1%%
2%% %CopyrightBegin%
3%%
4%% Copyright Ericsson AB 2004-2016. All Rights Reserved.
5%%
6%% Licensed under the Apache License, Version 2.0 (the "License");
7%% you may not use this file except in compliance with the License.
8%% You may obtain a copy of the License at
9%%
10%%     http://www.apache.org/licenses/LICENSE-2.0
11%%
12%% Unless required by applicable law or agreed to in writing, software
13%% distributed under the License is distributed on an "AS IS" BASIS,
14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15%% See the License for the specific language governing permissions and
16%% limitations under the License.
17%%
18%% %CopyrightEnd%
19%%
20%%
21
22-module(orber_firewall_ipv6_out_SUITE).
23
24-include_lib("common_test/include/ct.hrl").
25-include_lib("orber/include/corba.hrl").
26-include_lib("orber/COSS/CosNaming/CosNaming.hrl").
27-include_lib("orber/src/orber_iiop.hrl").
28-include_lib("orber/src/ifr_objects.hrl").
29-include("idl_output/orber_test_server.hrl").
30-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
31-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
32
33-define(default_timeout, test_server:minutes(15)).
34
35-define(match(ExpectedRes,Expr),
36	fun() ->
37		AcTuAlReS = (catch (Expr)),
38		case AcTuAlReS of
39		    ExpectedRes ->
40			io:format("------ CORRECT RESULT ------~n~p~n",
41				 [AcTuAlReS]),
42			AcTuAlReS;
43		    _ ->
44			io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
45				  [AcTuAlReS]),
46			exit(AcTuAlReS)
47		end
48	end()).
49
50%%-----------------------------------------------------------------
51%% External exports
52%%-----------------------------------------------------------------
53-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
54	 init_per_suite/1, end_per_suite/1,
55	 init_per_testcase/2, end_per_testcase/2,
56	 deny_port_api/1, deny_port_range_api/1, deny_host_api/1,
57	 allow_port_api/1, allow_port_range_api/1, allow_host_api/1,
58	 local_interface_api/1]).
59
60%%-----------------------------------------------------------------
61%% Func: all/1
62%% Args:
63%% Returns:
64%%-----------------------------------------------------------------
65suite() -> [{ct_hooks,[ts_install_cth]}].
66
67all() ->
68    cases().
69
70groups() ->
71    [].
72
73init_per_group(_GroupName, Config) ->
74    Config.
75
76end_per_group(_GroupName, Config) ->
77    Config.
78
79
80%% NOTE - the fragment test cases must bu first since we explicitly set a request
81%% id. Otherwise, the request-id counter would be increased and we cannot know
82%% what it is.
83cases() ->
84    [deny_port_api, deny_port_range_api, deny_host_api,
85     allow_port_api, allow_port_range_api, allow_host_api,
86     local_interface_api].
87
88
89init_per_testcase(_Case, Config) ->
90    Dog=test_server:timetrap(?default_timeout),
91    orber:jump_start([{iiop_port, 0},
92		      {iiop_out_ports, {5980, 6000}},
93		      {flags, ?ORB_ENV_USE_IPV6}]),
94    [{watchdog, Dog}|Config].
95
96
97end_per_testcase(_Case, Config) ->
98    orber:jump_stop(),
99    Dog = proplists:get_value(watchdog, Config),
100    test_server:timetrap_cancel(Dog),
101    ok.
102
103init_per_suite(Config) ->
104    case orber_test_lib:version_ok() of
105	true ->
106	    if
107		is_list(Config) ->
108		    Config;
109		true ->
110		    exit("Config not a list")
111	    end;
112	Reason ->
113	    Reason
114    end.
115
116end_per_suite(Config) ->
117    Config.
118
119
120%%-----------------------------------------------------------------
121%%  Incomming connections - Deny
122%%-----------------------------------------------------------------
123%% Deny Access due to invalid local port
124deny_port_api(_Config) ->
125    [IP] = ?match([_], orber:host()),
126    ServerPort = orber:iiop_port(),
127    {ok, ServerNode, ServerHost} =
128	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
129							  ?ORB_ENV_USE_ACL_OUTGOING)},
130						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort+10)}]}])),
131    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
132	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
133				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
134%    catch orber_test_lib:destroy_node(ServerNode, timeout),
135    ok.
136
137%% Deny Access due to invalid local port range
138deny_port_range_api(_Config) ->
139    [IP] = ?match([_], orber:host()),
140    ServerPort = orber:iiop_port(),
141    {ok, ServerNode, ServerHost} =
142	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
143							  ?ORB_ENV_USE_ACL_OUTGOING)},
144						 {iiop_acl, [{tcp_out, IP++"/128#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])),
145    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
146	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
147				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
148%    catch orber_test_lib:destroy_node(ServerNode, timeout),
149    ok.
150
151
152%% Deny Access due to invalid host
153deny_host_api(_Config) ->
154    {ok, ServerNode, ServerHost} =
155	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
156							  ?ORB_ENV_USE_ACL_OUTGOING)},
157						 {iiop_acl, [{tcp_out, "0:0:0:0:0:0:10.1.1.1/128"}]}])),
158    ServerPort = orber:iiop_port(),
159    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
160	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
161				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
162%    catch orber_test_lib:destroy_node(ServerNode, timeout),
163    ok.
164
165%%-----------------------------------------------------------------
166%%  Incomming connections - Allow
167%%-----------------------------------------------------------------
168%% Allow Access due to valid local port
169allow_port_api(_Config) ->
170    [IP] = ?match([_], orber:host()),
171    ServerPort = orber:iiop_port(),
172    {ok, ServerNode, ServerHost} =
173	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
174							  ?ORB_ENV_USE_ACL_OUTGOING)},
175						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort)}]}])),
176    IOR =
177	?match({'IOP_IOR',_,_},
178	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
179					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
180    ?match(false,
181	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
182%    catch orber_test_lib:destroy_node(ServerNode, timeout),
183    ok.
184
185%% Allow Access due to valid local port range
186allow_port_range_api(_Config) ->
187    [IP] = ?match([_], orber:host()),
188    ServerPort = orber:iiop_port(),
189    {ok, ServerNode, ServerHost} =
190	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
191							  ?ORB_ENV_USE_ACL_OUTGOING)},
192						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])),
193    IOR =
194	?match({'IOP_IOR',_,_},
195	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
196					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
197    ?match(false,
198	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
199%    catch orber_test_lib:destroy_node(ServerNode, timeout),
200    ok.
201
202
203%% Allow Access due to valid host
204allow_host_api(_Config) ->
205    [IP] = ?match([_], orber:host()),
206    {ok, ServerNode, ServerHost} =
207	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
208							  ?ORB_ENV_USE_ACL_OUTGOING)},
209						 {iiop_acl, [{tcp_out, IP}]}])),
210    ServerPort = orber:iiop_port(),
211    IOR =
212	?match({'IOP_IOR',_,_},
213	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
214					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
215    ?match(false,
216	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
217%    catch orber_test_lib:destroy_node(ServerNode, timeout),
218    ok.
219
220%% Allow Access due to valid host via a spcific interface
221local_interface_api(_Config) ->
222    [IP] = ?match([_], orber:host()),
223    {ok, ServerNode, ServerHost} =
224	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
225							  ?ORB_ENV_USE_ACL_OUTGOING)},
226						 {iiop_acl, [{tcp_out, IP, [IP]}]}])),
227    ServerPort = orber:iiop_port(),
228    IOR =
229	?match({'IOP_IOR',_,_},
230	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object,
231					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
232    ?match(false,
233	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
234%    catch orber_test_lib:destroy_node(ServerNode, timeout),
235    ok.
236
237