예제 #1
0
 def testClientIgnoreFQDNCheck(self):
     self.startNuauth()
     client1 = createClient(more_args=["-H","nuauth.inl.fr","-A", self.cacert])
     client2 = createClient(more_args=["-H","localhost","-A", self.cacert,"-N"])
     self.assert_(connectClient(client1))
     self.assert_(connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #2
0
파일: test_system.py 프로젝트: regit/nufw
    def testLogin(self):
        username = config.get("test_system", "username")
        password = config.get("test_system", "password")
        client = createClientWithCerts(username, password)
        self.assert_(connectClient(client))
        client.stop()

        client = createClientWithCerts(username, "xxx%sxxx" % password)
        self.assert_(not connectClient(client))
        client.stop()
예제 #3
0
    def testLogin(self):
        username = config.get("test_system", "username")
        password = config.get("test_system", "password")
        client = createClientWithCerts(username, password)
        self.assert_(connectClient(client))
        client.stop()

        client = createClientWithCerts(username, "xxx%sxxx" % password)
        self.assert_(not connectClient(client))
        client.stop()
예제 #4
0
 def testClientIgnoreFQDNCheck(self):
     self.startNuauth()
     client1 = createClient(
         more_args=["-H", "nuauth.inl.fr", "-A", self.cacert])
     client2 = createClient(
         more_args=["-H", "localhost", "-A", self.cacert, "-N"])
     self.assert_(connectClient(client1))
     self.assert_(connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #5
0
 def testClientExpired(self):
     self.startNuauth()
     client1 = createClientWithCerts()
     self.assert_(connectClient(client1))
     tls_cert = abspath(config.get("test_cert", "user_expired_cert"))
     tls_key  = abspath(config.get("test_cert", "user_expired_key"))
     client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
     self.assert_(not connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #6
0
 def testNuauthExpired(self):
     args = dict()
     args["nuauth_tls_key"] = '"%s"' % abspath(config.get("test_cert", "user_expired_key"))
     args["nuauth_tls_cert"] = '"%s"' % abspath(config.get("test_cert", "user_expired_cert"))
     self.startNuauth(args)
     self.client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert])
     self.assert_(not connectClient(self.client))
     self.client.stop()
     self.client = createClient(more_args=["-H","nuauth.inl.fr","-Q"])
     self.assert_(not connectClient(self.client))
     self.client.stop()
     self.stopNuauth()
예제 #7
0
 def testClientExpired(self):
     self.startNuauth()
     client1 = createClientWithCerts()
     self.assert_(connectClient(client1))
     tls_cert = abspath(config.get("test_cert", "user_expired_cert"))
     tls_key = abspath(config.get("test_cert", "user_expired_key"))
     client2 = createClient(
         more_args=["-A", self.cacert, "-C", tls_cert, "-K", tls_key])
     self.assert_(not connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #8
0
 def testClientRevoked(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "1"
     args["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl"))
     self.startNuauth(args)
     client1 = createClientWithCerts()
     self.assert_(connectClient(client1))
     tls_cert = abspath(config.get("test_cert", "user_revoked_cert"))
     tls_key  = abspath(config.get("test_cert", "user_revoked_key"))
     client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
     self.assert_(not connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #9
0
    def testSASLAuthNOK(self):
        self.config["nuauth_tls_auth_by_cert"] = 0
        self.config["session_authtype_sasl_groups"] = "\"123\""
        self.nuauth = Nuauth(self.config)

        self.client = self.user.createClientWithCerts()
        self.assert_(not connectClient(self.client))
예제 #10
0
    def testBlacklistAuthNOK(self):
        self.config["nuauth_tls_auth_by_cert"] = 0
        self.config["session_authtype_blacklist_groups"] = "\"42\""
        self.nuauth = Nuauth(self.config)

        self.client = self.user.createClientWithCerts()
        self.assert_(not connectClient(self.client))
예제 #11
0
 def testClientRevoked(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "1"
     args["nuauth_tls_crl"] = '"%s"' % abspath(
         config.get("test_cert", "crl"))
     self.startNuauth(args)
     client1 = createClientWithCerts()
     self.assert_(connectClient(client1))
     tls_cert = abspath(config.get("test_cert", "user_revoked_cert"))
     tls_key = abspath(config.get("test_cert", "user_revoked_key"))
     client2 = createClient(
         more_args=["-A", self.cacert, "-C", tls_cert, "-K", tls_key])
     self.assert_(not connectClient(client2))
     client1.stop()
     client2.stop()
     self.stopNuauth()
예제 #12
0
 def testClientInvalidCA(self):
     self.startNuauth()
     cacert = config.get("test_cert", "invalid_cacert")
     client = createClient(more_args=["-A", cacert])
     self.assert_(not connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #13
0
    def testBlacklistAuthNOK(self):
        self.config["nuauth_tls_auth_by_cert"] = 0
        self.config["session_authtype_blacklist_groups"] = '"42"'
        self.nuauth = Nuauth(self.config)

        self.client = self.user.createClientWithCerts()
        self.assert_(not connectClient(self.client))
예제 #14
0
    def testLoginNormal(self):
        # Change login policy to 0
        self.config["nuauth_single_ip_client_limit"] = 0
        self.config["nuauth_single_user_client_limit"] = 0
        self.nuauth = Nuauth(self.config)

        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user2
        client2 = self.userB.createClientWithCerts()
        self.assert_(connectClient(client2))

        client1.stop()
        client2.stop()
예제 #15
0
    def testSASLAuthNOK(self):
        self.config["nuauth_tls_auth_by_cert"] = 0
        self.config["session_authtype_sasl_groups"] = '"123"'
        self.nuauth = Nuauth(self.config)

        self.client = self.user.createClientWithCerts()
        self.assert_(not connectClient(self.client))
예제 #16
0
 def testClientInvalidCA(self):
     self.startNuauth()
     cacert = config.get("test_cert", "invalid_cacert")
     client = createClient(more_args=["-A", cacert])
     self.assert_(not connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #17
0
    def testLoginNormal(self):
        # Change login policy to 0
        self.config["nuauth_single_ip_client_limit"] = 0
        self.config["nuauth_single_user_client_limit"] = 0
        self.nuauth = Nuauth(self.config)

        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user2
        client2 = self.userB.createClientWithCerts()
        self.assert_(connectClient(client2))

        client1.stop()
        client2.stop()
예제 #18
0
    def _login(self, sql):
        # Client login
        client = self.user.createClientWithCerts()
        self.assert_(connectClient(client))

        # Check number of rows
        for when in retry(timeout=QUERY_TIMEOUT):
            cursor = self.query(sql)
            for line in self.nuauth.readlines():
                pass
            if cursor.rowcount:
                break
        self.assertEqual(cursor.rowcount, 1)

        # Read row columns
        (ip_saddr, user_id, username, os_sysname, os_release, os_version,
         end_time) = self.fetchone(cursor)
        if not POSTGRESQL:
            ip_saddr = ntohl(ip_saddr) & 0xFFFFFFFF

        # Check values
        self.assertEqual(IP(ip_saddr), client.ip)
        self.assertEqual(user_id, self.user.uid)
        self.assertEqual(username, client.username)
        self.assertEqual(os_sysname, OS_SYSNAME)
        self.assertEqual(os_release, OS_RELEASE)
        self.assertEqual(os_version, OS_VERSION)
        return client
예제 #19
0
파일: test_mysql.py 프로젝트: regit/nufw
    def _login(self, sql):
        # Client login
        client = self.user.createClientWithCerts()
        self.assert_(connectClient(client))

        # Check number of rows
        for when in retry(timeout=QUERY_TIMEOUT):
            cursor = self.query(sql)
            for line in self.nuauth.readlines():
                pass
            if cursor.rowcount:
                break
        self.assertEqual(cursor.rowcount, 1)

        # Read row columns
        (ip_saddr, user_id, username, os_sysname,
            os_release, os_version, end_time) = self.fetchone(cursor)
        if not POSTGRESQL:
            ip_saddr = ntohl(ip_saddr) & 0xFFFFFFFF

        # Check values
        self.assertEqual(IP(ip_saddr), client.ip)
        self.assertEqual(user_id, self.user.uid)
        self.assertEqual(username, client.username)
        self.assertEqual(os_sysname, OS_SYSNAME)
        self.assertEqual(os_release, OS_RELEASE)
        self.assertEqual(os_version, OS_VERSION)
        return client
예제 #20
0
    def testLoginIP(self):
        # Change login policy to 1 login/IP
        self.config["nuauth_single_ip_client_limit"] = 1
        self.config["nuauth_single_user_client_limit"] = 0
        self.nuauth = Nuauth(self.config)

        # Different users can't log from same IP
        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user2
        client2 = self.userB.createClientWithCerts()
        self.assert_(not connectClient(client2))

        client1.stop()
        client2.stop()
예제 #21
0
    def testLoginOne(self):
        # Change login policy to 1 login/user
        self.config["nuauth_single_ip_client_limit"] = 0
        self.config["nuauth_single_user_client_limit"] = 1
        self.nuauth = Nuauth(self.config)

        # User can't log twice
        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user1
        client2 = self.userA.createClientWithCerts()
        self.assert_(not connectClient(client2))

        client1.stop()
        client2.stop()
예제 #22
0
    def testLoginOne(self):
        # Change login policy to 1 login/user
        self.config["nuauth_single_ip_client_limit"] = 0
        self.config["nuauth_single_user_client_limit"] = 1
        self.nuauth = Nuauth(self.config)

        # User can't log twice
        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user1
        client2 = self.userA.createClientWithCerts()
        self.assert_(not connectClient(client2))

        client1.stop()
        client2.stop()
예제 #23
0
    def testLoginIP(self):
        # Change login policy to 1 login/IP
        self.config["nuauth_single_ip_client_limit"] = 1
        self.config["nuauth_single_user_client_limit"] = 0
        self.nuauth = Nuauth(self.config)

        # Different users can't log from same IP
        # Test user1
        client1 = self.userA.createClientWithCerts()
        self.assert_(connectClient(client1))

        # Test user2
        client2 = self.userB.createClientWithCerts()
        self.assert_(not connectClient(client2))

        client1.stop()
        client2.stop()
예제 #24
0
 def testCertAuthGroupNOK(self):
     self.config["nuauth_tls_auth_by_cert"] = "2"
     self.config["session_authtype_ssl_groups"] = "\"100\""
     self.nuauth = Nuauth(self.config)
     # Client
     self.client = self.user.createClientWithCerts()
     self.client.password = "******" % self.user.password
     self.assert_(not connectClient(self.client))
예제 #25
0
 def testCertAuthGroupNOK(self):
     self.config["nuauth_tls_auth_by_cert"] = "2"
     self.config["session_authtype_ssl_groups"] = '"100"'
     self.nuauth = Nuauth(self.config)
     # Client
     self.client = self.user.createClientWithCerts()
     self.client.password = "******" % self.user.password
     self.assert_(not connectClient(self.client))
예제 #26
0
 def testClientInvalidCRL(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "2"
     self.startNuauth(args)
     invalid_crl = abspath(config.get("test_cert", "invalid_crl"))
     client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert,"-R",invalid_crl])
     self.assert_(not connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #27
0
 def testNuauthRevoked(self):
     args = dict()
     args["nuauth_tls_key"] = '"%s"' % abspath(config.get("test_cert", "user_revoked_key"))
     args["nuauth_tls_cert"] = '"%s"' % abspath(config.get("test_cert", "user_revoked_cert"))
     self.startNuauth(args)
     self.client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert,"-R",abspath("./pki/crl.pem")])
     self.assert_(not connectClient(self.client))
     self.client.stop()
     self.stopNuauth()
예제 #28
0
def testPort(testcase, iptables, client, port, ok, host=HOST):
    # Enable iptables filtering
    iptables.filterTcp(VALID_PORT)

    # Connect user
    if client:
        testcase.assert_(connectClient(client))

    # Create socket
    testcase.assertEqual(connectTcp(host, port, TIMEOUT), ok)
예제 #29
0
파일: filter.py 프로젝트: regit/nufw
def testPort(testcase, iptables, client, port, ok, host=HOST):
    # Enable iptables filtering
    iptables.filterTcp(VALID_PORT)

    # Connect user
    if client:
        testcase.assert_(connectClient(client))

    # Create socket
    testcase.assertEqual(connectTcp(host, port, TIMEOUT), ok)
예제 #30
0
파일: filter.py 프로젝트: regit/nufw
def testPortFailure(testcase, iptables, client, port, err):
    # Enable iptables filtering
    iptables.filterTcp(VALID_PORT)

    # Connect user
    if client:
        testcase.assert_(connectClient(client))

    # Create socket
    testcase.assertEqual(connectTcpFail(HOST, port, TIMEOUT), err)
예제 #31
0
 def testClientValidCert(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "2"
     self.startNuauth(args)
     tls_cert = abspath(config.get("test_cert", "user_cert"))
     tls_key  = abspath(config.get("test_cert", "user_key"))
     client = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
     self.assert_(connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #32
0
def testPortFailure(testcase, iptables, client, port, err):
    # Enable iptables filtering
    iptables.filterTcp(VALID_PORT)

    # Connect user
    if client:
        testcase.assert_(connectClient(client))

    # Create socket
    testcase.assertEqual(connectTcpFail(HOST, port, TIMEOUT), err)
예제 #33
0
파일: test_syslog.py 프로젝트: regit/nufw
    def testLogin(self):
        # Client login
        client = createClientWithCerts()
        self.assert_(connectClient(client))

        # Check log output
        self.assert_(self.findLog("[nuauth] User %s connect on " % client.username))

        # Client logout
        client.stop()
        self.assert_(self.findLog("[nuauth] User %s disconnect on " % client.username))
예제 #34
0
 def testClientInvalidCRL(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "2"
     self.startNuauth(args)
     invalid_crl = abspath(config.get("test_cert", "invalid_crl"))
     client = createClient(more_args=[
         "-H", "nuauth.inl.fr", "-A", self.cacert, "-R", invalid_crl
     ])
     self.assert_(not connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #35
0
    def testInvalidCert(self):
        # Expired certificate
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_invalid_cert")
        key = config.get("test_cert", "user_invalid_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(not connectClient(self.client))
예제 #36
0
    def testInvalidCert(self):
        # Expired certificate
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_invalid_cert")
        key = config.get("test_cert", "user_invalid_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(not connectClient(self.client))
예제 #37
0
    def testValidCert(self):
        # Client
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_cert")
        key = config.get("test_cert", "user_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(connectClient(self.client))
예제 #38
0
 def testClientValidCert(self):
     args = dict()
     args["nuauth_tls_request_cert"] = "2"
     self.startNuauth(args)
     tls_cert = abspath(config.get("test_cert", "user_cert"))
     tls_key = abspath(config.get("test_cert", "user_key"))
     client = createClient(
         more_args=["-A", self.cacert, "-C", tls_cert, "-K", tls_key])
     self.assert_(connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #39
0
    def testValidCert(self):
        # Client
        cacert = config.get("test_cert", "cacert")
        cert = config.get("test_cert", "user_cert")
        key = config.get("test_cert", "user_key")

        args = ["-C", cert, "-K", key, "-A", cacert]

        self.client = self.user.createClient(more_args=args)
        self.client.password = "******" % self.user.password
        self.assert_(connectClient(self.client))
예제 #40
0
    def testValid(self):
        # Connect client and filter port
        self.assert_(connectClient(self.client))
        self.iptables.filterTcp(self.port)

        # Test connection without QoS (accept)
        self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)

        # Test connection with QoS (drop)
        self.iptables.command("-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
        self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
예제 #41
0
 def testNuauthInvalidCA(self):
     cacert = abspath(config.get("test_cert", "invalid_cacert"))
     args = dict()
     args["nuauth_tls_cacert"] = "'%s'" % cacert
     # we must disable CRL for this one, else nuauth fails with an
     # error (CRL is not issued by CA)
     args["nuauth_tls_crl"] = None
     self.startNuauth(args)
     self.client = createClientWithCerts()
     self.assert_(not connectClient(self.client))
     self.client.stop()
     self.stopNuauth()
예제 #42
0
    def testValid(self):
        # Connect client and filter port
        self.assert_(connectClient(self.client))
        self.iptables.filterTcp(self.port)

        # Test connection without QoS (accept)
        self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)

        # Test connection with QoS (drop)
        self.iptables.command(
            "-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
        self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
예제 #43
0
    def testLogin(self):
        # Client login
        client = createClientWithCerts()
        self.assert_(connectClient(client))

        # Check log output
        self.assert_(
            self.findLog("[nuauth] User %s connect on " % client.username))

        # Client logout
        client.stop()
        self.assert_(
            self.findLog("[nuauth] User %s disconnect on " % client.username))
예제 #44
0
파일: test_script.py 프로젝트: regit/nufw
    def testLogin(self):
        # Client login
        client = createClientWithCerts()
        self.assert_(connectClient(client))

        # Check log output
        match = "SCRIPT UP COUNT=2 TEXT >>>%s %s<<<" \
            % (client.username, client.ip)
        self.assert_(self.checkScript(match))

        # Client logout
        client.stop()
        match = "SCRIPT DOWN COUNT=2 TEXT >>>%s %s<<<" \
            % (client.username, client.ip)
        self.assert_(self.checkScript(match))
예제 #45
0
    def testLogin(self):
        # Client login
        client = createClientWithCerts()
        self.assert_(connectClient(client))

        # Check log output
        match = "SCRIPT UP COUNT=2 TEXT >>>%s %s<<<" \
            % (client.username, client.ip)
        self.assert_(self.checkScript(match))

        # Client logout
        client.stop()
        match = "SCRIPT DOWN COUNT=2 TEXT >>>%s %s<<<" \
            % (client.username, client.ip)
        self.assert_(self.checkScript(match))
예제 #46
0
    def testConnShutdown(self):
        user = USERDB[0]
        client = user.createClient()
        self.assert_(connectClient(client))

        start = time.time()
        conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        conn.connect((self.dst_host, VALID_PORT))

        src_port = conn.getsockname()[1]

        ct_before = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
        ## Check that only one connection is opened to
        self.assert_(ct_before == 1)

        ## The connection should be killed 10 seconds after being opened
        time.sleep(15)

        ## Check that only one connection is opened to
        ct_after = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
        self.assert_(ct_after == 0)

        conn.close()
        client.stop()
예제 #47
0
    def testConnShutdown(self):
        user = USERDB[0]
        client = user.createClient()
        self.assert_(connectClient(client))

        start = time.time()
        conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        conn.connect((self.dst_host, VALID_PORT))

        src_port = conn.getsockname()[1]

        ct_before = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
        ## Check that only one connection is opened to
        self.assert_(ct_before == 1)

        ## The connection should be killed 10 seconds after being opened
        time.sleep(15)

        ## Check that only one connection is opened to
        ct_after = len(get_conntrack_conn(src_port, self.dst_host, VALID_PORT))
        self.assert_(ct_after == 0)

        conn.close()
        client.stop()
예제 #48
0
 def testInvalidPass(self):
     user = USERDB[1]
     client = createClientWithCerts(user.login, user.password+"x")
     self.assert_(not connectClient(client))
     client.stop()
예제 #49
0
 def testInvalidLogin(self):
     user = USERDB[0]
     client = createClientWithCerts(user.login+"x", user.password)
     self.assert_(not connectClient(client))
     client.stop()
예제 #50
0
 def testUser2(self):
     user = USERDB[1]
     client = user.createClientWithCerts()
     self.assert_(connectClient(client))
     client.stop()
예제 #51
0
    def testExpire(self):
        self.assert_(connectClient(self.client))

        sleep(self.expiration + DELAY)

        self.assert_(self.get_session_not_connected())
예제 #52
0
 def testInvalidPass(self):
     self.client.password = "******" % PASSWORD
     self.assert_(not connectClient(self.client))
예제 #53
0
 def testClientValidCA(self):
     self.startNuauth()
     client = createClient(more_args=["-A", self.cacert])
     self.assert_(connectClient(client))
     client.stop()
     self.stopNuauth()
예제 #54
0
 def testInvalidPass(self):
     self.client.password = "******" % PASSWORD
     self.assert_(not connectClient(self.client))