def initialSetUp(self):
global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult
tunnelUp = False
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
if (uvmContext.appManager().isInstantiated(self.appNameAD())):
raise unittest2.SkipTest('app %s already instantiated' %
self.appName())
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
appAD = uvmContext.appManager().instantiate(self.appNameAD(),
defaultRackId)
appDataRD = appAD.getSettings().get('radiusSettings')
ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
l2tpClientHostResult = subprocess.call(
["ping", "-c", "1", l2tpClientHost],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
radiusResult = subprocess.call(
["ping", "-c", "1", global_functions.radiusServer],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def initialSetUp(self):
global app
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
app.start() # must be called since ad blocker doesn't auto-start
def test_023_childShouldNotEffectParent(self):
# add a child that blocks everything
blockRackId = addRack(name="Block Rack", parentId=default_policy_id)
blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId)
assert (blockRackFirewall != None)
# add a block rule for the client IP
rules = blockRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.clientIP));
blockRackFirewall.setRules(rules);
# client should still be online
result = remote_control.is_online()
assert (result == 0)
uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] )
assert (removeRack(blockRackId))
# Get the IP address of test.untangle.com
test_untangle_com_ip = socket.gethostbyname("test.untangle.com")
events = global_functions.get_events('Policy Manager','All Events',None,100)
assert(events != None)
found = global_functions.check_events( events.get('list'), 100,
"s_server_addr", str(test_untangle_com_ip),
"policy_id", 1,
"c_client_addr", remote_control.clientIP)
assert( found )
def initialSetUp(self):
global appData, app
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), default_policy_id)
appData = app.getSettings()
remote_control.run_command("rm -f ./authpost\?*")
def initialSetUp(self):
global app
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
app.start()
def test_040_localCaptivePortalToSecondRack(self):
global defaultRackCaptivePortal
remote_control.run_command("rm -f /tmp/policy_test_040*")
defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id)
assert (defaultRackCaptivePortal != None)
defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings()
# turn default capture rule on and basic login
defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True
defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY"
defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN"
defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData)
# Create local directory user 'test20'
uvmContext.localDirectory().setUsers(createLocalDirectoryUser())
# check host table and remove username for host IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
userHost['username'] = ""
userHost['usernameCaptivePortal'] = ""
uvmContext.hostTable().setHostTableEntry(remote_control.clientIP,userHost)
# userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
# print userHost
nukeRules()
appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId))
# check that basic captive page is shown
result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/")
assert (result == 0)
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out")
assert (search == 0)
# check if local directory login and password works
ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True)
ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind )
captureIP = ip[0]
print 'Capture IP address is %s' % captureIP
appid = str(defaultRackCaptivePortal.getAppSettings()["id"])
# print 'appid is %s' % appid # debug line
result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'")
assert (result == 0)
# verify the username is assigned to the IP
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
assert (userHost['username'] == "test20")
userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP)
# firewall on rack 2 is blocking all, we should not get the test.untangle.com page
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/")
search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out")
assert (search != 0)
# Or the captive page
search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out")
assert (search != 0)
# Logout
result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout")
assert (result == 0)
search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out")
assert (search == 0)
# remove captive portal and test user
uvmContext.localDirectory().setUsers(removeLocalDirectoryUser())
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def initialSetUp(self):
global app, appWeb, appData, vpnHostResult, vpnClientResult, vpnServerResult
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
app.start()
appWeb = None
if (uvmContext.appManager().isInstantiated(self.appWebName())):
raise Exception('app %s already instantiated' % self.appWebName())
appWeb = uvmContext.appManager().instantiate(self.appWebName(),
defaultRackId)
vpnHostResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.vpnServerVpnIP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
vpnClientResult = subprocess.call(
["ping", "-W", "5", "-c", "1", global_functions.vpnClientVpnIP],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
wanIP = uvmContext.networkManager().getFirstWanAddress()
if vpnClientResult == 0:
vpnServerResult = remote_control.run_command(
"ping -W 5 -c 1 " + wanIP,
host=global_functions.vpnClientVpnIP)
else:
vpnServerResult = 1
def initialSetUp(self):
global app
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_rack_id)
self.intrusion_prevention_interface = IntrusionPreventionInterface(
app.getAppSettings()["id"])
self.intrusion_prevention_interface.setup()
# create blank ruleset to start
patch = copy.deepcopy(
IntrusionPreventionInterface.config_request_patch_template)
## !!!! ARGH!
patch["activeGroups"] = {
"classtypes": "custom",
"classtypesSelected": [],
"categories": "custom",
"categoriesSelected": []
}
self.intrusion_prevention_interface.config_request("save", patch)
app.reconfigure()
app.start(
) # must be called since intrusion-prevention doesn't auto-start
def initialSetUp(self):
global app
if (uvmContext.appManager().isInstantiated(self.appName())):
app = uvmContext.appManager().app(self.appName())
else:
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
def test_030_test_smtp_settings(self):
if remote_control.quickTestsOnly:
raise unittest2.SkipTest('Skipping a time consuming test')
# Test mail setting in config -> email -> outgoing server
if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())):
print "smtp case present"
else:
print "smtp not present"
uvmContext.appManager().instantiate(self.appNameSpamCase(), 1)
appSP = uvmContext.appManager().app(self.appNameSpamCase())
origAppDataSP = appSP.getSmtpSettings()
origMailsettings = uvmContext.mailSender().getSettings()
# print appDataSP
newMailsettings = copy.deepcopy(origMailsettings)
newMailsettings['smtpHost'] = global_functions.testServerHost
newMailsettings['smtpPort'] = "6800"
newMailsettings['sendMethod'] = 'CUSTOM'
uvmContext.mailSender().setSettings(newMailsettings)
time.sleep(10) # give it time for exim to restart
appDataSP = appSP.getSmtpSettings()
appSP.setSmtpSettingsWithoutSafelists(appDataSP)
recipient = global_functions.random_email()
uvmContext.mailSender().sendTestMessage(recipient)
time.sleep(2)
# force exim to flush queue
subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None)
time.sleep(10)
uvmContext.mailSender().setSettings(origMailsettings)
appSP.setSmtpSettingsWithoutSafelists(origAppDataSP)
emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True)
assert('Test Message' in emailContext)
def finalTearDown(self):
global app, appSSL
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
if appSSL != None:
uvmContext.appManager().destroy(appSSL.getAppSettings()["id"])
appSSL = None
def initialSetUp(self):
global app,default_enabled, orig_netsettings
if orig_netsettings == None:
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (not uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().app(self.appName())
default_enabled = app.getSettings()['shieldEnabled']
def initialSetUp(self):
global appSettings, app
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), default_policy_id)
appSettings = app.getSettings()
# run a few sessions so that the classd daemon starts classifying
for i in range(2): remote_control.is_online()
def initialSetUp(self):
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
appmetrics = uvmContext.metricManager().getMetrics(
app.getAppSettings()["id"])
self.app = app
def finalTearDown(self):
global app, defaultRackCaptivePortal
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if defaultRackCaptivePortal != None:
uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] )
defaultRackCaptivePortal = None
def finalTearDown(self):
"""
Tear down
"""
global app
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
def initialSetUp(self):
global indexOfWans, appData, app, orig_netsettings
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
app.start()
appData = app.getSettings()
indexOfWans = global_functions.get_wan_tuples()
def finalTearDown(self):
global app, web_app
if app != None:
app.setSettings(orig_settings)
if web_app != None:
uvmContext.appManager().destroy(web_app.getAppSettings()["id"])
web_app = None
if orig_mailsettings != None:
uvmContext.mailSender().setSettings(orig_mailsettings)
app = None
def finalTearDown(self):
global app, appWanFailover
# Restore original settings to return to initial settings
if app != None:
uvmContext.appManager().destroy( app.getAppSettings()["id"] )
app = None
if appWanFailover != None:
uvmContext.appManager().destroy( appWanFailover.getAppSettings()["id"] )
appWanFailover = None
if orig_netsettings != None:
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def finalTearDown(self):
global app, appAD
# Restore original settings to return to initial settings
# print "orig_netsettings <%s>" % orig_netsettings
uvmContext.networkManager().setNetworkSettings(orig_netsettings)
if app != None:
uvmContext.appManager().destroy(app.getAppSettings()["id"])
app = None
if appAD != None:
uvmContext.appManager().destroy(appAD.getAppSettings()["id"])
appAD = None
def initialSetUp(self):
global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
default_policy_id)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
app_web_filter = uvmContext.appManager().instantiate(
self.appNameWF(), default_policy_id)
if orig_network_settings == None:
orig_network_settings = uvmContext.networkManager(
).getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(netsettings)
# measure speed
pre_down_speed_kbit = global_functions.get_download_speed(
download_server="test.untangle.com")
# calculate QoS limits
wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wan_limit_kbit > 100000: wan_limit_kbit = 100000
wan_limit_mbit = round(wan_limit_kbit / 1024, 2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy(orig_network_settings)
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i][
'downloadBandwidthKbps'] = wan_limit_kbit
netsettings['interfaces']['list'][i][
'uploadBandwidthKbps'] = wan_limit_kbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
orig_network_settings_with_qos = copy.deepcopy(netsettings)
orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True
orig_network_settings_without_qos = copy.deepcopy(netsettings)
orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(
orig_network_settings_with_qos)
def initialSetUp(self):
global app, AD_RESULT, AD_RESULT, RADIUS_RESULT
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), default_policy_id)
AD_RESULT = subprocess.call(["ping", "-c", "1", global_functions.ad_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
RADIUS_RESULT = subprocess.call(["ping", "-c", "1", global_functions.radius_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# enable the API for testing
appSettings = app.getSettings()
appSettings['apiEnabled'] = True
app.setSettings(appSettings)
def finalTearDown(self):
global app, web_app
# remove all the apps in case test 103 does not remove them.
for name in apps_list:
if (uvmContext.appManager().isInstantiated(name)):
remove_app = uvmContext.appManager().app(name)
uvmContext.appManager().destroy(remove_app.getAppSettings()["id"])
if app != None:
app.setSettings(orig_settings)
if orig_mailsettings != None:
uvmContext.mailSender().setSettings(orig_mailsettings)
app = None
web_app = None
class VirusBlockerBaseTests(unittest2.TestCase):
@staticmethod
def appName():
return "untangle-base-virus-blocker"
@staticmethod
def shortName():
return "untangle"
@staticmethod
def displayName():
return "Virus Blocker Lite"
@staticmethod
def appNameSSLInspector():
return "ssl-inspector"
@staticmethod
def initialSetUp(self):
global app,md5StdNum, appSSL, appSSLData, canRelay
# download eicar and trojan files before installing virus blocker
self.ftpUserName, self.ftpPassword = global_functions.get_live_account_info("ftp")
remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file")
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com")
assert (result == 0)
result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftpServer + "/virus/fedexvirus.zip")
assert (result == 0)
md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True)
self.md5StdNum = md5StdNum
# print "md5StdNum <%s>" % md5StdNum
assert (result == 0)
try:
canRelay = global_functions.send_test_email(mailhost=testsiteIP)
except Exception,e:
canRelay = False
if (uvmContext.appManager().isInstantiated(self.appName())):
raise unittest2.SkipTest('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), defaultRackId)
self.app = app
if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()):
raise Exception('app %s already instantiated' % self.appNameSSLInspector())
appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), defaultRackId)
# appSSL.start() # leave app off. app doesn't auto-start
appSSLData = appSSL.getSettings()
def flush_events():
"""
Clear Intrusion Prevention events
"""
reports = uvmContext.appManager().app("reports")
if (reports != None):
reports.flushEvents()
def test_028_addFirewallToThirdRack(self):
global thirdRackFirewall
thirdRackFirewall = uvmContext.appManager().instantiate(
"firewall", thirdRackId)
assert (thirdRackFirewall != None)
result = remote_control.is_online()
assert (result == 0)
def initialSetUp(self):
global app, appWF, origNetworkSettings, origNetworkSettingsWithQoS, origNetworkSettingsWithoutQoS, preDownSpeedKbsec, wanLimitKbit, wanLimitMbit
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), defaultRackId)
settings = app.getSettings()
settings["configured"] = True
app.setSettings(settings)
app.start()
if (uvmContext.appManager().isInstantiated(self.appNameWF())):
raise Exception('app %s already instantiated' % self.appNameWF())
appWF = uvmContext.appManager().instantiate(self.appNameWF(), defaultRackId)
if origNetworkSettings == None:
origNetworkSettings = uvmContext.networkManager().getNetworkSettings()
# disable QoS
netsettings = copy.deepcopy( origNetworkSettings )
netsettings['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings( netsettings )
# measure speed
preDownSpeedKbsec = global_functions.get_download_speed()
# calculate QoS limits
wanLimitKbit = int((preDownSpeedKbsec*8) * .9)
# set max to 100Mbit, so that other limiting factors dont interfere
if wanLimitKbit > 100000: wanLimitKbit = 100000
wanLimitMbit = round(wanLimitKbit/1024,2)
# turn on QoS and set wan speed limits
netsettings = copy.deepcopy( origNetworkSettings )
netsettings['qosSettings']['qosEnabled'] = True
i = 0
for interface in netsettings['interfaces']['list']:
if interface['isWan']:
netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wanLimitKbit
netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wanLimitKbit
i += 1
netsettings['bypassRules']['list'] = []
netsettings['qosSettings']['qosRules']['list'] = []
# These store the "new" defaults with and without QoS
origNetworkSettingsWithQoS = copy.deepcopy( netsettings )
origNetworkSettingsWithQoS['qosSettings']['qosEnabled'] = True
origNetworkSettingsWithoutQoS = copy.deepcopy( netsettings )
origNetworkSettingsWithoutQoS['qosSettings']['qosEnabled'] = False
uvmContext.networkManager().setNetworkSettings(origNetworkSettingsWithQoS)
def initialSetUp(self):
global indexOfWans, app, appData, appWanFailover, appDataWanFailover, orig_netsettings, ip_address_testdestination
if (uvmContext.appManager().isInstantiated(self.appName())):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(), default_policy_id)
app.start()
appData = app.getSettings()
if (uvmContext.appManager().isInstantiated(self.appNameWanFailover())):
raise Exception('app %s already instantiated' % self.appNameWanFailover())
appWanFailover = uvmContext.appManager().instantiate(self.appNameWanFailover(), default_policy_id)
appWanFailover.start()
appWanFailoverData = appWanFailover.getSettings()
indexOfWans = global_functions.get_wan_tuples()
orig_netsettings = uvmContext.networkManager().getNetworkSettings()
ip_address_testdestination = socket.gethostbyname("test.untangle.com")
def initialSetUp(self):
global app, appData, appWeb, appWebData
if uvmContext.appManager().isInstantiated(self.appName()):
raise Exception('app %s already instantiated' % self.appName())
app = uvmContext.appManager().instantiate(self.appName(),
defaultRackId)
app.start() # must be called since the app doesn't auto-start
appData = app.getSettings()
if (uvmContext.appManager().isInstantiated(self.appWeb())):
raise Exception('app %s already instantiated' % self.appWeb())
appWeb = uvmContext.appManager().instantiate(self.appWeb(),
defaultRackId)
appWebData = appWeb.getSettings()
appData['ignoreRules']['list'].insert(
0, createSSLInspectRule(testedServerDomainWildcard))
app.setSettings(appData)
def test_022_addFirewallToSecondRack(self):
global secondRackFirewall
secondRackFirewall = uvmContext.appManager().instantiate("firewall", secondRackId)
assert (secondRackFirewall != None)
# add a block rule for the client IP
rules = secondRackFirewall.getRules()
rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.clientIP));
secondRackFirewall.setRules(rules);
