def test_040_localCaptivePortalToSecondRack(self):
global defaultRackCaptivePortal
remote_control.run_command("rm -f /tmp/policy_test_040*")
defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id)
assert (defaultRackCaptivePortal != None)
defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings()
# turn default capture rule on and basic login
defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True
defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY"
defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN"
defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# check host table and remove username for host IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
userHost['username'] = ""
userHost['usernameCaptivePortal'] = ""
uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,userHost)
# userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
# print(userHost)
nukeRules()
appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId))
# check that basic captive page is shown
result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/")
assert (result == 0)
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out")
assert (search == 0)
# check if local directory login and password works
ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True)
ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind )
captureIP = ip[0]
print('Capture IP address is %s' % captureIP)
appid = str(defaultRackCaptivePortal.getAppSettings()["id"])
# print('appid is %s' % appid # debug line)
result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'")
assert (result == 0)
# verify the username is assigned to the IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
assert (userHost['username'] == "test20")
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
# firewall on rack 2 is blocking all, we should not get the test.untangle.com page
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/")
search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out")
assert (search != 0)
# Or the captive page
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out")
assert (search != 0)
# Logout
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout")
assert (result == 0)
search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out")
assert (search == 0)
# remove captive portal and test user
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def test_041_trigger_rule_untag_host(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test2 = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
assert( tag_test != None )
assert( "test-tag" in tag_test )
assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_041_trigger_rule_untag_host(self):
settings = uvmContext.eventManager().getSettings()
orig_settings = copy.deepcopy(settings)
new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.client_ip+"*")
settings['triggerRules']['list'] = [ new_rule ]
uvmContext.eventManager().setSettings( settings )
result = remote_control.is_online()
time.sleep(4)
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
tag_test2 = entry.get('tagsString')
uvmContext.eventManager().setSettings( orig_settings )
assert( tag_test != None )
assert( "test-tag" in tag_test )
assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_060_host_quota(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
global app
nuke_rules()
priority_level = 7 # Severely Limited
given_quota = 10000 # 10k
# Remove any existing quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed()
# Create rule to give quota
append_rule(create_quota_rule("HOST_HAS_NO_QUOTA","true","GIVE_HOST_QUOTA",given_quota))
# Create penalty for exceeding quota
append_rule(create_single_condition_rule("HOST_QUOTA_EXCEEDED","true","SET_PRIORITY",priority_level))
# Download the file so quota is exceeded
global_functions.get_download_speed(meg=1)
# quota accounting occurs every 60 seconds, so we must wait at least 60 seconds
time.sleep(60)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed()
print_results( wget_speed_pre, wget_speed_post, wget_speed_pre*0.1, wget_speed_pre*limited_acceptance_ratio )
# Remove quota
uvmContext.hostTable().removeQuota(remote_control.client_ip)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control','Quota Events',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"action", 1, #quota given
"size", given_quota,
"entity", remote_control.client_ip)
assert(found)
found = global_functions.check_events( events.get('list'), 5,
"action", 2, #quota exceeded
"entity", remote_control.client_ip)
assert(found)
events = global_functions.get_events('Bandwidth Control','Prioritized Sessions',None,5)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"bandwidth_control_priority", priority_level,
"c_client_addr", remote_control.client_ip)
assert( found )
def test_121_clientUserAgent2(self):
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
entry['httpUserAgent'] = "Mozilla foo bar"
uvmContext.hostTable().setHostTableEntry( remote_control.client_ip, entry )
rules_clear()
rule_append( create_rule_single_condition( "HTTP_USER_AGENT", "*Mozilla*" ) )
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
entry['httpUserAgent'] = None
uvmContext.hostTable().setHostTableEntry( remote_control.client_ip, entry )
def find_name_in_host_table(hostname='test'):
"""
Find name in host table
"""
# Test for username in session
found_test_session = False
remote_control.run_command(
"nohup netcat -d -4 test.untangle.com 80 >/dev/null 2>&1",
stdout=False,
nowait=True)
time.sleep(
2
) # since we launched netcat in background, give it a second to establish connection
host_list = uvmContext.hostTable().getHosts()
session_list = host_list['list']
# find session generated with netcat in session table.
for i in range(len(session_list)):
print(session_list[i])
# print("------------------------------")
if (session_list[i]['address']
== remote_control.client_ip) and (session_list[i]['username']
== hostname):
found_test_session = True
break
remote_control.run_command("pkill netcat")
return found_test_session
def test_070_penalty_rule(self):
global app
nuke_rules(self._app)
tag_time = 2000000
# remove tags
entry = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(
remote_control.client_ip, entry)
# Create penalty rule
append_rule(
self._app,
create_penalty_rule("SRC_ADDR", remote_control.client_ip,
"TAG_HOST", "penalty-box", tag_time))
# go to test.untangle.com
result = remote_control.is_online()
# Look for tag
entry = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
print(entry['tags']['list'])
found = False
for tag in entry['tags']['list']:
if tag['name'] == 'penalty-box':
found = True
assert (found)
# remove tags
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(
remote_control.client_ip, entry)
# check penalty box
events = global_functions.get_events('Hosts', 'Hosts Events', None, 50)
assert (events != None)
event = global_functions.find_event(events.get('list'), 50, "address",
remote_control.client_ip, "key",
"tags")
print(event)
assert ((event != None))
def test_161_clientMacAddressStar(self):
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
if entry.get('macAddress') == None:
raise unittest.SkipTest('MAC not known')
rules_clear()
rule_append( create_rule_single_condition( "SRC_MAC", "*" ) )
result = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result != 0)
def test_020_about_info(self):
uid = uvmContext.getServerUID()
match = re.search(r'\w{4}-\w{4}-\w{4}.\w{4}', uid)
assert( match )
kernel = uvmContext.adminManager().getKernelVersion()
match = re.search(r'\d.*', kernel)
assert(match)
reboot_count = uvmContext.adminManager().getRebootCount()
match = re.search(r'\d{1,2}', reboot_count)
assert(match)
num_hosts = str(uvmContext.hostTable().getCurrentActiveSize())
match = re.search(r'\d{1,2}', num_hosts)
assert(match)
max_num_hosts = str(uvmContext.hostTable().getMaxActiveSize())
match = re.search(r'\d{1,2}', max_num_hosts)
assert(match)
def test_020_about_info(self):
uid = uvmContext.getServerUID()
match = re.search(r'\w{4}-\w{4}-\w{4}.\w{4}', uid)
assert( match )
kernel = uvmContext.adminManager().getKernelVersion()
match = re.search(r'\d.*', kernel)
assert(match)
reboot_count = uvmContext.adminManager().getRebootCount()
match = re.search(r'\d{1,2}', reboot_count)
assert(match)
num_hosts = str(uvmContext.hostTable().getCurrentActiveSize())
match = re.search(r'\d{1,2}', num_hosts)
assert(match)
max_num_hosts = str(uvmContext.hostTable().getMaxActiveSize())
match = re.search(r'\d{1,2}', max_num_hosts)
assert(match)
def get_list_of_username_mapped():
"""
Get list of mapped users
"""
entries = uvmContext.hostTable().getHosts()['list']
usernames = []
for entry in entries:
print(entry)
if entry['usernameDirectoryConnector'] != None and entry['usernameDirectoryConnector'] != "":
usernames.append(entry['usernameDirectoryConnector'])
return usernames
def test_070_penalty_rule(self):
global app
nuke_rules()
tag_time = 2000000
# remove tags
entry = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(remote_control.client_ip, entry)
# Create penalty rule
append_rule(create_penalty_rule("SRC_ADDR",remote_control.client_ip,"TAG_HOST","penalty-box",tag_time))
# go to test.untangle.com
result = remote_control.is_online()
# Look for tag
entry = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
print(entry['tags']['list'])
found = False
for tag in entry['tags']['list']:
if tag['name'] == 'penalty-box':
found = True
assert(found)
# remove tags
entry['tags']['list'] = []
entry = uvmContext.hostTable().setHostTableEntry(remote_control.client_ip, entry)
# check penalty box
events = global_functions.get_events('Hosts','Hosts Events', None, 50)
assert(events != None)
event = global_functions.find_event( events.get('list'), 50,
"address", remote_control.client_ip,
"key", "tags" )
print(event)
assert((event != None))
def test_033_block_by_Hostname(self):
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
self.rules_clear()
self.rule_add("DST_PORT","53",action="pass") # allow DNS otherwise bridged configs fail
self.rule_add("HOST_HOSTNAME",entry['hostname'])
result = remote_control.run_command("wget -q -4 -t 2 -O - http://test.untangle.com/test/testPage1.html 2>&1 | grep -q blocked")
assert (result == 0)
events = global_functions.get_events(self.displayName(),'Blocked Web Events',None,1)
assert(events != None)
found = global_functions.check_events( events.get('list'), 5,
"hostname",entry['hostname'],
self.eventAppName() + '_blocked', True,
self.eventAppName() + '_flagged', True )
assert( found )
def test_162_clientMacAddressMultiple(self):
entry = uvmContext.hostTable().getHostTableEntry( remote_control.client_ip )
if entry.get('macAddress') == None:
raise unittest.SkipTest('MAC not known')
mac = entry.get('macAddress')
rules_clear()
rule_append( create_rule_single_condition( "SRC_MAC", "11:22:33:44:55:66," + mac ) )
result1 = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result1 != 0)
rules_clear()
rule_append( create_rule_single_condition( "SRC_MAC", mac + ",11:22:33:44:55:66" ) )
result2 = remote_control.run_command("wget -q -O /dev/null -t 1 --timeout=3 http://test.untangle.com/")
assert (result2 != 0)
def find_name_in_host_table (hostname='test'):
"""
Find name in host table
"""
# Test for username in session
found_test_session = False
remote_control.run_command("nohup netcat -d -4 test.untangle.com 80 >/dev/null 2>&1", stdout=False, nowait=True)
time.sleep(2) # since we launched netcat in background, give it a second to establish connection
host_list = uvmContext.hostTable().getHosts()
session_list = host_list['list']
# find session generated with netcat in session table.
for i in range(len(session_list)):
print(session_list[i])
# print("------------------------------")
if (session_list[i]['address'] == remote_control.client_ip) and (session_list[i]['username'] == hostname):
found_test_session = True
break
remote_control.run_command("pkill netcat")
return found_test_session
def test_040_localCaptivePortalToSecondRack(self):
global defaultRackCaptivePortal
remote_control.run_command("rm -f /tmp/policy_test_040*")
defaultRackCaptivePortal = uvmContext.appManager().instantiate(
"captive-portal", default_policy_id)
assert (defaultRackCaptivePortal != None)
defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings()
# turn default capture rule on and basic login
defaultRackCaptivePortalData['captureRules']['list'][0][
'enabled'] = True
defaultRackCaptivePortalData['authenticationType'] = "LOCAL_DIRECTORY"
defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN"
defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# check host table and remove username for host IP
userHost = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
userHost['username'] = ""
userHost['usernameCaptivePortal'] = ""
uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,
userHost)
# userHost = uvmContext.hostTable().getHostTableEntry(remote_control.client_ip)
# print(userHost)
nukeRules()
appendRule(
createPolicySingleConditionRule("USERNAME", "[authenticated]",
secondRackId))
# check that basic captive page is shown
result = remote_control.run_command(
"wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/"
)
assert (result == 0)
search = remote_control.run_command(
"grep -q 'username and password' /tmp/policy_test_040.out")
assert (search == 0)
# check if local directory login and password works
ipfind = remote_control.run_command(
"grep 'Location' /tmp/policy_test_040.log", stdout=True)
ip = re.findall(
r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})',
ipfind)
captureIP = ip[0]
print('Capture IP address is %s' % captureIP)
appid = str(defaultRackCaptivePortal.getAppSettings()["id"])
# print('appid is %s' % appid # debug line)
result = remote_control.run_command(
"wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP +
"/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid="
+ appid + "&host=" + captureIP + "&uri=/\'")
assert (result == 0)
# verify the username is assigned to the IP
userHost = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
assert (userHost['username'] == "test20")
userHost = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
# firewall on rack 2 is blocking all, we should not get the test.untangle.com page
result = remote_control.run_command(
"wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/"
)
search = remote_control.run_command(
"grep -q 'Hi!' /tmp/policy_test_040a.out")
assert (search != 0)
# Or the captive page
search = remote_control.run_command(
"grep -q 'username and password' /tmp/policy_test_040a.out")
assert (search != 0)
# Logout
result = remote_control.run_command(
"wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://"
+ captureIP + "/capture/logout")
assert (result == 0)
search = remote_control.run_command(
"grep -q 'logged out' /tmp/policy_test_040b.out")
assert (search == 0)
# remove captive portal and test user
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
uvmContext.appManager().destroy(
defaultRackCaptivePortal.getAppSettings()["id"])
defaultRackCaptivePortal = None
def test_061_user_quota(self):
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
global app
nuke_rules(self._app)
priority_level = 7 # Severely Limited
given_quota = 10000 # 10k
# Set this host's username
username = remote_control.run_command("hostname -s", stdout=True)
entry = uvmContext.hostTable().getHostTableEntry(
remote_control.client_ip)
entry['usernameDirectoryConnector'] = username
uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,
entry)
# Remove any existing quota
uvmContext.userTable().removeQuota(username)
# Record average speed without bandwidth control configured
wget_speed_pre = global_functions.get_download_speed(
download_server=target_server)
# Create rule to give quota
append_rule(
self._app,
create_quota_rule("USER_HAS_NO_QUOTA", "true", "GIVE_USER_QUOTA",
given_quota))
# Create penalty for exceeding quota
append_rule(
self._app,
create_single_condition_rule("USER_QUOTA_EXCEEDED", "true",
"SET_PRIORITY", priority_level))
# Download the file so quota is exceeded
global_functions.get_download_speed(download_server=target_server,
meg=1)
# quota accounting occurs every 60 seconds, so we must wait at least 60 seconds
time.sleep(60)
# Download file and record the average speed in which the file was download
wget_speed_post = global_functions.get_download_speed(
download_server=target_server)
print_results(wget_speed_pre, wget_speed_post, wget_speed_pre * 0.1,
wget_speed_pre * limited_acceptance_ratio)
# Remove quota
uvmContext.userTable().removeQuota(username)
# Blank username
entry['usernameDirectoryConnector'] = None
uvmContext.hostTable().setHostTableEntry(remote_control.client_ip,
entry)
assert ((wget_speed_post) and (wget_speed_post))
assert (wget_speed_pre * limited_acceptance_ratio > wget_speed_post)
events = global_functions.get_events('Bandwidth Control',
'Quota Events', None, 5)
assert (events != None)
found = global_functions.check_events(
events.get('list'),
5,
"action",
1, #quota given
"size",
given_quota,
"entity",
username)
assert (found)
found = global_functions.check_events(
events.get('list'),
5,
"action",
2, #quota exceeded
"entity",
username)
assert (found)
events = global_functions.get_events('Bandwidth Control',
'Prioritized Sessions', None, 5)
assert (events != None)
found = global_functions.check_events(events.get('list'), 5,
"bandwidth_control_priority",
priority_level, "c_client_addr",
remote_control.client_ip)
assert (found)
