def setUp(self): self.port = VALID_PORT self.mark = 1 self.shift = 8 config = NuauthConf() # Userdb self.user = PlaintextUser("guest", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(config) self.acls = PlaintextAcl() self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift)) self.acls.install(config) # Load nuauth config["nuauth_finalize_packet_module"] = '"mark_flag"' config["mark_flag_mark_shift"] = 0 config["mark_flag_flag_shift"] = self.shift config["mark_flag_nbits"] = 16 self.nuauth = Nuauth(config) self.iptables = Iptables() self.nufw = startNufw(["-m"]) self.client = self.user.createClientWithCerts()
def setUp(self): # Load nuauth nuconfig = NuauthConf() self.nuauth = Nuauth(nuconfig) # Create client self.client = createClientWithCerts()
def setUp(self): startNufw(["-s"]) config = NuauthConf() config["nuauth_log_users"] = '9' config["mysql_prefix_version"] = '1' if POSTGRESQL: config.need_restart = True self.conn = pgdb.connect(host=DB_SERVER, user=DB_USER, password=DB_PASSWORD, database=DB_DBNAME) config["nuauth_user_logs_module"] = '"pgsql"' config["nuauth_user_session_logs_module"] = '"pgsql"' else: self.conn = MySQLdb.Connect(host=DB_SERVER, user=DB_USER, passwd=DB_PASSWORD, db=DB_DBNAME) config["nuauth_user_logs_module"] = '"mysql"' config["nuauth_user_session_logs_module"] = '"mysql"' self.users = USERDB self.user = self.users[0] self.acls = PlaintextAcl() self.acls.addAcl("web", VALID_PORT, self.user.gid, log_prefix=LOG_PREFIX) self.users.install(config) self.acls.install(config) self.nuauth = Nuauth(config) self.start_time = int(time() - 1.1)
def testBlacklistAuthNOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_blacklist_groups"] = "\"42\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(not connectClient(self.client))
def testSASLAuthNOK(self): self.config["nuauth_tls_auth_by_cert"] = 0 self.config["session_authtype_sasl_groups"] = "\"123\"" self.nuauth = Nuauth(self.config) self.client = self.user.createClientWithCerts() self.assert_(not connectClient(self.client))
def testDrop(self): self.config["nuauth_reject_after_timeout"] = "0" self.config["nuauth_reject_authenticated_drop"] = "0" self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testPortFailure(self, self.iptables, client, VALID_PORT, ETIMEDOUT) client.stop()
def testRejectAuthenticated(self): self.config["nuauth_reject_after_timeout"] = 0 self.config["nuauth_reject_authenticated_drop"] = 1 self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testPortFailure(self, self.iptables, client, VALID_PORT, ECONNREFUSED) client.stop()
def testCertAuthGroupNOK(self): self.config["nuauth_tls_auth_by_cert"] = "2" self.config["session_authtype_ssl_groups"] = "\"100\"" self.nuauth = Nuauth(self.config) # Client self.client = self.user.createClientWithCerts() self.client.password = "******" % self.user.password self.assert_(not connectClient(self.client))
def startNuauth(self, dict_args=None): self.cacert = abspath(config.get("test_cert", "cacert")) self.nuconfig = NuauthConf() if dict_args is None: dict_args = dict() for key in dict_args.keys(): self.nuconfig[key] = dict_args[key] self.nuauth = Nuauth(self.nuconfig)
def testOutdevOk(self): self.acls.addAclFull("outdev test", self.host, VALID_PORT, self.users[0].gid, outdev = IFACE) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) self.acls.desinstall()
def testInvalidOS(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, OS=OS_NAME+"xxx") self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host, allow=False) self.acls.desinstall()
def testValidApplication(self): self.acls.addAclFull("application", self.host, VALID_PORT, self.users[0].gid, App=APPLICATION) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) self.acls.desinstall()
def setUp(self): self.iptables = Iptables() self.iptables.command( '-A OUTPUT -p tcp --sport %u -d %s --tcp-flags SYN,ACK SYN,ACK -j NFQUEUE' % (VALID_PORT, HOST)) config = NuauthConf() self.nuauth = Nuauth(config) self.nufw = startNufw()
def setUp(self): self.iptables = Iptables() self.port = VALID_PORT self.host = HOST self.cacert = config.get("test_cert", "cacert") self.nuconfig = NuauthConf() self.nuconfig["nuauth_tls_auth_by_cert"] = "0" self.nuauth = Nuauth(self.nuconfig)
def testFilterByUser(self): self.acls.addAclPerUid("Web user", self.host, VALID_PORT, self.users[0].uid) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client, self.host) testDisallowPort(self, self.iptables, client, self.host) self.acls.desinstall()
def startNuauth(self, dict_args=None): self.nuconfig = NuauthConf() self.nuconfig["nuauth_tls_request_cert"] = "2" self.nuconfig["nuauth_tls_crl"] = '"%s"' % abspath( config.get("test_cert", "crl")) if dict_args is None: dict_args = dict() for key in dict_args.keys(): self.nuconfig[key] = dict_args[key] self.nuauth = Nuauth(self.nuconfig)
def setUp(self): # Prepare our new scripts self.script_up = ReplaceFile(SCRIPT_UP, SCRIPT % "UP", MODE) self.script_down = ReplaceFile(SCRIPT_DOWN, SCRIPT % "DOWN", MODE) self.script_up.install() self.script_down.install() # Create nuauth config = NuauthConf() config["nuauth_user_session_logs_module"] = '"script"' self.nuauth = Nuauth(config)
def testLoginNormal(self): # Change login policy to 0 self.config["nuauth_single_ip_client_limit"] = 0 self.config["nuauth_single_user_client_limit"] = 0 self.nuauth = Nuauth(self.config) # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user2 client2 = self.userB.createClientWithCerts() self.assert_(connectClient(client2)) client1.stop() client2.stop()
def testLoginIP(self): # Change login policy to 1 login/IP self.config["nuauth_single_ip_client_limit"] = 1 self.config["nuauth_single_user_client_limit"] = 0 self.nuauth = Nuauth(self.config) # Different users can't log from same IP # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user2 client2 = self.userB.createClientWithCerts() self.assert_(not connectClient(client2)) client1.stop() client2.stop()
def testLoginOne(self): # Change login policy to 1 login/user self.config["nuauth_single_ip_client_limit"] = 0 self.config["nuauth_single_user_client_limit"] = 1 self.nuauth = Nuauth(self.config) # User can't log twice # Test user1 client1 = self.userA.createClientWithCerts() self.assert_(connectClient(client1)) # Test user1 client2 = self.userA.createClientWithCerts() self.assert_(not connectClient(client2)) client1.stop() client2.stop()
def testPeriodAccept(self): self.acls.desinstall() self.acls = PlaintextAcl() if time.localtime().tm_hour < 12: period = "0-12" else: period = "12-24" self.acls.addAcl("web", VALID_PORT, self.users[0].gid, 1, period=period) self.acls.install(self.config) self.nuauth = Nuauth(self.config) user = self.users[0] client = user.createClientWithCerts() testAllowPort(self, self.iptables, client) self.acls.desinstall()
def setUp(self): self.expiration = DURATION self.host = HOST # Setup session_expire library nuconfig = NuauthConf() nuconfig['nuauth_user_session_modify_module'] = '"session_expire"' nuconfig['nuauth_session_duration'] = str(self.expiration) # Install temporary user database self.userdb = PlaintextUserDB() self.userdb.addUser(PlaintextUser(USERNAME, PASSWORD, 42, 42)) self.userdb.install(nuconfig) self.acls = PlaintextAcl() # Start nuauth self.nuauth = Nuauth(nuconfig) # Create client self.client = createClientWithCerts()
def setUp(self): self.nuconfig = NuauthConf() cacert = config.get("test_cert", "cacert") # Userdb self.user = PlaintextUser("user", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(self.nuconfig) # Server self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename self.nuconfig["nuauth_tls_auth_by_cert"] = "2" self.nuconfig["nuauth_tls_request_cert"] = "2" self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get( "test_cert", "nuauth_key") self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get( "test_cert", "nuauth_cert") self.nuauth = Nuauth(self.nuconfig)
def setUp(self): self.port = VALID_PORT config = NuauthConf() # Userdb self.user = PlaintextUser("visiteur", "nopassword", 42, 42) self.userdb = PlaintextUserDB() self.userdb.addUser(self.user) self.userdb.install(config) self.acls = PlaintextAcl() self.acls.addAcl("web", self.port, self.user.gid) self.acls.install(config) # Load nuauth config["nuauth_do_ip_authentication"] = '1' config["nuauth_ip_authentication_module"] = '"ipauth_guest"' config["ipauth_guest_username"] = '******' % self.user.login self.nuauth = Nuauth(config) self.iptables = Iptables() self.nufw = startNufw()
def setUp(self): self.dst_host = socket.gethostbyname(HOST) self.config = NuauthConf() self.acls = PlaintextAcl() self.acls.addAclFull("web", self.dst_host, VALID_PORT, USERDB[0].gid, 1, period='10 secs' ) self.acls.install(self.config) self.period = PlainPeriodXML() self.period.addPeriod(Period("10 secs", duration = 10)) self.period.install(self.config) self.users = USERDB self.users.install(self.config) self.nuauth = Nuauth(self.config) self.nufw = startNufw() self.iptables = Iptables() self.iptables.flush() self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 --syn -m state --state NEW -j NFQUEUE' % self.dst_host) self.iptables.command('-I OUTPUT -d %s -p tcp --dport 80 ! --syn -m state --state NEW -j DROP' % self.dst_host)
def testRejectTimedout(self): self.config["nuauth_reject_after_timeout"] = "1" self.config["nuauth_reject_authenticated_drop"] = "0" self.nuauth = Nuauth(self.config) testPortFailure(self, self.iptables, None, VALID_PORT, ECONNREFUSED)
def setUp(self): config = NuauthConf() self.users = USERDB self.users.install(config) self.nuauth = Nuauth(config)
def setUp(self): # Start nuauth with our config nuconfig = NuauthConf() nuconfig["nuauth_user_check_module"] = '"system"' self.nuauth = Nuauth(nuconfig)
def setUp(self): self.cacert = config.get("test_cert", "cacert") nuconfig = NuauthConf() nuconfig["nuauth_tls_auth_by_cert"] = "0" nuconfig["nuauth_tls_request_cert"] = "0" self.nuauth = Nuauth(nuconfig)
def setUp(self): config = getNuauthConf() config["nuauth_tls_request_cert"] = "0" config["nuauth_user_logs_module"] = '"syslog"' config["nuauth_user_session_logs_module"] = '"syslog"' self.nuauth = Nuauth(config)