def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port",
self.port,
self.user.gid,
flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
class TestClientCertAuth(TestCase):
def setUp(self):
self.nuconfig = NuauthConf()
cacert = config.get("test_cert", "cacert")
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.nuconfig)
# Server
self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
self.nuconfig["nuauth_tls_request_cert"] = "2"
self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
"test_cert", "nuauth_key")
self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
"test_cert", "nuauth_cert")
self.nuauth = Nuauth(self.nuconfig)
def tearDown(self):
self.client.stop()
self.nuauth.stop()
self.userdb.desinstall()
self.nuconfig.desinstall()
def testValidCert(self):
# Client
cacert = config.get("test_cert", "cacert")
cert = config.get("test_cert", "user_cert")
key = config.get("test_cert", "user_key")
args = ["-C", cert, "-K", key, "-A", cacert]
self.client = self.user.createClient(more_args=args)
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testInvalidCert(self):
# Expired certificate
cacert = config.get("test_cert", "cacert")
cert = config.get("test_cert", "user_invalid_cert")
key = config.get("test_cert", "user_invalid_key")
args = ["-C", cert, "-K", key, "-A", cacert]
self.client = self.user.createClient(more_args=args)
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
class TestClientCertAuth(TestCase):
def setUp(self):
self.nuconfig = NuauthConf()
cacert = config.get("test_cert", "cacert")
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.nuconfig)
# Server
self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
self.nuconfig["nuauth_tls_request_cert"] = "2"
self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.nuauth = Nuauth(self.nuconfig)
def tearDown(self):
self.client.stop()
self.nuauth.stop()
self.userdb.desinstall()
self.nuconfig.desinstall()
def testValidCert(self):
# Client
cacert = config.get("test_cert", "cacert")
cert = config.get("test_cert", "user_cert")
key = config.get("test_cert", "user_key")
args = ["-C", cert, "-K", key, "-A", cacert]
self.client = self.user.createClient(more_args=args)
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testInvalidCert(self):
# Expired certificate
cacert = config.get("test_cert", "cacert")
cert = config.get("test_cert", "user_invalid_cert")
key = config.get("test_cert", "user_invalid_key")
args = ["-C", cert, "-K", key, "-A", cacert]
self.client = self.user.createClient(more_args=args)
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = "\"session_authtype\""
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
"test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
"test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def setUp(self):
self.nuconfig = NuauthConf()
cacert = config.get("test_cert", "cacert")
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.nuconfig)
# Server
self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
self.nuconfig["nuauth_tls_request_cert"] = "2"
self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
"test_cert", "nuauth_key")
self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
"test_cert", "nuauth_cert")
self.nuauth = Nuauth(self.nuconfig)
class TestClientAuth(TestCase):
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port",
self.port,
self.user.gid,
flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def tearDown(self):
self.acls.desinstall()
self.userdb.desinstall()
self.client.stop()
self.nuauth.stop()
self.iptables.flush()
def testValid(self):
# Connect client and filter port
self.assert_(connectClient(self.client))
self.iptables.filterTcp(self.port)
# Test connection without QoS (accept)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)
# Test connection with QoS (drop)
self.iptables.command(
"-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = '"session_authtype"'
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
class TestClientAuth(TestCase):
def setUp(self):
self.port = VALID_PORT
self.mark = 1
self.shift = 8
config = NuauthConf()
# Userdb
self.user = PlaintextUser("guest", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("port", self.port, self.user.gid, flags=(self.mark << self.shift))
self.acls.install(config)
# Load nuauth
config["nuauth_finalize_packet_module"] = '"mark_flag"'
config["mark_flag_mark_shift"] = 0
config["mark_flag_flag_shift"] = self.shift
config["mark_flag_nbits"] = 16
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw(["-m"])
self.client = self.user.createClientWithCerts()
def tearDown(self):
self.acls.desinstall()
self.userdb.desinstall()
self.client.stop()
self.nuauth.stop()
self.iptables.flush()
def testValid(self):
# Connect client and filter port
self.assert_(connectClient(self.client))
self.iptables.filterTcp(self.port)
# Test connection without QoS (accept)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), True)
# Test connection with QoS (drop)
self.iptables.command("-A POSTROUTING -t mangle -m mark --mark %s -j DROP" % self.mark)
self.assertEqual(connectTcp(HOST, self.port, TIMEOUT), False)
def setUp(self):
self.nuconfig = NuauthConf()
cacert = config.get("test_cert", "cacert")
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.nuconfig)
# Server
self.nuconfig["plaintext_userfile"] = '"%s"' % self.userdb.filename
self.nuconfig["nuauth_tls_auth_by_cert"] = "2"
self.nuconfig["nuauth_tls_request_cert"] = "2"
self.nuconfig["nuauth_tls_cacert"] = '"%s"' % cacert
self.nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
self.nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.nuauth = Nuauth(self.nuconfig)
def setUp(self):
self.expiration = DURATION
self.host = HOST
# Setup session_expire library
nuconfig = NuauthConf()
nuconfig['nuauth_user_session_modify_module'] = '"session_expire"'
nuconfig['nuauth_session_duration'] = str(self.expiration)
# Install temporary user database
self.userdb = PlaintextUserDB()
self.userdb.addUser(PlaintextUser(USERNAME, PASSWORD, 42, 42))
self.userdb.install(nuconfig)
self.acls = PlaintextAcl()
# Start nuauth
self.nuauth = Nuauth(nuconfig)
# Create client
self.client = createClientWithCerts()
def setUp(self):
self.port = VALID_PORT
config = NuauthConf()
# Userdb
self.user = PlaintextUser("visiteur", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(config)
self.acls = PlaintextAcl()
self.acls.addAcl("web", self.port, self.user.gid)
self.acls.install(config)
# Load nuauth
config["nuauth_do_ip_authentication"] = '1'
config["nuauth_ip_authentication_module"] = '"ipauth_guest"'
config["ipauth_guest_username"] = '******' % self.user.login
self.nuauth = Nuauth(config)
self.iptables = Iptables()
self.nufw = startNufw()
class TestClientCert(TestCase):
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = '"session_authtype"'
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def tearDown(self):
self.nuauth.stop()
self.client.stop()
def testCertAuthGroupOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testCertAuthGroupNOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = '"100"'
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
def testWhitelistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testWhitelistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testBlacklistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testBlacklistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testSASLAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = '"42"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testSASLAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = '"123"'
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
class TestClientCert(TestCase):
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"] = "\"session_authtype\""
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get(
"test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get(
"test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def tearDown(self):
self.nuauth.stop()
self.client.stop()
def testCertAuthGroupOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(connectClient(self.client))
def testCertAuthGroupNOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"100\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "******" % self.user.password
self.assert_(not connectClient(self.client))
def testWhitelistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testWhitelistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testBlacklistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testBlacklistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testSASLAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testSASLAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))