIPT % "UP", MODE)
        self.script_down = ReplaceFile(SCRIPT_DOWN, SCRIPT % "DOWN", MODE)
        self.script_up.install()
        self.script_down.install()

        # Create nuauth
        config = NuauthConf()
        config["nuauth_user_session_logs_module"] = '"script"'
        self.nuauth = Nuauth(config)
Esempio n. 17
0
    def setUp(self):
        self.nuconfig = NuauthConf()

        cacert = config.get("test_cert", "cacert")

        # Userdb
        self.user = PlaintextUser("user", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(self.nuconfig)

        # Server
        self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
        self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
        self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
            "test_cert", "nuauth_key")
        self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
            "test_cert", "nuauth_cert")
        self.nuauth = Nuauth(self.nuconfig)
Esempio n. 18
0
def createClientWithCerts(username=USERNAME,
                          password=PASSWORD,
                          more_args=None):
    nuconfig = NuauthConf()
    args = []
    cacert = abspath(config.get("test_cert", "cacert"))
    if not (more_args and "-A" in more_args):
        args = args + ["-A", cacert]
    cert = abspath(config.get("test_cert", "user_cert"))
    if not (more_args and "-C" in more_args):
        args = args + ["-C", cert]
    key = abspath(config.get("test_cert", "user_key"))
    if not (more_args and "-K" in more_args):
        args = args + ["-K", key]
    if more_args:
        args = args + more_args
    return Client(username, password, CLIENT_IP, more_args=args)
Esempio n. 19
0
    def setUp(self):
        self.cacert = config.get("test_cert", "cacert")
        nuconfig = NuauthConf()
        nuconfig["nuauth_user_session_modify_module"] = "\"session_authtype\""
        nuconfig["nuauth_tls_auth_by_cert"] = "0"
        nuconfig["nuauth_tls_request_cert"] = "0"
        nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
        nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
            "test_cert", "nuauth_key")
        nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
            "test_cert", "nuauth_cert")

        self.config = nuconfig

        # Userdb
        self.user = PlaintextUser("user", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(self.config)
Esempio n. 20
0
    def setUp(self):
        self.nuconfig = NuauthConf()

        cacert = config.get("test_cert", "cacert")

        # Userdb
        self.user = PlaintextUser("user", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(self.nuconfig)

        # Server
        self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
        self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
        self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
        self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
        self.nuauth = Nuauth(self.nuconfig)
Esempio n. 21
0
    def setUp(self):
        self.expiration = DURATION
        self.host = HOST

        # Setup session_expire library
        nuconfig = NuauthConf()
        nuconfig['nuauth_user_session_modify_module'] = '"session_expire"'
        nuconfig['nuauth_session_duration'] = str(self.expiration)

        # Install temporary user database
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(PlaintextUser(USERNAME, PASSWORD, 42, 42))
        self.userdb.install(nuconfig)
        self.acls = PlaintextAcl()

        # Start nuauth
        self.nuauth = Nuauth(nuconfig)

        # Create client
        self.client = createClientWithCerts()
Esempio n. 22
0
    def setUp(self):
        self.port = VALID_PORT
        config = NuauthConf()

        # Userdb
        self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
        self.userdb = PlaintextUserDB()
        self.userdb.addUser(self.user)
        self.userdb.install(config)

        self.acls = PlaintextAcl()
        self.acls.addAcl("web", self.port, self.user.gid)
        self.acls.install(config)

        # Load nuauth
        config["nuauth_do_ip_authentication"] = '1'
        config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
        config["ipauth_guest_username"] = '******' % self.user.login
        self.nuauth = Nuauth(config)
        self.iptables = Iptables()
        self.nufw = startNufw()
Esempio n. 23
0
    def setUp(self):
        self.dst_host = socket.gethostbyname(HOST)

        self.config = NuauthConf()
        self.acls = PlaintextAcl()
        self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' )
        self.acls.install(self.config)

        self.period = PlainPeriodXML()
        self.period.addPeriod(Period("10 secs", duration = 10))
        self.period.install(self.config)

        self.users = USERDB
        self.users.install(self.config)
        self.nuauth = Nuauth(self.config)
        self.nufw = startNufw()

        self.iptables = Iptables()
        self.iptables.flush()
        self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host)
        self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
Esempio n. 24
0
 def setUp(self):
     config = NuauthConf()
     self.users = USERDB
     self.users.install(config)
     self.nuauth = Nuauth(config)
Esempio n. 25
0
class TestTLSNufw(TestCase):
    def setUp(self):
        self.iptables = Iptables()
        self.port = VALID_PORT
        self.host = HOST
        self.cacert = abspath(config.get("test_cert", "cacert"))

    def startNuauth(self, dict_args=None):
        self.nuconfig = NuauthConf()
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(
            config.get("test_cert", "crl"))
        if dict_args is None:
            dict_args = dict()
        for key in dict_args.keys():
            self.nuconfig[key] = dict_args[key]
        self.nuauth = Nuauth(self.nuconfig)

    def tearDown(self):
        self.nuauth.stop()
        self.nuconfig.desinstall()
        self.iptables.flush()

    def connectNuauthNufw(self):
        # Open TCP connection just to connect nufw to nuauth
        self.iptables.filterTcp(self.port)
        connectTcp(HOST, self.port, 0.100)

        # nufw side
        # "TLS connection to nuauth can NOT be restored"

    def testNufwValidCert(self):
        self.startNuauth()
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def testNufwFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "nuauth.inl.fr"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()

    def testNufwIgnoreFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()

    def get_tls_cert_invalid(self):
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find('certificate verification failed') >= 0:
                return True
        return False

    def testNufwInvalidCA(self):
        self.startNuauth()
        invalid_cacert = config.get("test_cert", "invalid_cacert")
        self.nufw = startNufw(["-a", invalid_cacert])
        self.connectNuauthNufw()

        self.assert_(self.get_tls_cert_invalid())
        self.nufw.stop()
        self.nuauth.stop()

    # If NuFW does not run under the strict mode, the provided certificates in svn
    # will be accepted and the client will be able to authenticate and then be
    # accepted by the firewall. This is what we want to check here
    def testNotStrictMode(self):

        self.startNuauth()
        self.nufw = startNufw(["-s"])
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def testStrictMode(self):

        self.startNuauth()
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def nufw_connection_is_established(self):
        if self.nufw.is_connected_to_nuauth:
            return True
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find("tls connection to nuauth established") >= 0:
                return True
            if line.lower().find("tls connection to nuauth restored") >= 0:
                return True
        return False
Esempio n. 26
0
def getNuauthConf():
    return NuauthConf()
Esempio n. 27
0
class TestTLSNufw(TestCase):
    def setUp(self):
        self.iptables = Iptables()
        self.port = VALID_PORT
        self.host = HOST
        self.cacert = abspath(config.get("test_cert", "cacert"))

    def startNuauth(self, dict_args=None):
        self.nuconfig = NuauthConf()
        self.nuconfig["nuauth_tls_request_cert"] = "2"
        self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl"))
        if dict_args is None:
            dict_args = dict()
        for key in dict_args.keys():
            self.nuconfig[key] = dict_args[key]
        self.nuauth = Nuauth(self.nuconfig)

    def tearDown(self):
        self.nuauth.stop()
        self.nuconfig.desinstall()
        self.iptables.flush()

    def connectNuauthNufw(self):
        # Open TCP connection just to connect nufw to nuauth
        self.iptables.filterTcp(self.port)
        connectTcp(HOST, self.port, 0.100)

        # nufw side
        # "TLS connection to nuauth can NOT be restored"

    def testNufwValidCert(self):
        self.startNuauth()
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def testNufwFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "nuauth.inl.fr"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()

    def testNufwIgnoreFQDNCheck(self):
        self.startNuauth()

        self.nufw = startNufw(["-d", "127.0.0.1"])
        self.connectNuauthNufw()
        self.assert_(not self.nufw_connection_is_established())
        self.nufw.stop()

        self.nufw = startNufw(["-d", "127.0.0.1", "-N"])
        self.connectNuauthNufw()
        self.assert_(self.nufw_connection_is_established())
        self.nufw.stop()

        self.nuauth.stop()

    def get_tls_cert_invalid(self):
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find("certificate verification failed") >= 0:
                return True
        return False

    def testNufwInvalidCA(self):
        self.startNuauth()
        invalid_cacert = config.get("test_cert", "invalid_cacert")
        self.nufw = startNufw(["-a", invalid_cacert])
        self.connectNuauthNufw()

        self.assert_(self.get_tls_cert_invalid())
        self.nufw.stop()
        self.nuauth.stop()

    # If NuFW does not run under the strict mode, the provided certificates in svn
    # will be accepted and the client will be able to authenticate and then be
    # accepted by the firewall. This is what we want to check here
    def testNotStrictMode(self):

        self.startNuauth()
        self.nufw = startNufw(["-s"])
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def testStrictMode(self):

        self.startNuauth()
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()
        self.nuauth.stop()

    def nufw_connection_is_established(self):
        if self.nufw.is_connected_to_nuauth:
            return True
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find("tls connection to nuauth established") >= 0:
                return True
            if line.lower().find("tls connection to nuauth restored") >= 0:
                return True
        return False
Esempio n. 28
0
 def setUp(self):
     # Start nuauth with our config
     nuconfig = NuauthConf()
     nuconfig["nuauth_user_check_module"] = '"system"'
     self.nuauth = Nuauth(nuconfig)
Esempio n. 29
0
class TestClientCert(TestCase):
    def setUp(self):
        self.iptables = Iptables()
        self.port = VALID_PORT
        self.host = HOST
        self.cacert = config.get("test_cert", "cacert")

        self.nuconfig = NuauthConf()
        self.nuconfig["nuauth_tls_auth_by_cert"] = "0"
        self.nuauth = Nuauth(self.nuconfig)

    def tearDown(self):
        self.nuauth.stop()
        self.nuconfig.desinstall()
        self.iptables.flush()

    def connectNuauthNufw(self):
        # Open TCP connection just to connect nufw to nuauth
        self.iptables.filterTcp(self.port)
        connectTcp(HOST, self.port, 0.100)

        # nufw side
        # "TLS connection to nuauth can NOT be restored"

    def testValidCert(self):
        self.nufw = startNufw()
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()

    def get_tls_cert_invalid(self):
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find('certificate verification failed') >= 0:
                return True
        return False

    def testInvalidCert(self):
        invalid_cacert = config.get("test_cert", "invalid_cacert")
        self.nufw = startNufw(["-a", invalid_cacert])
        self.connectNuauthNufw()

        self.assert_(self.get_tls_cert_invalid())
        self.nufw.stop()

    # If NuFW does not run under the strict mode, the provided certificates in svn
    # will be accepted and the client will be able to authenticate and then be
    # accepted by the firewall. This is what we want to check here
    def testNotStrictMode(self):

        self.nufw = startNufw(["-s"])
        self.connectNuauthNufw()

        self.assert_(self.nufw_connection_is_established())

        self.nufw.stop()

    def testStrictMode(self):

        self.nufw = startNufw(["-d","127.0.0.1"])
        self.connectNuauthNufw()

        self.assert_(not self.nufw_connection_is_established())

        self.nufw.stop()

    def nufw_connection_is_established(self):
        if self.nufw.is_connected_to_nuauth:
            return True
        for line in self.nufw.readlines(total_timeout=TIMEOUT):
            if line.lower().find("tls connection to nuauth established") >= 0:
                return True
            if line.lower().find("tls connection to nuauth restored") >= 0:
                return True
        return False
Esempio n. 30
0
 def setUp(self):
     self.cacert = config.get("test_cert", "cacert")
     nuconfig = NuauthConf()
     nuconfig["nuauth_tls_auth_by_cert"] = "0"
     nuconfig["nuauth_tls_request_cert"] = "0"
     self.nuauth = Nuauth(nuconfig)
Esempio n. 31
0
from os.path import basename, realpath
from sys import argv, executable
from nuauth import Nuauth
from nuauth_conf import NuauthConf
from plaintext import USERDB, PlaintextAcl
from config import config as test_config


def datetime2unix(timestamp):
    tm = timestamp.timetuple()
    return int(mktime(tm))


POSTGRESQL = False

config = NuauthConf()
if POSTGRESQL:
    import pgdb
    DB_PACKET_TABLE = config["pgsql_table_name"]
    DB_USER_TABLE = config["pgsql_users_table_name"]
    DB_SERVER = config["pgsql_server_addr"]
    DB_USER = config["pgsql_user"]
    DB_PASSWORD = config["pgsql_passwd"]
    DB_DBNAME = config["pgsql_db_name"]
    QUERY_TIMEOUT = test_config.getfloat('test_pgsql', 'query_timeout')
else:
    import MySQLdb
    DB_PACKET_TABLE = config["mysql_table_name"]
    DB_USER_TABLE = config["mysql_users_table_name"]
    DB_SERVER = config["mysql_server_addr"]
    DB_USER = config["mysql_user"]