1%% 2%% %CopyrightBegin% 3%% 4%% Copyright Ericsson AB 2004-2016. All Rights Reserved. 5%% 6%% Licensed under the Apache License, Version 2.0 (the "License"); 7%% you may not use this file except in compliance with the License. 8%% You may obtain a copy of the License at 9%% 10%% http://www.apache.org/licenses/LICENSE-2.0 11%% 12%% Unless required by applicable law or agreed to in writing, software 13%% distributed under the License is distributed on an "AS IS" BASIS, 14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15%% See the License for the specific language governing permissions and 16%% limitations under the License. 17%% 18%% %CopyrightEnd% 19%% 20%% 21 22-module(orber_firewall_ipv6_out_SUITE). 23 24-include_lib("common_test/include/ct.hrl"). 25-include_lib("orber/include/corba.hrl"). 26-include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 27-include_lib("orber/src/orber_iiop.hrl"). 28-include_lib("orber/src/ifr_objects.hrl"). 29-include("idl_output/orber_test_server.hrl"). 30-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 31-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 32 33-define(default_timeout, test_server:minutes(15)). 34 35-define(match(ExpectedRes,Expr), 36 fun() -> 37 AcTuAlReS = (catch (Expr)), 38 case AcTuAlReS of 39 ExpectedRes -> 40 io:format("------ CORRECT RESULT ------~n~p~n", 41 [AcTuAlReS]), 42 AcTuAlReS; 43 _ -> 44 io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 45 [AcTuAlReS]), 46 exit(AcTuAlReS) 47 end 48 end()). 49 50%%----------------------------------------------------------------- 51%% External exports 52%%----------------------------------------------------------------- 53-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 54 init_per_suite/1, end_per_suite/1, 55 init_per_testcase/2, end_per_testcase/2, 56 deny_port_api/1, deny_port_range_api/1, deny_host_api/1, 57 allow_port_api/1, allow_port_range_api/1, allow_host_api/1, 58 local_interface_api/1]). 59 60%%----------------------------------------------------------------- 61%% Func: all/1 62%% Args: 63%% Returns: 64%%----------------------------------------------------------------- 65suite() -> [{ct_hooks,[ts_install_cth]}]. 66 67all() -> 68 cases(). 69 70groups() -> 71 []. 72 73init_per_group(_GroupName, Config) -> 74 Config. 75 76end_per_group(_GroupName, Config) -> 77 Config. 78 79 80%% NOTE - the fragment test cases must bu first since we explicitly set a request 81%% id. Otherwise, the request-id counter would be increased and we cannot know 82%% what it is. 83cases() -> 84 [deny_port_api, deny_port_range_api, deny_host_api, 85 allow_port_api, allow_port_range_api, allow_host_api, 86 local_interface_api]. 87 88 89init_per_testcase(_Case, Config) -> 90 Dog=test_server:timetrap(?default_timeout), 91 orber:jump_start([{iiop_port, 0}, 92 {iiop_out_ports, {5980, 6000}}, 93 {flags, ?ORB_ENV_USE_IPV6}]), 94 [{watchdog, Dog}|Config]. 95 96 97end_per_testcase(_Case, Config) -> 98 orber:jump_stop(), 99 Dog = proplists:get_value(watchdog, Config), 100 test_server:timetrap_cancel(Dog), 101 ok. 102 103init_per_suite(Config) -> 104 case orber_test_lib:version_ok() of 105 true -> 106 if 107 is_list(Config) -> 108 Config; 109 true -> 110 exit("Config not a list") 111 end; 112 Reason -> 113 Reason 114 end. 115 116end_per_suite(Config) -> 117 Config. 118 119 120%%----------------------------------------------------------------- 121%% Incomming connections - Deny 122%%----------------------------------------------------------------- 123%% Deny Access due to invalid local port 124deny_port_api(_Config) -> 125 [IP] = ?match([_], orber:host()), 126 ServerPort = orber:iiop_port(), 127 {ok, ServerNode, ServerHost} = 128 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 129 ?ORB_ENV_USE_ACL_OUTGOING)}, 130 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort+10)}]}])), 131 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 132 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 133 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 134% catch orber_test_lib:destroy_node(ServerNode, timeout), 135 ok. 136 137%% Deny Access due to invalid local port range 138deny_port_range_api(_Config) -> 139 [IP] = ?match([_], orber:host()), 140 ServerPort = orber:iiop_port(), 141 {ok, ServerNode, ServerHost} = 142 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 143 ?ORB_ENV_USE_ACL_OUTGOING)}, 144 {iiop_acl, [{tcp_out, IP++"/128#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])), 145 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 146 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 147 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 148% catch orber_test_lib:destroy_node(ServerNode, timeout), 149 ok. 150 151 152%% Deny Access due to invalid host 153deny_host_api(_Config) -> 154 {ok, ServerNode, ServerHost} = 155 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 156 ?ORB_ENV_USE_ACL_OUTGOING)}, 157 {iiop_acl, [{tcp_out, "0:0:0:0:0:0:10.1.1.1/128"}]}])), 158 ServerPort = orber:iiop_port(), 159 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 160 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 161 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 162% catch orber_test_lib:destroy_node(ServerNode, timeout), 163 ok. 164 165%%----------------------------------------------------------------- 166%% Incomming connections - Allow 167%%----------------------------------------------------------------- 168%% Allow Access due to valid local port 169allow_port_api(_Config) -> 170 [IP] = ?match([_], orber:host()), 171 ServerPort = orber:iiop_port(), 172 {ok, ServerNode, ServerHost} = 173 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 174 ?ORB_ENV_USE_ACL_OUTGOING)}, 175 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort)}]}])), 176 IOR = 177 ?match({'IOP_IOR',_,_}, 178 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 179 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 180 ?match(false, 181 orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 182% catch orber_test_lib:destroy_node(ServerNode, timeout), 183 ok. 184 185%% Allow Access due to valid local port range 186allow_port_range_api(_Config) -> 187 [IP] = ?match([_], orber:host()), 188 ServerPort = orber:iiop_port(), 189 {ok, ServerNode, ServerHost} = 190 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 191 ?ORB_ENV_USE_ACL_OUTGOING)}, 192 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])), 193 IOR = 194 ?match({'IOP_IOR',_,_}, 195 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 196 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 197 ?match(false, 198 orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 199% catch orber_test_lib:destroy_node(ServerNode, timeout), 200 ok. 201 202 203%% Allow Access due to valid host 204allow_host_api(_Config) -> 205 [IP] = ?match([_], orber:host()), 206 {ok, ServerNode, ServerHost} = 207 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 208 ?ORB_ENV_USE_ACL_OUTGOING)}, 209 {iiop_acl, [{tcp_out, IP}]}])), 210 ServerPort = orber:iiop_port(), 211 IOR = 212 ?match({'IOP_IOR',_,_}, 213 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 214 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 215 ?match(false, 216 orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 217% catch orber_test_lib:destroy_node(ServerNode, timeout), 218 ok. 219 220%% Allow Access due to valid host via a spcific interface 221local_interface_api(_Config) -> 222 [IP] = ?match([_], orber:host()), 223 {ok, ServerNode, ServerHost} = 224 ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 225 ?ORB_ENV_USE_ACL_OUTGOING)}, 226 {iiop_acl, [{tcp_out, IP, [IP]}]}])), 227 ServerPort = orber:iiop_port(), 228 IOR = 229 ?match({'IOP_IOR',_,_}, 230 orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 231 ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 232 ?match(false, 233 orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 234% catch orber_test_lib:destroy_node(ServerNode, timeout), 235 ok. 236 237