def initial_setup(self): global appData, app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appData = app.getSettings() remote_control.run_command("rm -f ./authpost\?*")
def initial_setup(self): global app,md5StdNum, appSSL, appSSLData, canRelay # download eicar and trojan files before installing virus blocker self.ftp_user_name, self.ftp_password = global_functions.get_live_account_info("ftp") remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file") result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com") assert (result == 0) result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True) self.md5StdNum = md5StdNum # print("md5StdNum <%s>" % md5StdNum) assert (result == 0) try: canRelay = global_functions.send_test_email(mailhost=testsiteIP) except Exception as e: canRelay = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) self.app = app if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()): raise Exception('app %s already instantiated' % self.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id) # appSSL.start() # leave app off. app doesn't auto-start appSSLData = appSSL.getSettings() # Enable cloud connection system_settings = uvmContext.systemManager().getSettings() system_settings['cloudEnabled'] = True uvmContext.systemManager().setSettings(system_settings)
def initial_setup(self): global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult tunnelUp = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) if (uvmContext.appManager().isInstantiated(self.appNameAD())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() appAD = uvmContext.appManager().instantiate(self.appNameAD(), default_policy_id) appDataRD = appAD.getSettings().get('radiusSettings') ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) l2tpClientHostResult = subprocess.call( ["ping", "-c", "1", l2tpClientHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) radiusResult = subprocess.call( ["ping", "-c", "1", global_functions.RADIUS_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def test_040_localCaptivePortalToSecondRack(self): global defaultRackCaptivePortal remote_control.run_command("rm -f /tmp/policy_test_040*") defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id) assert (defaultRackCaptivePortal != None) defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings() # turn default capture rule on and basic login defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY" defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN" defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData) # Create local directory user 'test20' uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) # check host table and remove username for host IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip) userHost['username'] = "" userHost['usernameCaptivePortal'] = "" uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,userHost) # userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip) # print(userHost) nukeRules() appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId)) # check that basic captive page is shown result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/") assert (result == 0) search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out") assert (search == 0) # check if local directory login and password works ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True) ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind ) captureIP = ip[0] print('Capture IP address is %s' % captureIP) appid = str(defaultRackCaptivePortal.getAppSettings()["id"]) # print('appid is %s' % appid # debug line) result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'") assert (result == 0) # verify the username is assigned to the IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip) assert (userHost['username'] == "test20") userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip) # firewall on rack 2 is blocking all, we should not get the test.untangle.com page result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/") search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out") assert (search != 0) # Or the captive page search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out") assert (search != 0) # Logout result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout") assert (result == 0) search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out") assert (search == 0) # remove captive portal and test user uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] ) defaultRackCaptivePortal = None
def initial_extra_setup(cls): global orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app reportSettings = cls._app.getSettings() orig_settings = copy.deepcopy(reportSettings) if (uvmContext.appManager().isInstantiated(cls.webAppName())): raise Exception('app %s already instantiated' % cls.webAppName()) web_app = uvmContext.appManager().instantiate(cls.webAppName(), default_policy_id) # Skip checking relaying is possible if we have determined it as true on previous test. try: can_relay = global_functions.send_test_email() except Exception as e: can_relay = False if can_syslog == None: can_syslog = False wan_IP = uvmContext.networkManager().getFirstWanAddress() syslog_server_host = global_functions.find_syslog_server(wan_IP) if syslog_server_host: portResult = remote_control.run_command( "sudo lsof -i :514", host=syslog_server_host) if portResult == 0: can_syslog = True
def initial_extra_setup(cls): # FIXME: same as SpamBlockerBaseTests global appData, appSP, appDataSP, appSSL, canRelay appData = cls._app.getSettings() appSP = uvmContext.appManager().app(cls.appNameSpamCase()) appDataSP = appSP.getSmtpSettings() if uvmContext.appManager().isInstantiated(cls.appNameSSLInspector()): raise Exception('app %s already instantiated' % cls.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate(cls.appNameSSLInspector(), default_policy_id) # appSSL.start() # leave app off. app doesn't auto-start try: canRelay = global_functions.send_test_email( mailhost=smtpServerHost) except Exception as e: canRelay = False getLatestMailSender() # flush quarantine. curQuarantine = appSP.getQuarantineMaintenenceView() curQuarantineList = curQuarantine.listInboxes() for checkAddress in curQuarantineList['list']: if checkAddress['address']: curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(self): global app if (uvmContext.appManager().isInstantiated(self.module_name())): app = uvmContext.appManager().app(self.module_name()) else: app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
def initial_setup(self): global app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() # must be called since web cache doesn't auto-start
def test_030_test_smtp_settings(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # Test mail setting in config -> email -> outgoing server if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())): print("smtp case present") else: print("smtp not present") uvmContext.appManager().instantiate(self.appNameSpamCase(), 1) appSP = uvmContext.appManager().app(self.appNameSpamCase()) origAppDataSP = appSP.getSmtpSettings() origMailsettings = uvmContext.mailSender().getSettings() # print(appDataSP) newMailsettings = copy.deepcopy(origMailsettings) newMailsettings['smtpHost'] = global_functions.TEST_SERVER_HOST newMailsettings['smtpPort'] = "6800" newMailsettings['sendMethod'] = 'CUSTOM' uvmContext.mailSender().setSettings(newMailsettings) time.sleep(10) # give it time for exim to restart appDataSP = appSP.getSmtpSettings() appSP.setSmtpSettingsWithoutSafelists(appDataSP) recipient = global_functions.random_email() uvmContext.mailSender().sendTestMessage(recipient) time.sleep(2) # force exim to flush queue subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None) time.sleep(10) uvmContext.mailSender().setSettings(origMailsettings) appSP.setSmtpSettingsWithoutSafelists(origAppDataSP) emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True) assert('Test Message' in emailContext)
def initial_setup(self): global app, orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app if (uvmContext.appManager().isInstantiated(self.module_name())): # report app is normally installed. # print("App %s already installed" % self.module_name()) # raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().app(self.module_name()) else: app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) reportSettings = app.getSettings() orig_settings = copy.deepcopy(reportSettings) if (uvmContext.appManager().isInstantiated(self.webAppName())): raise Exception('app %s already instantiated' % self.webAppName()) web_app = uvmContext.appManager().instantiate(self.webAppName(), default_policy_id) # Skip checking relaying is possible if we have determined it as true on previous test. try: can_relay = global_functions.send_test_email() except Exception as e: can_relay = False if can_syslog == None: can_syslog = False wan_IP = uvmContext.networkManager().getFirstWanAddress() syslog_server_host = global_functions.find_syslog_server(wan_IP) if syslog_server_host: portResult = remote_control.run_command("sudo lsof -i :514", host=syslog_server_host) if portResult == 0: can_syslog = True
def test_030_test_smtp_settings(self): if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # Test mail setting in config -> email -> outgoing server if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())): print("smtp case present") else: print("smtp not present") uvmContext.appManager().instantiate(self.appNameSpamCase(), 1) appSP = uvmContext.appManager().app(self.appNameSpamCase()) origAppDataSP = appSP.getSmtpSettings() origMailsettings = uvmContext.mailSender().getSettings() # print(appDataSP) newMailsettings = copy.deepcopy(origMailsettings) newMailsettings['smtpHost'] = global_functions.TEST_SERVER_HOST newMailsettings['smtpPort'] = "6800" newMailsettings['sendMethod'] = 'CUSTOM' uvmContext.mailSender().setSettings(newMailsettings) time.sleep(10) # give it time for exim to restart appDataSP = appSP.getSmtpSettings() appSP.setSmtpSettingsWithoutSafelists(appDataSP) recipient = global_functions.random_email() uvmContext.mailSender().sendTestMessage(recipient) time.sleep(2) # force exim to flush queue subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None) time.sleep(10) uvmContext.mailSender().setSettings(origMailsettings) appSP.setSmtpSettingsWithoutSafelists(origAppDataSP) emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True) assert('Test Message' in emailContext)
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip)); blockRackFirewall.setRules(rules); # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] ) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager','All Events',None,100) assert(events != None) found = global_functions.check_events( events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.client_ip) assert( found )
def initial_setup(self): global app,md5StdNum, appSSL, appSSLData, canRelay # download eicar and trojan files before installing virus blocker self.ftp_user_name, self.ftp_password = global_functions.get_live_account_info("ftp") remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file") result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com") assert (result == 0) result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip") assert (result == 0) md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True) self.md5StdNum = md5StdNum # print("md5StdNum <%s>" % md5StdNum) assert (result == 0) try: canRelay = global_functions.send_test_email(mailhost=testsiteIP) except Exception as e: canRelay = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) self.app = app if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()): raise Exception('app %s already instantiated' % self.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id) # appSSL.start() # leave app off. app doesn't auto-start appSSLData = appSSL.getSettings() # Enable cloud connection system_settings = uvmContext.systemManager().getSettings() system_settings['cloudEnabled'] = True uvmContext.systemManager().setSettings(system_settings)
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate( "firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append( createFirewallSingleConditionRule("SRC_ADDR", remote_control.client_ip)) blockRackFirewall.setRules(rules) # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"]) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager', 'All Events', None, 100) assert (events != None) found = global_functions.check_events(events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.client_ip) assert (found)
def initial_setup(self): global app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start()
def initial_setup(self): global app, appData, appSP, appDataSP, appSSL, appSSLData, canRelay if (uvmContext.appManager().isInstantiated(self.module_name())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appData = app.getSettings() appSP = uvmContext.appManager().app(self.appNameSpamCase()) appDataSP = appSP.getSmtpSettings() if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()): raise Exception('app %s already instantiated' % self.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id) # appSSL.start() # leave app off. app doesn't auto-start appSSLData = appSSL.getSettings() try: canRelay = global_functions.send_test_email(mailhost=smtpServerHost) except Exception as e: canRelay = False self.canRelay = canRelay getLatestMailSender() # flush quarantine. curQuarantine = appSP.getQuarantineMaintenenceView() curQuarantineList = curQuarantine.listInboxes() for checkAddress in curQuarantineList['list']: if checkAddress['address']: curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(self): global app, appData, appSP, appDataSP, appSSL, appSSLData, canRelay if (uvmContext.appManager().isInstantiated(self.module_name())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appData = app.getSettings() appSP = uvmContext.appManager().app(self.appNameSpamCase()) appDataSP = appSP.getSmtpSettings() if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()): raise Exception('app %s already instantiated' % self.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate( self.appNameSSLInspector(), default_policy_id) # appSSL.start() # leave app off. app doesn't auto-start appSSLData = appSSL.getSettings() try: canRelay = global_functions.send_test_email( mailhost=smtpServerHost) except Exception as e: canRelay = False self.canRelay = canRelay getLatestMailSender() # flush quarantine. curQuarantine = appSP.getQuarantineMaintenenceView() curQuarantineList = curQuarantine.listInboxes() for checkAddress in curQuarantineList['list']: if checkAddress['address']: curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(cls, unused=None): cls._orig_netsettings = uvmContext.networkManager().getNetworkSettings( ) if not cls.not_an_app: name = cls.module_name() print("initial_setup for app %s" % name) if cls._app or uvmContext.appManager().isInstantiated(name): if cls.skip_instantiated() and name not in [ "reports", "shield" ]: pytest.skip('app %s already instantiated' % cls.module_name()) else: if cls.do_not_install_app: # grab cls._app = uvmContext.appManager().app(name) else: # delete and install cls.final_tear_down() cls._app = uvmContext.appManager().instantiate( name, cls.default_policy_id) else: print("starting %s" % (name, )) cls._app = uvmContext.appManager().instantiate( name, cls.default_policy_id) if cls.force_start: cls._app.start() if cls.wait_for_daemon_ready: cls.do_wait_for_daemon_ready() if not cls.no_settings: cls._appSettings = cls._app.getSettings() cls.initial_extra_setup()
def final_extra_tear_down(cls): global appAD # Restore original settings to return to initial settings # print("orig_netsettings <%s>" % orig_netsettings) uvmContext.networkManager().setNetworkSettings(orig_netsettings) if appAD != None: uvmContext.appManager().destroy(appAD.getAppSettings()["id"]) appAD = None
def initial_setup(self): global app, appSettings if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() wait_for_daemon_ready() appSettings = app.getSettings()
def initial_setup(self): global appSettings, app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appSettings = app.getSettings() # run a few sessions so that the classd daemon starts classifying for i in range(2): remote_control.is_online()
def initial_setup(self): global appData, app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appData = app.getSettings() remote_control.run_command("rm -f ./authpost\?*")
def final_tear_down(self): global app, defaultRackCaptivePortal if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if defaultRackCaptivePortal != None: uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] ) defaultRackCaptivePortal = None
def initial_setup(self): global app, default_enabled, orig_netsettings if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() if (not uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().app(self.module_name()) default_enabled = app.getSettings()['shieldEnabled']
def initial_setup(self): if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appmetrics = uvmContext.metricManager().getMetrics( app.getAppSettings()["id"]) self.app = app
def initial_setup(self): global app, appSettings if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() wait_for_daemon_ready() appSettings = app.getSettings()
def final_tear_down(self): global app, appWeb if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if appWeb != None: uvmContext.appManager().destroy( appWeb.getAppSettings()["id"]) appWeb = None
def final_tear_down(self): """ Tear down """ global app if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None
def final_tear_down(self): global app, defaultRackCaptivePortal if app != None: uvmContext.appManager().destroy(app.getAppSettings()["id"]) app = None if defaultRackCaptivePortal != None: uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"]) defaultRackCaptivePortal = None
def initial_setup(self): global indexOfWans, appData, app, orig_netsettings orig_netsettings = uvmContext.networkManager().getNetworkSettings() if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() appData = app.getSettings() indexOfWans = global_functions.get_wan_tuples()
def final_extra_tear_down(cls): global app_wan_failover # Restore original settings to return to initial settings if app_wan_failover != None: uvmContext.appManager().destroy( app_wan_failover.getAppSettings()["id"] ) app_wan_failover = None if orig_netsettings != None: uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def final_extra_tear_down(cls): global orig_network_settings # Restore original settings to return to initial settings if orig_network_settings != None: uvmContext.networkManager().setNetworkSettings( orig_network_settings) if cls._app_web_filter != None: uvmContext.appManager().destroy( cls._app_web_filter.getAppSettings()["id"]) cls._app_web_filter = None
def initial_setup(self): global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) app_web_filter = uvmContext.appManager().instantiate( self.appNameWF(), default_policy_id) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager( ).getNetworkSettings() # disable QoS netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(netsettings) # measure speed pre_down_speed_kbit = global_functions.get_download_speed( download_server="test.untangle.com") # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit / 1024, 2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i][ 'downloadBandwidthKbps'] = wan_limit_kbit netsettings['interfaces']['list'][i][ 'uploadBandwidthKbps'] = wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy(netsettings) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy(netsettings) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos)
def final_tear_down(cls, unused=None): uvmContext.networkManager().setNetworkSettings(cls._orig_netsettings) if cls._app: cls.final_extra_tear_down() if not cls.do_not_remove_app: name = cls.module_name() if cls._app or uvmContext.appManager().isInstantiated(name): uvmContext.appManager().destroy(cls.get_app_id()) cls._app = None
def final_tear_down(self): global app, app_web_filter, orig_network_settings # Restore original settings to return to initial settings if orig_network_settings != None: uvmContext.networkManager().setNetworkSettings( orig_network_settings ) if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if app_web_filter != None: uvmContext.appManager().destroy( app_web_filter.getAppSettings()["id"] ) app_web_filter = None
def final_tear_down(self): global app, appAD # Restore original settings to return to initial settings # print("orig_netsettings <%s>" % orig_netsettings) uvmContext.networkManager().setNetworkSettings(orig_netsettings) if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if appAD != None: uvmContext.appManager().destroy( appAD.getAppSettings()["id"] ) appAD = None
def initial_setup(self): global app, AD_RESULT, AD_RESULT, RADIUS_RESULT if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) AD_RESULT = subprocess.call(["ping", "-c", "1", global_functions.AD_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE) RADIUS_RESULT = subprocess.call(["ping", "-c", "1", global_functions.RADIUS_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE) # enable the API for testing appSettings = app.getSettings() appSettings['apiEnabled'] = True app.setSettings(appSettings)
def initial_extra_setup(cls): global appData, appWeb, appWebData appData = cls._app.getSettings() if (uvmContext.appManager().isInstantiated(cls.appWeb())): raise Exception('app %s already instantiated' % cls.appWeb()) appWeb = uvmContext.appManager().instantiate(cls.appWeb(), default_policy_id) appWebData = appWeb.getSettings() appData['ignoreRules']['list'].insert( 0, createSSLInspectRule(testedServerDomainWildcard)) cls._app.setSettings(appData)
def final_tear_down(self): global app, web_app # remove all the apps in case test 103 does not remove them. for name in apps_list: if (uvmContext.appManager().isInstantiated(name)): remove_app = uvmContext.appManager().app(name) uvmContext.appManager().destroy(remove_app.getAppSettings()["id"]) if app != None: app.setSettings(orig_settings) if orig_mailsettings != None: uvmContext.mailSender().setSettings(orig_mailsettings) app = None web_app = None
def final_extra_tear_down(cls): global web_app # remove all the apps in case test 103 does not remove them. for name in apps_list: if (uvmContext.appManager().isInstantiated(name)): remove_app = uvmContext.appManager().app(name) uvmContext.appManager().destroy( remove_app.getAppSettings()["id"]) if orig_mailsettings != None: uvmContext.mailSender().setSettings(orig_mailsettings) web_app = None
def initial_setup(self): global app, appData, appWeb, appWebData if uvmContext.appManager().isInstantiated(self.module_name()): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() # must be called since the app doesn't auto-start appData = app.getSettings() if (uvmContext.appManager().isInstantiated(self.appWeb())): raise Exception('app %s already instantiated' % self.appWeb()) appWeb = uvmContext.appManager().instantiate(self.appWeb(), default_policy_id) appWebData = appWeb.getSettings() appData['ignoreRules']['list'].insert(0,createSSLInspectRule(testedServerDomainWildcard)) app.setSettings(appData)
def initial_setup(self): global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult tunnelUp = False if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) if (uvmContext.appManager().isInstantiated(self.appNameAD())): raise unittest.SkipTest('app %s already instantiated' % self.module_name()) if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() appAD = uvmContext.appManager().instantiate(self.appNameAD(), default_policy_id) appDataRD = appAD.getSettings().get('radiusSettings') ipsecHostResult = subprocess.call(["ping","-c","1",ipsecHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE) l2tpClientHostResult = subprocess.call(["ping","-c","1",l2tpClientHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE) radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_009_IsRunningAndSSL(self): appSSL = appSP = uvmContext.appManager().app(self.appNameSSLInspector()) appSSL.start() result = subprocess.call("ps aux | grep spamd | grep -v grep >/dev/null 2>&1", shell=True) assert (result == 0) result = subprocess.call("ps aux | grep spamcatd | grep -v grep >/dev/null 2>&1", shell=True) assert ( result == 0 )
def initial_setup(self): global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) app_web_filter = uvmContext.appManager().instantiate(self.appNameWF(), default_policy_id) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager().getNetworkSettings() # disable QoS netsettings = copy.deepcopy( orig_network_settings ) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( netsettings ) # measure speed pre_down_speed_kbit = global_functions.get_download_speed(download_server="test.untangle.com") # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit*8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit/1024,2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy( orig_network_settings ) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wan_limit_kbit netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy( netsettings ) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy( netsettings ) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(orig_network_settings_with_qos)
def test_022_addFirewallToSecondRack(self): global secondRackFirewall secondRackFirewall = uvmContext.appManager().instantiate("firewall", secondRackId) assert (secondRackFirewall != None) # add a block rule for the client IP rules = secondRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip)); secondRackFirewall.setRules(rules);
def initial_setup(self): global app, appWeb, appDC, tunnelApp, appData, vpnHostResult, vpnClientResult, vpnServerResult, vpnUserPassHostResult, adResult, radiusResult if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() appWeb = None appDC = None tunnelApp = None if (uvmContext.appManager().isInstantiated(self.appWebName())): raise Exception('app %s already instantiated' % self.appWebName()) appWeb = uvmContext.appManager().instantiate(self.appWebName(), default_policy_id) vpnHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) vpnUserPassHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_USER_PASS_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) vpnClientResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_CLIENT_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE) wanIP = uvmContext.networkManager().getFirstWanAddress() if vpnClientResult == 0: vpnServerResult = remote_control.run_command("ping -W 5 -c 1 " + wanIP, host=global_functions.VPN_CLIENT_IP) else: vpnServerResult = 1 adResult = subprocess.call(["ping","-c","1",global_functions.AD_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE) radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_030_addWebFilterToSecondRack(self): global secondRackWebfilter secondRackWebfilter = uvmContext.appManager().instantiate("web-filter", secondRackId) assert (secondRackWebfilter != None) result = remote_control.is_online() assert (result == 0) # add a block rule newRule = { "blocked": True, "description": "desc", "flagged": True, "javaClass": "com.untangle.uvm.app.GenericRule", "string": "test.untangle.com/test/testPage1.html" } rules = secondRackWebfilter.getBlockedUrls() rules["list"].append(newRule) secondRackWebfilter.setBlockedUrls(rules) # verify traffic is now blocked (third rack inherits web filter from second rack) result = remote_control.run_command("wget -4 -t 2 --timeout=5 -q -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q blockpage") assert (result == 0)
def test_03_reports_flush_events(self): """verify reports flush events works""" reports = uvmContext.appManager().app("reports") assert reports != None reports.flushEvents()
def final_tear_down(self): if self.app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) self.app = None
def test_02_reports_is_installed(self): """verify reports is installed (needed for event log tests)""" global uvmContext if not uvmContext.appManager().isInstantiated('reports'): uvmContext.appManager().instantiate('reports', None) assert uvmContext.appManager().isInstantiated('reports')
def initial_setup(self): global app if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) app.start() # must be called since web cache doesn't auto-start
def test_80_OpenVPNTunnelVPNConflict(self): """test conflict of OpenVPN and TunnelVPN when 'boundInterfaceId' is set to the first wan IP""" global tunnelApp vpn_tunnel_file = "http://10.111.56.29/openvpn-ats-test-tunnelvpn-config.zip" index_of_wans = global_functions.get_wan_tuples() if index_of_wans == []: raise unittest.SkipTest("No static or auto WAN") # print(index_of_wans[0]) def create_tunnel_rule(vpn_enabled=True,vpn_ipv6=True,rule_id=50,vpn_tunnel_id=200): return { "conditions": { "javaClass": "java.util.LinkedList", "list": [] }, "description": "Route all traffic over any available Tunnel.", "enabled": vpn_enabled, "ipv6Enabled": vpn_ipv6, "javaClass": "com.untangle.app.tunnel_vpn.TunnelVpnRule", "ruleId": rule_id, "tunnelId": vpn_tunnel_id } def create_tunnel_profile(vpn_enabled=True,provider="tunnel-Untangle",vpn_tunnel_id=200): return { "allTraffic": False, "enabled": vpn_enabled, "javaClass": "com.untangle.app.tunnel_vpn.TunnelVpnTunnelSettings", "name": "tunnel-Untangle", "provider": "Untangle", "tags": { "javaClass": "java.util.LinkedList", "list": [] }, "tunnelId": vpn_tunnel_id, "boundInterfaceId": index_of_wans[0][0] } #set up OpenVPN server appData = app.getSettings() appData["serverEnabled"]=True siteName = appData['siteName'] appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) app.setSettings(appData) # install TunnelVPN tunnelAppName = "tunnel-vpn" if (uvmContext.appManager().isInstantiated(tunnelAppName)): print('app %s already instantiated' % tunnelAppName) tunnelApp = uvmContext.appManager().app(tunnelAppName) else: tunnelApp = uvmContext.appManager().instantiate(tunnelAppName, default_policy_id) tunnelApp.start() #set up TunnelVPN result = subprocess.call("wget -o /dev/null -t 1 --timeout=3 " + vpn_tunnel_file + " -O /tmp/config.zip", shell=True) if (result != 0): raise unittest.SkipTest("Unable to download VPN file: " + vpn_tunnel_file) currentWanIP = remote_control.run_command("wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",stdout=True) if (currentWanIP == ""): raise unittest.SkipTest("Unable to get WAN IP") # print("Original WAN IP: " + currentWanIP) tunnelApp.importTunnelConfig("/tmp/config.zip", "Untangle", 200) tunnelAppData = tunnelApp.getSettings() tunnelAppData['rules']['list'].append(create_tunnel_rule()) tunnelAppData['tunnels']['list'].append(create_tunnel_profile()) tunnelApp.setSettings(tunnelAppData) # wait for vpn tunnel to form timeout = 240 connected = False connectStatus = "" newWanIP = currentWanIP while (not connected and timeout > 0): listOfConnections = tunnelApp.getTunnelStatusList() connectStatus = listOfConnections['list'][0]['stateInfo'] if (connectStatus == "CONNECTED"): newWanIP = remote_control.run_command("wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",stdout=True) if (currentWanIP != newWanIP): connected = True else: time.sleep(1) timeout-=1 else: time.sleep(1) timeout-=1 # disable the added tunnel tunnelAppData['rules']['list'][:] = [] for i in range(len(tunnelAppData['tunnels']['list'])): tunnelAppData['tunnels']['list'][i]['enabled'] = False print(tunnelAppData['tunnels']['list'][i]['enabled']) tunnelApp.setSettings(tunnelAppData) #stop tunnel here time.sleep(3) tunnelApp.stop() # If VPN tunnel has failed to connect, fail the test, assert(connected)
def test_079_createClientVPNTunnelADUserPass(self): global appData, vpnServerResult, vpnClientResult, appDC if (vpnClientResult != 0 or vpnServerResult != 0): raise unittest.SkipTest("No paried VPN client available") pre_events_connect = global_functions.get_app_metric_value(app,"connect") if (adResult != 0): raise unittest.SkipTest("No AD server available") appNameDC = "directory-connector" if (uvmContext.appManager().isInstantiated(appNameDC)): print("App %s already installed" % appNameDC) appDC = uvmContext.appManager().app(appNameDC) else: appDC = uvmContext.appManager().instantiate(appNameDC, default_policy_id) appDC.setSettings(createDirectoryConnectorSettings(ad_enable=True,ldap_secure=True)) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,) loopLimit = 5 while ((running == 0) and (loopLimit > 0)): # OpenVPN is running, wait 5 sec to see if openvpn is done loopLimit -= 1 time.sleep(5) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if loopLimit == 0: # try killing the openvpn session as it is probably stuck remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) time.sleep(2) running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP) if running == 0: raise unittest.SkipTest("OpenVPN test machine already in use") appData = app.getSettings() appData["serverEnabled"]=True siteName = appData['siteName'] appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC appData['remoteClients']['list'][:] = [] appData['remoteClients']['list'].append(setUpClient()) #enable user/password authentication, set to AD directory appData['authUserPass']=True appData["authenticationType"]="ACTIVE_DIRECTORY" app.setSettings(appData) clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip") #download, unzip, move config to correct directory result = configureVPNClientForConnection(clientLink) assert(result == 0) #create credentials file containing username/password remote_control.run_command("echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP) #connect to openvpn using the file remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP) timeout = waitForClientVPNtoConnect() # fail if tunnel doesn't connect assert(timeout > 0) # ping the test host behind the Untangle from the remote testbox result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP) listOfClients = app.getActiveClients() print("address " + listOfClients['list'][0]['address']) print("vpn address 1 " + listOfClients['list'][0]['poolAddress']) host_result = remote_control.run_command("host test.untangle.com", stdout=True) match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result) ip_address_testuntangle = (match.group()).replace('address ','') # stop the vpn tunnel on remote box remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP) # openvpn takes time to shut down time.sleep(3) assert(result==0) assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP) events = global_functions.get_events('OpenVPN','Connection Events',None,1) assert(events != None) found = global_functions.check_events( events.get('list'), 5, 'remote_address', global_functions.VPN_CLIENT_IP, 'client_name', vpnClientName ) assert( found ) # Check to see if the faceplate counters have incremented. post_events_connect = global_functions.get_app_metric_value(app, "connect") assert(pre_events_connect < post_events_connect)
def initial_setup(self): if (uvmContext.appManager().isInstantiated(self.module_name())): raise Exception('app %s already instantiated' % self.module_name()) app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id) appmetrics = uvmContext.metricManager().getMetrics(app.getAppSettings()["id"]) self.app = app