1%% 2%% %CopyrightBegin% 3%% 4%% Copyright Ericsson AB 2004-2016. All Rights Reserved. 5%% 6%% Licensed under the Apache License, Version 2.0 (the "License"); 7%% you may not use this file except in compliance with the License. 8%% You may obtain a copy of the License at 9%% 10%% http://www.apache.org/licenses/LICENSE-2.0 11%% 12%% Unless required by applicable law or agreed to in writing, software 13%% distributed under the License is distributed on an "AS IS" BASIS, 14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15%% See the License for the specific language governing permissions and 16%% limitations under the License. 17%% 18%% %CopyrightEnd% 19%% 20%% 21 22-module(orber_firewall_ipv4_out_SUITE). 23 24-include_lib("common_test/include/ct.hrl"). 25-include_lib("orber/include/corba.hrl"). 26-include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 27-include_lib("orber/src/orber_iiop.hrl"). 28-include_lib("orber/src/ifr_objects.hrl"). 29-include("idl_output/orber_test_server.hrl"). 30-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 31-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 32 33-define(default_timeout, test_server:minutes(15)). 34 35-define(match(ExpectedRes,Expr), 36 fun() -> 37 AcTuAlReS = (catch (Expr)), 38 case AcTuAlReS of 39 ExpectedRes -> 40 io:format("------ CORRECT RESULT ------~n~p~n", 41 [AcTuAlReS]), 42 AcTuAlReS; 43 _ -> 44 io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 45 [AcTuAlReS]), 46 exit(AcTuAlReS) 47 end 48 end()). 49 50%%----------------------------------------------------------------- 51%% External exports 52%%----------------------------------------------------------------- 53-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 54 init_per_suite/1, end_per_suite/1, 55 init_per_testcase/2, end_per_testcase/2, 56 deny_port_api/1, deny_port_range_api/1, deny_host_api/1, 57 allow_port_api/1, allow_port_range_api/1, allow_host_api/1, 58 local_interface_api/1]). 59 60%%----------------------------------------------------------------- 61%% Func: all/1 62%% Args: 63%% Returns: 64%%----------------------------------------------------------------- 65suite() -> [{ct_hooks,[ts_install_cth]}]. 66 67all() -> 68 cases(). 69 70groups() -> 71 []. 72 73init_per_group(_GroupName, Config) -> 74 Config. 75 76end_per_group(_GroupName, Config) -> 77 Config. 78 79 80%% NOTE - the fragment test cases must bu first since we explicitly set a request 81%% id. Otherwise, the request-id counter would be increased and we cannot know 82%% what it is. 83cases() -> 84 [deny_port_api, deny_port_range_api, deny_host_api, 85 allow_port_api, allow_port_range_api, allow_host_api, 86 local_interface_api]. 87 88 89init_per_testcase(_Case, Config) -> 90 Dog=test_server:timetrap(?default_timeout), 91 [{watchdog, Dog}|Config]. 92 93 94end_per_testcase(_Case, Config) -> 95 Dog = proplists:get_value(watchdog, Config), 96 test_server:timetrap_cancel(Dog), 97 ok. 98 99init_per_suite(Config) -> 100 if 101 is_list(Config) -> 102 orber:jump_start([{iiop_port, 0}, 103 {iiop_out_ports, {5980, 6000}}]), 104 Config; 105 true -> 106 exit("Config not a list") 107 end. 108 109end_per_suite(Config) -> 110 orber:jump_stop(), 111 Config. 112 113%%----------------------------------------------------------------- 114%% Incomming connections - Deny 115%%----------------------------------------------------------------- 116%% Deny Access due to invalid local port 117deny_port_api(_Config) -> 118 [IP] = ?match([_], orber:host()), 119 ServerPort = orber:iiop_port(), 120 {ok, ClientNode, _ClientHost} = 121 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 122 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort+10)}]}])), 123 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 124 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 125 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 126% catch orber_test_lib:destroy_node(ClientNode, timeout), 127 ok. 128 129%% Deny Access due to invalid local port range 130deny_port_range_api(_Config) -> 131 [IP] = ?match([_], orber:host()), 132 ServerPort = orber:iiop_port(), 133 {ok, ClientNode, _ClientHost} = 134 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 135 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])), 136 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 137 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 138 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 139% catch orber_test_lib:destroy_node(ClientNode, timeout), 140 ok. 141 142 143%% Deny Access due to invalid host 144deny_host_api(_Config) -> 145 [IP] = ?match([_], orber:host()), 146 {ok, ClientNode, _ClientHost} = 147 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 148 {iiop_acl, [{tcp_out, "123.123.123.123/32"}]}])), 149 ServerPort = orber:iiop_port(), 150 ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 151 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 152 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 153% catch orber_test_lib:destroy_node(ClientNode, timeout), 154 ok. 155 156%%----------------------------------------------------------------- 157%% Incomming connections - Allow 158%%----------------------------------------------------------------- 159%% Allow Access due to valid local port range 160allow_port_api(_Config) -> 161 [IP] = ?match([_], orber:host()), 162 ServerPort = orber:iiop_port(), 163 {ok, ClientNode, _ClientHost} = 164 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 165 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort)}]}])), 166 IOR = 167 ?match({'IOP_IOR',_,_}, 168 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 169 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 170 ?match(false, 171 orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 172% catch orber_test_lib:destroy_node(ClientNode, timeout), 173 ok. 174 175%% Allow Access due to valid local port range 176allow_port_range_api(_Config) -> 177 [IP] = ?match([_], orber:host()), 178 ServerPort = orber:iiop_port(), 179 {ok, ClientNode, _ClientHost} = 180 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 181 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])), 182 IOR = 183 ?match({'IOP_IOR',_,_}, 184 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 185 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 186 ?match(false, 187 orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 188% catch orber_test_lib:destroy_node(ClientNode, timeout), 189 ok. 190 191 192%% Allow Access due to valid host 193allow_host_api(_Config) -> 194 [IP] = ?match([_], orber:host()), 195 {ok, ClientNode, _ClientHost} = 196 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 197 {iiop_acl, [{tcp_out, IP++"/32"}]}])), 198 ServerPort = orber:iiop_port(), 199 IOR = 200 ?match({'IOP_IOR',_,_}, 201 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 202 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 203 ?match(false, 204 orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 205% catch orber_test_lib:destroy_node(ClientNode, timeout), 206 ok. 207 208%% Allow Access due to valid host via a spcific interface 209local_interface_api(_Config) -> 210 IP = orber_test_lib:get_host(), 211 Loopback = orber_test_lib:get_loopback_interface(), 212 {ok, ServerNode, _ServerHost} = 213 ?match({ok,_,_}, orber_test_lib:js_node([{iiop_port, 0}, 214 {iiop_out_ports, {5980, 6000}}, 215 {ip_address, IP}])), 216 ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 217 218 {ok, ClientNode, _ClientHost} = 219 ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 220 {iiop_acl, [{tcp_out, IP, [Loopback]}]}])), 221 IOR = 222 ?match({'IOP_IOR',_,_}, 223 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 224 ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 225 ?match(false, 226 orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 227% catch orber_test_lib:destroy_node(ClientNode, timeout), 228 ok. 229 230