def initial_setup(self):
global appData, app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
appData = app.getSettings()
remote_control.run_command("rm -f ./authpost\?*")
def initial_setup(self):
global app,md5StdNum, appSSL, appSSLData, canRelay
# download eicar and trojan files before installing virus blocker
self.ftp_user_name, self.ftp_password = global_functions.get_live_account_info("ftp")
remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file")
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com")
assert (result == 0)
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True)
self.md5StdNum = md5StdNum
# print("md5StdNum <%s>" % md5StdNum)
assert (result == 0)
try:
canRelay = global_functions.send_test_email(mailhost=testsiteIP)
except Exception as e:
canRelay = False
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise unittest.SkipTest('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
self.app = app
if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()):
raise Exception('app %s already instantiated' % self.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id)
# appSSL.start() # leave app off. app doesn't auto-start
appSSLData = appSSL.getSettings()
# Enable cloud connection
system_settings = uvmContext.systemManager().getSettings()
system_settings['cloudEnabled'] = True
uvmContext.systemManager().setSettings(system_settings)
def initial_setup(self):
global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult
tunnelUp = False
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
if (uvmContext.appManager().isInstantiated(self.appNameAD())):
raise unittest.SkipTest('app %s already instantiated' %
self.module_name())
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
appAD = uvmContext.appManager().instantiate(self.appNameAD(),
default_policy_id)
appDataRD = appAD.getSettings().get('radiusSettings')
ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
l2tpClientHostResult = subprocess.call(
["ping", "-c", "1", l2tpClientHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
radiusResult = subprocess.call(
["ping", "-c", "1", global_functions.RADIUS_SERVER],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def test_040_localCaptivePortalToSecondRack(self):
global defaultRackCaptivePortal
remote_control.run_command("rm -f /tmp/policy_test_040*")
defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id)
assert (defaultRackCaptivePortal != None)
defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings()
# turn default capture rule on and basic login
defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True
defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY"
defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN"
defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# check host table and remove username for host IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
userHost['username'] = ""
userHost['usernameCaptivePortal'] = ""
uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,userHost)
# userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
# print(userHost)
nukeRules()
appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId))
# check that basic captive page is shown
result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/")
assert (result == 0)
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out")
assert (search == 0)
# check if local directory login and password works
ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True)
ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind )
captureIP = ip[0]
print('Capture IP address is %s' % captureIP)
appid = str(defaultRackCaptivePortal.getAppSettings()["id"])
# print('appid is %s' % appid # debug line)
result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'")
assert (result == 0)
# verify the username is assigned to the IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
assert (userHost['username'] == "test20")
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
# firewall on rack 2 is blocking all, we should not get the test.untangle.com page
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/")
search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out")
assert (search != 0)
# Or the captive page
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out")
assert (search != 0)
# Logout
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout")
assert (result == 0)
search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out")
assert (search == 0)
# remove captive portal and test user
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def initial_extra_setup(cls):
global orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app
reportSettings = cls._app.getSettings()
orig_settings = copy.deepcopy(reportSettings)
if (uvmContext.appManager().isInstantiated(cls.webAppName())):
raise Exception('app %s already instantiated' % cls.webAppName())
web_app = uvmContext.appManager().instantiate(cls.webAppName(),
default_policy_id)
# Skip checking relaying is possible if we have determined it as true on previous test.
try:
can_relay = global_functions.send_test_email()
except Exception as e:
can_relay = False
if can_syslog == None:
can_syslog = False
wan_IP = uvmContext.networkManager().getFirstWanAddress()
syslog_server_host = global_functions.find_syslog_server(wan_IP)
if syslog_server_host:
portResult = remote_control.run_command(
"sudo lsof -i :514", host=syslog_server_host)
if portResult == 0:
can_syslog = True
def initial_extra_setup(cls):
# FIXME: same as SpamBlockerBaseTests
global appData, appSP, appDataSP, appSSL, canRelay
appData = cls._app.getSettings()
appSP = uvmContext.appManager().app(cls.appNameSpamCase())
appDataSP = appSP.getSmtpSettings()
if uvmContext.appManager().isInstantiated(cls.appNameSSLInspector()):
raise Exception('app %s already instantiated' %
cls.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(cls.appNameSSLInspector(),
default_policy_id)
# appSSL.start() # leave app off. app doesn't auto-start
try:
canRelay = global_functions.send_test_email(
mailhost=smtpServerHost)
except Exception as e:
canRelay = False
getLatestMailSender()
# flush quarantine.
curQuarantine = appSP.getQuarantineMaintenenceView()
curQuarantineList = curQuarantine.listInboxes()
for checkAddress in curQuarantineList['list']:
if checkAddress['address']:
curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(self):
global app
if (uvmContext.appManager().isInstantiated(self.module_name())):
app = uvmContext.appManager().app(self.module_name())
else:
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
def initial_setup(self):
global app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
app.start() # must be called since web cache doesn't auto-start
def test_030_test_smtp_settings(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# Test mail setting in config -> email -> outgoing server
if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())):
print("smtp case present")
else:
print("smtp not present")
uvmContext.appManager().instantiate(self.appNameSpamCase(), 1)
appSP = uvmContext.appManager().app(self.appNameSpamCase())
origAppDataSP = appSP.getSmtpSettings()
origMailsettings = uvmContext.mailSender().getSettings()
# print(appDataSP)
newMailsettings = copy.deepcopy(origMailsettings)
newMailsettings['smtpHost'] = global_functions.TEST_SERVER_HOST
newMailsettings['smtpPort'] = "6800"
newMailsettings['sendMethod'] = 'CUSTOM'
uvmContext.mailSender().setSettings(newMailsettings)
time.sleep(10) # give it time for exim to restart
appDataSP = appSP.getSmtpSettings()
appSP.setSmtpSettingsWithoutSafelists(appDataSP)
recipient = global_functions.random_email()
uvmContext.mailSender().sendTestMessage(recipient)
time.sleep(2)
# force exim to flush queue
subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None)
time.sleep(10)
uvmContext.mailSender().setSettings(origMailsettings)
appSP.setSmtpSettingsWithoutSafelists(origAppDataSP)
emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True)
assert('Test Message' in emailContext)
def initial_setup(self):
global app, orig_settings, test_email_address, can_relay, can_syslog, syslog_server_host, web_app
if (uvmContext.appManager().isInstantiated(self.module_name())):
# report app is normally installed.
# print("App %s already installed" % self.module_name())
# raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().app(self.module_name())
else:
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
reportSettings = app.getSettings()
orig_settings = copy.deepcopy(reportSettings)
if (uvmContext.appManager().isInstantiated(self.webAppName())):
raise Exception('app %s already instantiated' % self.webAppName())
web_app = uvmContext.appManager().instantiate(self.webAppName(), default_policy_id)
# Skip checking relaying is possible if we have determined it as true on previous test.
try:
can_relay = global_functions.send_test_email()
except Exception as e:
can_relay = False
if can_syslog == None:
can_syslog = False
wan_IP = uvmContext.networkManager().getFirstWanAddress()
syslog_server_host = global_functions.find_syslog_server(wan_IP)
if syslog_server_host:
portResult = remote_control.run_command("sudo lsof -i :514", host=syslog_server_host)
if portResult == 0:
can_syslog = True
def test_030_test_smtp_settings(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# Test mail setting in config -> email -> outgoing server
if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())):
print("smtp case present")
else:
print("smtp not present")
uvmContext.appManager().instantiate(self.appNameSpamCase(), 1)
appSP = uvmContext.appManager().app(self.appNameSpamCase())
origAppDataSP = appSP.getSmtpSettings()
origMailsettings = uvmContext.mailSender().getSettings()
# print(appDataSP)
newMailsettings = copy.deepcopy(origMailsettings)
newMailsettings['smtpHost'] = global_functions.TEST_SERVER_HOST
newMailsettings['smtpPort'] = "6800"
newMailsettings['sendMethod'] = 'CUSTOM'
uvmContext.mailSender().setSettings(newMailsettings)
time.sleep(10) # give it time for exim to restart
appDataSP = appSP.getSmtpSettings()
appSP.setSmtpSettingsWithoutSafelists(appDataSP)
recipient = global_functions.random_email()
uvmContext.mailSender().sendTestMessage(recipient)
time.sleep(2)
# force exim to flush queue
subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None)
time.sleep(10)
uvmContext.mailSender().setSettings(origMailsettings)
appSP.setSmtpSettingsWithoutSafelists(origAppDataSP)
emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True)
assert('Test Message' in emailContext)
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip));
blockRackFirewall.setRules(rules);
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] )
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager','All Events',None,100)
assert(events != None)
found = global_functions.check_events( events.get('list'), 100,
"s_server_addr", str(test_untangle_com_ip),
"policy_id", 1,
"c_client_addr", remote_control.client_ip)
assert( found )
def initial_setup(self):
global app,md5StdNum, appSSL, appSSLData, canRelay
# download eicar and trojan files before installing virus blocker
self.ftp_user_name, self.ftp_password = global_functions.get_live_account_info("ftp")
remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file")
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com")
assert (result == 0)
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftp_server + "/virus/fedexvirus.zip")
assert (result == 0)
md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True)
self.md5StdNum = md5StdNum
# print("md5StdNum <%s>" % md5StdNum)
assert (result == 0)
try:
canRelay = global_functions.send_test_email(mailhost=testsiteIP)
except Exception as e:
canRelay = False
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise unittest.SkipTest('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
self.app = app
if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()):
raise Exception('app %s already instantiated' % self.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id)
# appSSL.start() # leave app off. app doesn't auto-start
appSSLData = appSSL.getSettings()
# Enable cloud connection
system_settings = uvmContext.systemManager().getSettings()
system_settings['cloudEnabled'] = True
uvmContext.systemManager().setSettings(system_settings)
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate(
"firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(
createFirewallSingleConditionRule("SRC_ADDR",
remote_control.client_ip))
blockRackFirewall.setRules(rules)
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy(
blockRackFirewall.getAppSettings()["id"])
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager', 'All Events',
None, 100)
assert (events != None)
found = global_functions.check_events(events.get('list'), 100,
"s_server_addr",
str(test_untangle_com_ip),
"policy_id", 1, "c_client_addr",
remote_control.client_ip)
assert (found)
def initial_setup(self):
global app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
app.start()
def initial_setup(self):
global app, appData, appSP, appDataSP, appSSL, appSSLData, canRelay
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise unittest.SkipTest('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
appData = app.getSettings()
appSP = uvmContext.appManager().app(self.appNameSpamCase())
appDataSP = appSP.getSmtpSettings()
if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()):
raise Exception('app %s already instantiated' % self.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), default_policy_id)
# appSSL.start() # leave app off. app doesn't auto-start
appSSLData = appSSL.getSettings()
try:
canRelay = global_functions.send_test_email(mailhost=smtpServerHost)
except Exception as e:
canRelay = False
self.canRelay = canRelay
getLatestMailSender()
# flush quarantine.
curQuarantine = appSP.getQuarantineMaintenenceView()
curQuarantineList = curQuarantine.listInboxes()
for checkAddress in curQuarantineList['list']:
if checkAddress['address']:
curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(self):
global app, appData, appSP, appDataSP, appSSL, appSSLData, canRelay
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise unittest.SkipTest('app %s already instantiated' %
self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
appData = app.getSettings()
appSP = uvmContext.appManager().app(self.appNameSpamCase())
appDataSP = appSP.getSmtpSettings()
if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()):
raise Exception('app %s already instantiated' %
self.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(
self.appNameSSLInspector(), default_policy_id)
# appSSL.start() # leave app off. app doesn't auto-start
appSSLData = appSSL.getSettings()
try:
canRelay = global_functions.send_test_email(
mailhost=smtpServerHost)
except Exception as e:
canRelay = False
self.canRelay = canRelay
getLatestMailSender()
# flush quarantine.
curQuarantine = appSP.getQuarantineMaintenenceView()
curQuarantineList = curQuarantine.listInboxes()
for checkAddress in curQuarantineList['list']:
if checkAddress['address']:
curQuarantine.deleteInbox(checkAddress['address'])
def initial_setup(cls, unused=None):
cls._orig_netsettings = uvmContext.networkManager().getNetworkSettings(
)
if not cls.not_an_app:
name = cls.module_name()
print("initial_setup for app %s" % name)
if cls._app or uvmContext.appManager().isInstantiated(name):
if cls.skip_instantiated() and name not in [
"reports", "shield"
]:
pytest.skip('app %s already instantiated' %
cls.module_name())
else:
if cls.do_not_install_app: # grab
cls._app = uvmContext.appManager().app(name)
else: # delete and install
cls.final_tear_down()
cls._app = uvmContext.appManager().instantiate(
name, cls.default_policy_id)
else:
print("starting %s" % (name, ))
cls._app = uvmContext.appManager().instantiate(
name, cls.default_policy_id)
if cls.force_start:
cls._app.start()
if cls.wait_for_daemon_ready:
cls.do_wait_for_daemon_ready()
if not cls.no_settings:
cls._appSettings = cls._app.getSettings()
cls.initial_extra_setup()
def final_extra_tear_down(cls):
global appAD
# Restore original settings to return to initial settings
# print("orig_netsettings <%s>" % orig_netsettings)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
if appAD != None:
uvmContext.appManager().destroy(appAD.getAppSettings()["id"])
appAD = None
def initial_setup(self):
global app, appSettings
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start()
wait_for_daemon_ready()
appSettings = app.getSettings()
def initial_setup(self):
global appSettings, app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
appSettings = app.getSettings()
# run a few sessions so that the classd daemon starts classifying
for i in range(2): remote_control.is_online()
def initial_setup(self):
global appData, app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
appData = app.getSettings()
remote_control.run_command("rm -f ./authpost\?*")
def final_tear_down(self):
global app, defaultRackCaptivePortal
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if defaultRackCaptivePortal != None:
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def initial_setup(self):
global app, default_enabled, orig_netsettings
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (not uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().app(self.module_name())
default_enabled = app.getSettings()['shieldEnabled']
def initial_setup(self):
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
appmetrics = uvmContext.metricManager().getMetrics(
app.getAppSettings()["id"])
self.app = app
def initial_setup(self):
global app, appSettings
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start()
wait_for_daemon_ready()
appSettings = app.getSettings()
def final_tear_down(self):
global app, appWeb
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if appWeb != None:
uvmContext.appManager().destroy( appWeb.getAppSettings()["id"])
appWeb = None
def final_tear_down(self):
"""
Tear down
"""
global app
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
def final_tear_down(self):
global app, defaultRackCaptivePortal
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
if defaultRackCaptivePortal != None:
uvmContext.appManager().destroy(
defaultRackCaptivePortal.getAppSettings()["id"])
defaultRackCaptivePortal = None
def initial_setup(self):
global indexOfWans, appData, app, orig_netsettings
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start()
appData = app.getSettings()
indexOfWans = global_functions.get_wan_tuples()
def final_extra_tear_down(cls):
global app_wan_failover
# Restore original settings to return to initial settings
if app_wan_failover != None:
uvmContext.appManager().destroy( app_wan_failover.getAppSettings()["id"] )
app_wan_failover = None
if orig_netsettings != None:
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def final_extra_tear_down(cls):
global orig_network_settings
# Restore original settings to return to initial settings
if orig_network_settings != None:
uvmContext.networkManager().setNetworkSettings(
orig_network_settings)
if cls._app_web_filter != None:
uvmContext.appManager().destroy(
cls._app_web_filter.getAppSettings()["id"])
cls._app_web_filter = None
def initial_setup(self):
global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(),
default_policy_id)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
app_web_filter = uvmContext.appManager().instantiate(
self.appNameWF(), default_policy_id)
if orig_network_settings == None:
orig_network_settings = uvmContext.networkManager(
).getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(netsettings)
# measure speed
pre_down_speed_kbit = global_functions.get_download_speed(
download_server="test.untangle.com")
# calculate QoS limits
wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wan_limit_kbit > 100000: wan_limit_kbit = 100000
wan_limit_mbit = round(wan_limit_kbit / 1024, 2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i][
'downloadBandwidthKbps'] = wan_limit_kbit
netsettings['interfaces']['list'][i][
'uploadBandwidthKbps'] = wan_limit_kbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
orig_network_settings_with_qos = copy.deepcopy(netsettings)
orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True
orig_network_settings_without_qos = copy.deepcopy(netsettings)
orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(
orig_network_settings_with_qos)
def final_tear_down(cls, unused=None):
uvmContext.networkManager().setNetworkSettings(cls._orig_netsettings)
if cls._app:
cls.final_extra_tear_down()
if not cls.do_not_remove_app:
name = cls.module_name()
if cls._app or uvmContext.appManager().isInstantiated(name):
uvmContext.appManager().destroy(cls.get_app_id())
cls._app = None
def final_tear_down(self):
global app, app_web_filter, orig_network_settings
# Restore original settings to return to initial settings
if orig_network_settings != None:
uvmContext.networkManager().setNetworkSettings( orig_network_settings )
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if app_web_filter != None:
uvmContext.appManager().destroy( app_web_filter.getAppSettings()["id"] )
app_web_filter = None
def final_tear_down(self):
global app, appAD
# Restore original settings to return to initial settings
# print("orig_netsettings <%s>" % orig_netsettings)
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if appAD != None:
uvmContext.appManager().destroy( appAD.getAppSettings()["id"] )
appAD = None
def initial_setup(self):
global app, AD_RESULT, AD_RESULT, RADIUS_RESULT
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
AD_RESULT = subprocess.call(["ping", "-c", "1", global_functions.AD_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
RADIUS_RESULT = subprocess.call(["ping", "-c", "1", global_functions.RADIUS_SERVER], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# enable the API for testing
appSettings = app.getSettings()
appSettings['apiEnabled'] = True
app.setSettings(appSettings)
def initial_extra_setup(cls):
global appData, appWeb, appWebData
appData = cls._app.getSettings()
if (uvmContext.appManager().isInstantiated(cls.appWeb())):
raise Exception('app %s already instantiated' % cls.appWeb())
appWeb = uvmContext.appManager().instantiate(cls.appWeb(),
default_policy_id)
appWebData = appWeb.getSettings()
appData['ignoreRules']['list'].insert(
0, createSSLInspectRule(testedServerDomainWildcard))
cls._app.setSettings(appData)
def final_tear_down(self):
global app, web_app
# remove all the apps in case test 103 does not remove them.
for name in apps_list:
if (uvmContext.appManager().isInstantiated(name)):
remove_app = uvmContext.appManager().app(name)
uvmContext.appManager().destroy(remove_app.getAppSettings()["id"])
if app != None:
app.setSettings(orig_settings)
if orig_mailsettings != None:
uvmContext.mailSender().setSettings(orig_mailsettings)
app = None
web_app = None
def final_extra_tear_down(cls):
global web_app
# remove all the apps in case test 103 does not remove them.
for name in apps_list:
if (uvmContext.appManager().isInstantiated(name)):
remove_app = uvmContext.appManager().app(name)
uvmContext.appManager().destroy(
remove_app.getAppSettings()["id"])
if orig_mailsettings != None:
uvmContext.mailSender().setSettings(orig_mailsettings)
web_app = None
def initial_setup(self):
global app, appData, appWeb, appWebData
if uvmContext.appManager().isInstantiated(self.module_name()):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start() # must be called since the app doesn't auto-start
appData = app.getSettings()
if (uvmContext.appManager().isInstantiated(self.appWeb())):
raise Exception('app %s already instantiated' % self.appWeb())
appWeb = uvmContext.appManager().instantiate(self.appWeb(), default_policy_id)
appWebData = appWeb.getSettings()
appData['ignoreRules']['list'].insert(0,createSSLInspectRule(testedServerDomainWildcard))
app.setSettings(appData)
def initial_setup(self):
global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult
tunnelUp = False
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
if (uvmContext.appManager().isInstantiated(self.appNameAD())):
raise unittest.SkipTest('app %s already instantiated' % self.module_name())
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
appAD = uvmContext.appManager().instantiate(self.appNameAD(), default_policy_id)
appDataRD = appAD.getSettings().get('radiusSettings')
ipsecHostResult = subprocess.call(["ping","-c","1",ipsecHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
l2tpClientHostResult = subprocess.call(["ping","-c","1",l2tpClientHost],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_009_IsRunningAndSSL(self):
appSSL = appSP = uvmContext.appManager().app(self.appNameSSLInspector())
appSSL.start()
result = subprocess.call("ps aux | grep spamd | grep -v grep >/dev/null 2>&1", shell=True)
assert (result == 0)
result = subprocess.call("ps aux | grep spamcatd | grep -v grep >/dev/null 2>&1", shell=True)
assert ( result == 0 )
def initial_setup(self):
global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
app_web_filter = uvmContext.appManager().instantiate(self.appNameWF(), default_policy_id)
if orig_network_settings == None:
orig_network_settings = uvmContext.networkManager().getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy( orig_network_settings )
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings( netsettings )
# measure speed
pre_down_speed_kbit = global_functions.get_download_speed(download_server="test.untangle.com")
# calculate QoS limits
wan_limit_kbit = int((pre_down_speed_kbit*8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wan_limit_kbit > 100000: wan_limit_kbit = 100000
wan_limit_mbit = round(wan_limit_kbit/1024,2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy( orig_network_settings )
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wan_limit_kbit
netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wan_limit_kbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
orig_network_settings_with_qos = copy.deepcopy( netsettings )
orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True
orig_network_settings_without_qos = copy.deepcopy( netsettings )
orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(orig_network_settings_with_qos)
def test_022_addFirewallToSecondRack(self):
global secondRackFirewall
secondRackFirewall = uvmContext.appManager().instantiate("firewall", secondRackId)
assert (secondRackFirewall != None)
# add a block rule for the client IP
rules = secondRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.client_ip));
secondRackFirewall.setRules(rules);
def initial_setup(self):
global app, appWeb, appDC, tunnelApp, appData, vpnHostResult, vpnClientResult, vpnServerResult, vpnUserPassHostResult, adResult, radiusResult
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start()
appWeb = None
appDC = None
tunnelApp = None
if (uvmContext.appManager().isInstantiated(self.appWebName())):
raise Exception('app %s already instantiated' % self.appWebName())
appWeb = uvmContext.appManager().instantiate(self.appWebName(), default_policy_id)
vpnHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
vpnUserPassHostResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_SERVER_USER_PASS_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
vpnClientResult = subprocess.call(["ping","-W","5","-c","1",global_functions.VPN_CLIENT_IP],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
wanIP = uvmContext.networkManager().getFirstWanAddress()
if vpnClientResult == 0:
vpnServerResult = remote_control.run_command("ping -W 5 -c 1 " + wanIP, host=global_functions.VPN_CLIENT_IP)
else:
vpnServerResult = 1
adResult = subprocess.call(["ping","-c","1",global_functions.AD_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
radiusResult = subprocess.call(["ping","-c","1",global_functions.RADIUS_SERVER],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
def test_030_addWebFilterToSecondRack(self):
global secondRackWebfilter
secondRackWebfilter = uvmContext.appManager().instantiate("web-filter", secondRackId)
assert (secondRackWebfilter != None)
result = remote_control.is_online()
assert (result == 0)
# add a block rule
newRule = { "blocked": True, "description": "desc", "flagged": True, "javaClass": "com.untangle.uvm.app.GenericRule", "string": "test.untangle.com/test/testPage1.html" }
rules = secondRackWebfilter.getBlockedUrls()
rules["list"].append(newRule)
secondRackWebfilter.setBlockedUrls(rules)
# verify traffic is now blocked (third rack inherits web filter from second rack)
result = remote_control.run_command("wget -4 -t 2 --timeout=5 -q -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q blockpage")
assert (result == 0)
def test_03_reports_flush_events(self):
"""verify reports flush events works"""
reports = uvmContext.appManager().app("reports")
assert reports != None
reports.flushEvents()
def final_tear_down(self):
if self.app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
self.app = None
def test_02_reports_is_installed(self):
"""verify reports is installed (needed for event log tests)"""
global uvmContext
if not uvmContext.appManager().isInstantiated('reports'):
uvmContext.appManager().instantiate('reports', None)
assert uvmContext.appManager().isInstantiated('reports')
def initial_setup(self):
global app
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
app.start() # must be called since web cache doesn't auto-start
def test_80_OpenVPNTunnelVPNConflict(self):
"""test conflict of OpenVPN and TunnelVPN when 'boundInterfaceId' is set to the first wan IP"""
global tunnelApp
vpn_tunnel_file = "http://10.111.56.29/openvpn-ats-test-tunnelvpn-config.zip"
index_of_wans = global_functions.get_wan_tuples()
if index_of_wans == []:
raise unittest.SkipTest("No static or auto WAN")
# print(index_of_wans[0])
def create_tunnel_rule(vpn_enabled=True,vpn_ipv6=True,rule_id=50,vpn_tunnel_id=200):
return {
"conditions": {
"javaClass": "java.util.LinkedList",
"list": []
},
"description": "Route all traffic over any available Tunnel.",
"enabled": vpn_enabled,
"ipv6Enabled": vpn_ipv6,
"javaClass": "com.untangle.app.tunnel_vpn.TunnelVpnRule",
"ruleId": rule_id,
"tunnelId": vpn_tunnel_id
}
def create_tunnel_profile(vpn_enabled=True,provider="tunnel-Untangle",vpn_tunnel_id=200):
return {
"allTraffic": False,
"enabled": vpn_enabled,
"javaClass": "com.untangle.app.tunnel_vpn.TunnelVpnTunnelSettings",
"name": "tunnel-Untangle",
"provider": "Untangle",
"tags": {
"javaClass": "java.util.LinkedList",
"list": []
},
"tunnelId": vpn_tunnel_id,
"boundInterfaceId": index_of_wans[0][0]
}
#set up OpenVPN server
appData = app.getSettings()
appData["serverEnabled"]=True
siteName = appData['siteName']
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
app.setSettings(appData)
# install TunnelVPN
tunnelAppName = "tunnel-vpn"
if (uvmContext.appManager().isInstantiated(tunnelAppName)):
print('app %s already instantiated' % tunnelAppName)
tunnelApp = uvmContext.appManager().app(tunnelAppName)
else:
tunnelApp = uvmContext.appManager().instantiate(tunnelAppName, default_policy_id)
tunnelApp.start()
#set up TunnelVPN
result = subprocess.call("wget -o /dev/null -t 1 --timeout=3 " + vpn_tunnel_file + " -O /tmp/config.zip", shell=True)
if (result != 0):
raise unittest.SkipTest("Unable to download VPN file: " + vpn_tunnel_file)
currentWanIP = remote_control.run_command("wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",stdout=True)
if (currentWanIP == ""):
raise unittest.SkipTest("Unable to get WAN IP")
# print("Original WAN IP: " + currentWanIP)
tunnelApp.importTunnelConfig("/tmp/config.zip", "Untangle", 200)
tunnelAppData = tunnelApp.getSettings()
tunnelAppData['rules']['list'].append(create_tunnel_rule())
tunnelAppData['tunnels']['list'].append(create_tunnel_profile())
tunnelApp.setSettings(tunnelAppData)
# wait for vpn tunnel to form
timeout = 240
connected = False
connectStatus = ""
newWanIP = currentWanIP
while (not connected and timeout > 0):
listOfConnections = tunnelApp.getTunnelStatusList()
connectStatus = listOfConnections['list'][0]['stateInfo']
if (connectStatus == "CONNECTED"):
newWanIP = remote_control.run_command("wget --timeout=4 -q -O - \"$@\" test.untangle.com/cgi-bin/myipaddress.py",stdout=True)
if (currentWanIP != newWanIP):
connected = True
else:
time.sleep(1)
timeout-=1
else:
time.sleep(1)
timeout-=1
# disable the added tunnel
tunnelAppData['rules']['list'][:] = []
for i in range(len(tunnelAppData['tunnels']['list'])):
tunnelAppData['tunnels']['list'][i]['enabled'] = False
print(tunnelAppData['tunnels']['list'][i]['enabled'])
tunnelApp.setSettings(tunnelAppData)
#stop tunnel here
time.sleep(3)
tunnelApp.stop()
# If VPN tunnel has failed to connect, fail the test,
assert(connected)
def test_079_createClientVPNTunnelADUserPass(self):
global appData, vpnServerResult, vpnClientResult, appDC
if (vpnClientResult != 0 or vpnServerResult != 0):
raise unittest.SkipTest("No paried VPN client available")
pre_events_connect = global_functions.get_app_metric_value(app,"connect")
if (adResult != 0):
raise unittest.SkipTest("No AD server available")
appNameDC = "directory-connector"
if (uvmContext.appManager().isInstantiated(appNameDC)):
print("App %s already installed" % appNameDC)
appDC = uvmContext.appManager().app(appNameDC)
else:
appDC = uvmContext.appManager().instantiate(appNameDC, default_policy_id)
appDC.setSettings(createDirectoryConnectorSettings(ad_enable=True,ldap_secure=True))
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP,)
loopLimit = 5
while ((running == 0) and (loopLimit > 0)):
# OpenVPN is running, wait 5 sec to see if openvpn is done
loopLimit -= 1
time.sleep(5)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if loopLimit == 0:
# try killing the openvpn session as it is probably stuck
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
time.sleep(2)
running = remote_control.run_command("pidof openvpn", host=global_functions.VPN_CLIENT_IP)
if running == 0:
raise unittest.SkipTest("OpenVPN test machine already in use")
appData = app.getSettings()
appData["serverEnabled"]=True
siteName = appData['siteName']
appData['exports']['list'].append(create_export("192.0.2.0/24")) # append in case using LXC
appData['remoteClients']['list'][:] = []
appData['remoteClients']['list'].append(setUpClient())
#enable user/password authentication, set to AD directory
appData['authUserPass']=True
appData["authenticationType"]="ACTIVE_DIRECTORY"
app.setSettings(appData)
clientLink = app.getClientDistributionDownloadLink(vpnClientName,"zip")
#download, unzip, move config to correct directory
result = configureVPNClientForConnection(clientLink)
assert(result == 0)
#create credentials file containing username/password
remote_control.run_command("echo " + global_functions.AD_USER + " > /tmp/authUserPassFile; echo passwd >> /tmp/authUserPassFile", host=global_functions.VPN_CLIENT_IP)
#connect to openvpn using the file
remote_control.run_command("cd /etc/openvpn; sudo nohup openvpn --config " + siteName + ".conf --auth-user-pass /tmp/authUserPassFile >/dev/null 2>&1 &", host=global_functions.VPN_CLIENT_IP)
timeout = waitForClientVPNtoConnect()
# fail if tunnel doesn't connect
assert(timeout > 0)
# ping the test host behind the Untangle from the remote testbox
result = remote_control.run_command("ping -c 2 " + remote_control.client_ip, host=global_functions.VPN_CLIENT_IP)
listOfClients = app.getActiveClients()
print("address " + listOfClients['list'][0]['address'])
print("vpn address 1 " + listOfClients['list'][0]['poolAddress'])
host_result = remote_control.run_command("host test.untangle.com", stdout=True)
match = re.search(r'address \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}', host_result)
ip_address_testuntangle = (match.group()).replace('address ','')
# stop the vpn tunnel on remote box
remote_control.run_command("sudo pkill openvpn", host=global_functions.VPN_CLIENT_IP)
# openvpn takes time to shut down
time.sleep(3)
assert(result==0)
assert(listOfClients['list'][0]['address'] == global_functions.VPN_CLIENT_IP)
events = global_functions.get_events('OpenVPN','Connection Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
'remote_address', global_functions.VPN_CLIENT_IP,
'client_name', vpnClientName )
assert( found )
# Check to see if the faceplate counters have incremented.
post_events_connect = global_functions.get_app_metric_value(app, "connect")
assert(pre_events_connect < post_events_connect)
def initial_setup(self):
if (uvmContext.appManager().isInstantiated(self.module_name())):
raise Exception('app %s already instantiated' % self.module_name())
app = uvmContext.appManager().instantiate(self.module_name(), default_policy_id)
appmetrics = uvmContext.metricManager().getMetrics(app.getAppSettings()["id"])
self.app = app
