def initialSetUp(self): global app, orig_netsettings, ipsecHostResult, l2tpClientHostResult, appAD, appDataRD, radiusResult tunnelUp = False if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) if (uvmContext.appManager().isInstantiated(self.appNameAD())): raise unittest2.SkipTest('app %s already instantiated' % self.appName()) if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() appAD = uvmContext.appManager().instantiate(self.appNameAD(), defaultRackId) appDataRD = appAD.getSettings().get('radiusSettings') ipsecHostResult = subprocess.call(["ping", "-c", "1", ipsecHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) l2tpClientHostResult = subprocess.call( ["ping", "-c", "1", l2tpClientHost], stdout=subprocess.PIPE, stderr=subprocess.PIPE) radiusResult = subprocess.call( ["ping", "-c", "1", global_functions.radiusServer], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def initialSetUp(self): global app if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) app.start() # must be called since ad blocker doesn't auto-start
def test_023_childShouldNotEffectParent(self): # add a child that blocks everything blockRackId = addRack(name="Block Rack", parentId=default_policy_id) blockRackFirewall = uvmContext.appManager().instantiate("firewall", blockRackId) assert (blockRackFirewall != None) # add a block rule for the client IP rules = blockRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.clientIP)); blockRackFirewall.setRules(rules); # client should still be online result = remote_control.is_online() assert (result == 0) uvmContext.appManager().destroy( blockRackFirewall.getAppSettings()["id"] ) assert (removeRack(blockRackId)) # Get the IP address of test.untangle.com test_untangle_com_ip = socket.gethostbyname("test.untangle.com") events = global_functions.get_events('Policy Manager','All Events',None,100) assert(events != None) found = global_functions.check_events( events.get('list'), 100, "s_server_addr", str(test_untangle_com_ip), "policy_id", 1, "c_client_addr", remote_control.clientIP) assert( found )
def initialSetUp(self): global appData, app if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) appData = app.getSettings() remote_control.run_command("rm -f ./authpost\?*")
def initialSetUp(self): global app if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) app.start()
def test_040_localCaptivePortalToSecondRack(self): global defaultRackCaptivePortal remote_control.run_command("rm -f /tmp/policy_test_040*") defaultRackCaptivePortal = uvmContext.appManager().instantiate("captive-portal", default_policy_id) assert (defaultRackCaptivePortal != None) defaultRackCaptivePortalData = defaultRackCaptivePortal.getSettings() # turn default capture rule on and basic login defaultRackCaptivePortalData['captureRules']['list'][0]['enabled'] = True defaultRackCaptivePortalData['authenticationType']="LOCAL_DIRECTORY" defaultRackCaptivePortalData['pageType'] = "BASIC_LOGIN" defaultRackCaptivePortal.setSettings(defaultRackCaptivePortalData) # Create local directory user 'test20' uvmContext.localDirectory().setUsers(createLocalDirectoryUser()) # check host table and remove username for host IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) userHost['username'] = "" userHost['usernameCaptivePortal'] = "" uvmContext.hostTable().setHostTableEntry(remote_control.clientIP,userHost) # userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) # print userHost nukeRules() appendRule(createPolicySingleConditionRule("USERNAME","[authenticated]", secondRackId)) # check that basic captive page is shown result = remote_control.run_command("wget -4 -t 2 --timeout=5 -a /tmp/policy_test_040.log -O /tmp/policy_test_040.out http://www.google.com/") assert (result == 0) search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040.out") assert (search == 0) # check if local directory login and password works ipfind = remote_control.run_command("grep 'Location' /tmp/policy_test_040.log",stdout=True) ip = re.findall( r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(?:[0-9:]{0,6})', ipfind ) captureIP = ip[0] print 'Capture IP address is %s' % captureIP appid = str(defaultRackCaptivePortal.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command("wget -q -O /dev/null -t 2 --timeout=5 \'http://" + captureIP + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=" + captureIP + "&uri=/\'") assert (result == 0) # verify the username is assigned to the IP userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) assert (userHost['username'] == "test20") userHost = uvmContext.hostTable().getHostTableEntry(remote_control.clientIP) # firewall on rack 2 is blocking all, we should not get the test.untangle.com page result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040a.log -O /tmp/policy_test_040a.out http://www.google.com/") search = remote_control.run_command("grep -q 'Hi!' /tmp/policy_test_040a.out") assert (search != 0) # Or the captive page search = remote_control.run_command("grep -q 'username and password' /tmp/policy_test_040a.out") assert (search != 0) # Logout result = remote_control.run_command("wget -q -O /dev/null -4 -t 2 --timeout=5 -a /tmp/policy_test_040b.log -O /tmp/policy_test_040b.out http://" + captureIP + "/capture/logout") assert (result == 0) search = remote_control.run_command("grep -q 'logged out' /tmp/policy_test_040b.out") assert (search == 0) # remove captive portal and test user uvmContext.localDirectory().setUsers(removeLocalDirectoryUser()) uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] ) defaultRackCaptivePortal = None
def initialSetUp(self): global app, appWeb, appData, vpnHostResult, vpnClientResult, vpnServerResult if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) app.start() appWeb = None if (uvmContext.appManager().isInstantiated(self.appWebName())): raise Exception('app %s already instantiated' % self.appWebName()) appWeb = uvmContext.appManager().instantiate(self.appWebName(), defaultRackId) vpnHostResult = subprocess.call( ["ping", "-W", "5", "-c", "1", global_functions.vpnServerVpnIP], stdout=subprocess.PIPE, stderr=subprocess.PIPE) vpnClientResult = subprocess.call( ["ping", "-W", "5", "-c", "1", global_functions.vpnClientVpnIP], stdout=subprocess.PIPE, stderr=subprocess.PIPE) wanIP = uvmContext.networkManager().getFirstWanAddress() if vpnClientResult == 0: vpnServerResult = remote_control.run_command( "ping -W 5 -c 1 " + wanIP, host=global_functions.vpnClientVpnIP) else: vpnServerResult = 1
def initialSetUp(self): global app if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_rack_id) self.intrusion_prevention_interface = IntrusionPreventionInterface( app.getAppSettings()["id"]) self.intrusion_prevention_interface.setup() # create blank ruleset to start patch = copy.deepcopy( IntrusionPreventionInterface.config_request_patch_template) ## !!!! ARGH! patch["activeGroups"] = { "classtypes": "custom", "classtypesSelected": [], "categories": "custom", "categoriesSelected": [] } self.intrusion_prevention_interface.config_request("save", patch) app.reconfigure() app.start( ) # must be called since intrusion-prevention doesn't auto-start
def initialSetUp(self): global app if (uvmContext.appManager().isInstantiated(self.appName())): app = uvmContext.appManager().app(self.appName()) else: app = uvmContext.appManager().instantiate(self.appName(), defaultRackId)
def test_030_test_smtp_settings(self): if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') # Test mail setting in config -> email -> outgoing server if (uvmContext.appManager().isInstantiated(self.appNameSpamCase())): print "smtp case present" else: print "smtp not present" uvmContext.appManager().instantiate(self.appNameSpamCase(), 1) appSP = uvmContext.appManager().app(self.appNameSpamCase()) origAppDataSP = appSP.getSmtpSettings() origMailsettings = uvmContext.mailSender().getSettings() # print appDataSP newMailsettings = copy.deepcopy(origMailsettings) newMailsettings['smtpHost'] = global_functions.testServerHost newMailsettings['smtpPort'] = "6800" newMailsettings['sendMethod'] = 'CUSTOM' uvmContext.mailSender().setSettings(newMailsettings) time.sleep(10) # give it time for exim to restart appDataSP = appSP.getSmtpSettings() appSP.setSmtpSettingsWithoutSafelists(appDataSP) recipient = global_functions.random_email() uvmContext.mailSender().sendTestMessage(recipient) time.sleep(2) # force exim to flush queue subprocess.call(["exim -qff >/dev/null 2>&1"],shell=True,stdout=None,stderr=None) time.sleep(10) uvmContext.mailSender().setSettings(origMailsettings) appSP.setSmtpSettingsWithoutSafelists(origAppDataSP) emailContext = remote_control.run_command("wget -q --timeout=5 -O - http://test.untangle.com/cgi-bin/getEmail.py?toaddress=" + recipient + " 2>&1" ,stdout=True) assert('Test Message' in emailContext)
def finalTearDown(self): global app, appSSL if app != None: uvmContext.appManager().destroy(app.getAppSettings()["id"]) app = None if appSSL != None: uvmContext.appManager().destroy(appSSL.getAppSettings()["id"]) appSSL = None
def initialSetUp(self): global app,default_enabled, orig_netsettings if orig_netsettings == None: orig_netsettings = uvmContext.networkManager().getNetworkSettings() if (not uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().app(self.appName()) default_enabled = app.getSettings()['shieldEnabled']
def initialSetUp(self): global appSettings, app if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) appSettings = app.getSettings() # run a few sessions so that the classd daemon starts classifying for i in range(2): remote_control.is_online()
def initialSetUp(self): if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) appmetrics = uvmContext.metricManager().getMetrics( app.getAppSettings()["id"]) self.app = app
def finalTearDown(self): global app, defaultRackCaptivePortal if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if defaultRackCaptivePortal != None: uvmContext.appManager().destroy( defaultRackCaptivePortal.getAppSettings()["id"] ) defaultRackCaptivePortal = None
def finalTearDown(self): """ Tear down """ global app if app != None: uvmContext.appManager().destroy(app.getAppSettings()["id"]) app = None
def initialSetUp(self): global indexOfWans, appData, app, orig_netsettings orig_netsettings = uvmContext.networkManager().getNetworkSettings() if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) app.start() appData = app.getSettings() indexOfWans = global_functions.get_wan_tuples()
def finalTearDown(self): global app, web_app if app != None: app.setSettings(orig_settings) if web_app != None: uvmContext.appManager().destroy(web_app.getAppSettings()["id"]) web_app = None if orig_mailsettings != None: uvmContext.mailSender().setSettings(orig_mailsettings) app = None
def finalTearDown(self): global app, appWanFailover # Restore original settings to return to initial settings if app != None: uvmContext.appManager().destroy( app.getAppSettings()["id"] ) app = None if appWanFailover != None: uvmContext.appManager().destroy( appWanFailover.getAppSettings()["id"] ) appWanFailover = None if orig_netsettings != None: uvmContext.networkManager().setNetworkSettings(orig_netsettings)
def finalTearDown(self): global app, appAD # Restore original settings to return to initial settings # print "orig_netsettings <%s>" % orig_netsettings uvmContext.networkManager().setNetworkSettings(orig_netsettings) if app != None: uvmContext.appManager().destroy(app.getAppSettings()["id"]) app = None if appAD != None: uvmContext.appManager().destroy(appAD.getAppSettings()["id"]) appAD = None
def initialSetUp(self): global app, app_web_filter, orig_network_settings, orig_network_settings_with_qos, orig_network_settings_without_qos, pre_down_speed_kbit, wan_limit_kbit, wan_limit_mbit if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) app_web_filter = uvmContext.appManager().instantiate( self.appNameWF(), default_policy_id) if orig_network_settings == None: orig_network_settings = uvmContext.networkManager( ).getNetworkSettings() # disable QoS netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(netsettings) # measure speed pre_down_speed_kbit = global_functions.get_download_speed( download_server="test.untangle.com") # calculate QoS limits wan_limit_kbit = int((pre_down_speed_kbit * 8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wan_limit_kbit > 100000: wan_limit_kbit = 100000 wan_limit_mbit = round(wan_limit_kbit / 1024, 2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy(orig_network_settings) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i][ 'downloadBandwidthKbps'] = wan_limit_kbit netsettings['interfaces']['list'][i][ 'uploadBandwidthKbps'] = wan_limit_kbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS orig_network_settings_with_qos = copy.deepcopy(netsettings) orig_network_settings_with_qos['qosSettings']['qosEnabled'] = True orig_network_settings_without_qos = copy.deepcopy(netsettings) orig_network_settings_without_qos['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos)
def initialSetUp(self): global app, AD_RESULT, AD_RESULT, RADIUS_RESULT if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) AD_RESULT = subprocess.call(["ping", "-c", "1", global_functions.ad_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) RADIUS_RESULT = subprocess.call(["ping", "-c", "1", global_functions.radius_server], stdout=subprocess.PIPE, stderr=subprocess.PIPE) # enable the API for testing appSettings = app.getSettings() appSettings['apiEnabled'] = True app.setSettings(appSettings)
def finalTearDown(self): global app, web_app # remove all the apps in case test 103 does not remove them. for name in apps_list: if (uvmContext.appManager().isInstantiated(name)): remove_app = uvmContext.appManager().app(name) uvmContext.appManager().destroy(remove_app.getAppSettings()["id"]) if app != None: app.setSettings(orig_settings) if orig_mailsettings != None: uvmContext.mailSender().setSettings(orig_mailsettings) app = None web_app = None
class VirusBlockerBaseTests(unittest2.TestCase): @staticmethod def appName(): return "untangle-base-virus-blocker" @staticmethod def shortName(): return "untangle" @staticmethod def displayName(): return "Virus Blocker Lite" @staticmethod def appNameSSLInspector(): return "ssl-inspector" @staticmethod def initialSetUp(self): global app,md5StdNum, appSSL, appSSLData, canRelay # download eicar and trojan files before installing virus blocker self.ftpUserName, self.ftpPassword = global_functions.get_live_account_info("ftp") remote_control.run_command("rm -f /tmp/eicar /tmp/std_022_ftpVirusBlocked_file /tmp/temp_022_ftpVirusPassSite_file") result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/eicar http://test.untangle.com/virus/eicar.com") assert (result == 0) result = remote_control.run_command("wget --user="******" --password='******' -q -O /tmp/std_022_ftpVirusBlocked_file ftp://" + global_functions.ftpServer + "/virus/fedexvirus.zip") assert (result == 0) md5StdNum = remote_control.run_command("\"md5sum /tmp/std_022_ftpVirusBlocked_file | awk '{print $1}'\"", stdout=True) self.md5StdNum = md5StdNum # print "md5StdNum <%s>" % md5StdNum assert (result == 0) try: canRelay = global_functions.send_test_email(mailhost=testsiteIP) except Exception,e: canRelay = False if (uvmContext.appManager().isInstantiated(self.appName())): raise unittest2.SkipTest('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) self.app = app if uvmContext.appManager().isInstantiated(self.appNameSSLInspector()): raise Exception('app %s already instantiated' % self.appNameSSLInspector()) appSSL = uvmContext.appManager().instantiate(self.appNameSSLInspector(), defaultRackId) # appSSL.start() # leave app off. app doesn't auto-start appSSLData = appSSL.getSettings()
def flush_events(): """ Clear Intrusion Prevention events """ reports = uvmContext.appManager().app("reports") if (reports != None): reports.flushEvents()
def test_028_addFirewallToThirdRack(self): global thirdRackFirewall thirdRackFirewall = uvmContext.appManager().instantiate( "firewall", thirdRackId) assert (thirdRackFirewall != None) result = remote_control.is_online() assert (result == 0)
def initialSetUp(self): global app, appWF, origNetworkSettings, origNetworkSettingsWithQoS, origNetworkSettingsWithoutQoS, preDownSpeedKbsec, wanLimitKbit, wanLimitMbit if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) settings = app.getSettings() settings["configured"] = True app.setSettings(settings) app.start() if (uvmContext.appManager().isInstantiated(self.appNameWF())): raise Exception('app %s already instantiated' % self.appNameWF()) appWF = uvmContext.appManager().instantiate(self.appNameWF(), defaultRackId) if origNetworkSettings == None: origNetworkSettings = uvmContext.networkManager().getNetworkSettings() # disable QoS netsettings = copy.deepcopy( origNetworkSettings ) netsettings['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings( netsettings ) # measure speed preDownSpeedKbsec = global_functions.get_download_speed() # calculate QoS limits wanLimitKbit = int((preDownSpeedKbsec*8) * .9) # set max to 100Mbit, so that other limiting factors dont interfere if wanLimitKbit > 100000: wanLimitKbit = 100000 wanLimitMbit = round(wanLimitKbit/1024,2) # turn on QoS and set wan speed limits netsettings = copy.deepcopy( origNetworkSettings ) netsettings['qosSettings']['qosEnabled'] = True i = 0 for interface in netsettings['interfaces']['list']: if interface['isWan']: netsettings['interfaces']['list'][i]['downloadBandwidthKbps']=wanLimitKbit netsettings['interfaces']['list'][i]['uploadBandwidthKbps']=wanLimitKbit i += 1 netsettings['bypassRules']['list'] = [] netsettings['qosSettings']['qosRules']['list'] = [] # These store the "new" defaults with and without QoS origNetworkSettingsWithQoS = copy.deepcopy( netsettings ) origNetworkSettingsWithQoS['qosSettings']['qosEnabled'] = True origNetworkSettingsWithoutQoS = copy.deepcopy( netsettings ) origNetworkSettingsWithoutQoS['qosSettings']['qosEnabled'] = False uvmContext.networkManager().setNetworkSettings(origNetworkSettingsWithQoS)
def initialSetUp(self): global indexOfWans, app, appData, appWanFailover, appDataWanFailover, orig_netsettings, ip_address_testdestination if (uvmContext.appManager().isInstantiated(self.appName())): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), default_policy_id) app.start() appData = app.getSettings() if (uvmContext.appManager().isInstantiated(self.appNameWanFailover())): raise Exception('app %s already instantiated' % self.appNameWanFailover()) appWanFailover = uvmContext.appManager().instantiate(self.appNameWanFailover(), default_policy_id) appWanFailover.start() appWanFailoverData = appWanFailover.getSettings() indexOfWans = global_functions.get_wan_tuples() orig_netsettings = uvmContext.networkManager().getNetworkSettings() ip_address_testdestination = socket.gethostbyname("test.untangle.com")
def initialSetUp(self): global app, appData, appWeb, appWebData if uvmContext.appManager().isInstantiated(self.appName()): raise Exception('app %s already instantiated' % self.appName()) app = uvmContext.appManager().instantiate(self.appName(), defaultRackId) app.start() # must be called since the app doesn't auto-start appData = app.getSettings() if (uvmContext.appManager().isInstantiated(self.appWeb())): raise Exception('app %s already instantiated' % self.appWeb()) appWeb = uvmContext.appManager().instantiate(self.appWeb(), defaultRackId) appWebData = appWeb.getSettings() appData['ignoreRules']['list'].insert( 0, createSSLInspectRule(testedServerDomainWildcard)) app.setSettings(appData)
def test_022_addFirewallToSecondRack(self): global secondRackFirewall secondRackFirewall = uvmContext.appManager().instantiate("firewall", secondRackId) assert (secondRackFirewall != None) # add a block rule for the client IP rules = secondRackFirewall.getRules() rules["list"].append(createFirewallSingleConditionRule("SRC_ADDR",remote_control.clientIP)); secondRackFirewall.setRules(rules);