def test_AliasConflictsWithVhost(self): config_str=""" [{ "hostname": "$default", "groups": { "$default": { "maxSessions": 1 } } }, { "hostname": "conflict-with-vhost", "aliases": "$default", "groups": { "$default": { "maxSessions": 1 } } }] """ manager = MockPolicyManager() policy = PolicyLocal(manager) ruleset = json.loads(config_str) denied = False try: policy.create_ruleset(ruleset[0]) policy.create_ruleset(ruleset[1]) except PolicyError as e: denied = True self.assertTrue(denied, "Ruleset alias names other vhost but condition not detected.")
def test_SameAliasOnTwoVhosts(self): config_str=""" [{ "hostname": "$default", "aliases": "a,b,c,d,e", "groups": { "$default": { "maxSessions": 1 } } }, { "hostname": "doshormigas", "aliases": "i,h,g,f,e", "groups": { "$default": { "maxSessions": 1 } } }] """ manager = MockPolicyManager() policy = PolicyLocal(manager) ruleset = json.loads(config_str) denied = False try: policy.create_ruleset(ruleset[0]) policy.create_ruleset(ruleset[1]) except PolicyError as e: denied = True self.assertTrue(denied, "Rulesets duplicate same alias in two vhosts but condition not detected.")
def test_AliasesRenameOwnVhost(self): config_str=""" [{ "hostname": "$default", "allowUnknownUser": true, "aliases": "$default", "groups": { "$default": { "remoteHosts": "*", "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "$management, examples, q1", "targets": "$management, examples, q1", "maxSessions": 1 } } }] """ manager = MockPolicyManager() policy = PolicyLocal(manager) ruleset = json.loads(config_str) denied = False try: policy.create_ruleset(ruleset[0]) except PolicyError: denied = True self.assertTrue(denied, "Ruleset duplicates vhost and alias but condition not detected.")
class PolicyFileApplicationFallback(TestCase): manager = MockPolicyManager() policy = PolicyLocal(manager) policy.test_load_config() def test_bad_app_fallback(self): # Show that with no fallback the user cannot connect self.assertTrue( self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '') # Enable the fallback defaultVhost and show the same user can now connect self.policy.set_default_vhost('photoserver') settingsname = self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) self.assertTrue(settingsname == 'test') # Show that the fallback settings are returned upolicy = {} self.assertTrue( self.policy.lookup_settings('phony*app*name', settingsname, upolicy) ) self.assertTrue(upolicy['maxFrameSize'] == 444444) self.assertTrue(upolicy['maxMessageSize'] == 444444) self.assertTrue(upolicy['maxSessionWindow'] == 444444) self.assertTrue(upolicy['maxSessions'] == 4) self.assertTrue(upolicy['maxSenders'] == 44) self.assertTrue(upolicy['maxReceivers'] == 44) self.assertTrue(upolicy['allowAnonymousSender']) self.assertTrue(upolicy['allowDynamicSource']) self.assertTrue(upolicy['targets'] == 'a,private,') self.assertTrue(upolicy['sources'] == 'a,private,') # Disable fallback and show failure again self.policy.set_default_vhost('') self.assertTrue( self.policy.lookup_user('zeke', '192.168.100.5', 'galleria', "connid", 5) == '')
class PolicyFile(TestCase): manager = MockPolicyManager() policy = PolicyLocal(manager) policy.test_load_config() def test_policy1_test_zeke_ok(self): p1 = PolicyFile.policy.lookup_user('zeke', '192.168.100.5', 'photoserver', '192.168.100.5:33333', 1) self.assertTrue(p1 == 'test') upolicy = {} self.assertTrue( PolicyFile.policy.lookup_settings('photoserver', p1, upolicy) ) self.assertTrue(upolicy['maxFrameSize'] == 444444) self.assertTrue(upolicy['maxMessageSize'] == 444444) self.assertTrue(upolicy['maxSessionWindow'] == 444444) self.assertTrue(upolicy['maxSessions'] == 4) self.assertTrue(upolicy['maxSenders'] == 44) self.assertTrue(upolicy['maxReceivers'] == 44) self.assertTrue(upolicy['allowAnonymousSender']) self.assertTrue(upolicy['allowDynamicSource']) self.assertTrue(upolicy['targets'] == 'a,private,') self.assertTrue(upolicy['sources'] == 'a,private,') def test_policy1_test_zeke_bad_IP(self): self.assertTrue( PolicyFile.policy.lookup_user('zeke', '10.18.0.1', 'photoserver', "connid", 2) == '') self.assertTrue( PolicyFile.policy.lookup_user('zeke', '72.135.2.9', 'photoserver', "connid", 3) == '') self.assertTrue( PolicyFile.policy.lookup_user('zeke', '127.0.0.1', 'photoserver', "connid", 4) == '') def test_policy1_test_zeke_bad_app(self): self.assertTrue( PolicyFile.policy.lookup_user('zeke', '192.168.100.5','galleria', "connid", 5) == '') def test_policy1_test_users_same_permissions(self): zname = PolicyFile.policy.lookup_user('zeke', '192.168.100.5', 'photoserver', '192.168.100.5:33333', 6) yname = PolicyFile.policy.lookup_user('ynot', '10.48.255.254', 'photoserver', '192.168.100.5:33334', 7) self.assertTrue( zname == yname ) def test_policy1_lookup_unknown_application(self): upolicy = {} self.assertFalse( PolicyFile.policy.lookup_settings('unknown', 'doesntmatter', upolicy) ) def test_policy1_lookup_unknown_usergroup(self): upolicy = {} self.assertFalse( PolicyFile.policy.lookup_settings('photoserver', 'unknown', upolicy) )
def test_AliasOperationalLookup(self): manager = MockPolicyManager() policy = PolicyLocal(manager) policy.test_load_config() # For this test the test config defines vhost 'photoserver'. # This test accesses that vhost using the alias name 'antialias'. settingsname = policy.lookup_user('zeke', '192.168.100.5', 'antialias', "connid", 5) self.assertTrue(settingsname == 'test') upolicy = {} self.assertTrue( policy.lookup_settings('antialias', settingsname, upolicy) ) self.assertTrue(upolicy['maxFrameSize'] == 444444) self.assertTrue(upolicy['sources'] == 'a,private,')