1%%
2%% %CopyrightBegin%
3%%
4%% Copyright Ericsson AB 2004-2016. All Rights Reserved.
5%%
6%% Licensed under the Apache License, Version 2.0 (the "License");
7%% you may not use this file except in compliance with the License.
8%% You may obtain a copy of the License at
9%%
10%%     http://www.apache.org/licenses/LICENSE-2.0
11%%
12%% Unless required by applicable law or agreed to in writing, software
13%% distributed under the License is distributed on an "AS IS" BASIS,
14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15%% See the License for the specific language governing permissions and
16%% limitations under the License.
17%%
18%% %CopyrightEnd%
19%%
20%%
21
22-module(orber_firewall_ipv4_out_SUITE).
23
24-include_lib("common_test/include/ct.hrl").
25-include_lib("orber/include/corba.hrl").
26-include_lib("orber/COSS/CosNaming/CosNaming.hrl").
27-include_lib("orber/src/orber_iiop.hrl").
28-include_lib("orber/src/ifr_objects.hrl").
29-include("idl_output/orber_test_server.hrl").
30-include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
31-include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
32
33-define(default_timeout, test_server:minutes(15)).
34
35-define(match(ExpectedRes,Expr),
36	fun() ->
37		AcTuAlReS = (catch (Expr)),
38		case AcTuAlReS of
39		    ExpectedRes ->
40			io:format("------ CORRECT RESULT ------~n~p~n",
41				 [AcTuAlReS]),
42			AcTuAlReS;
43		    _ ->
44			io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
45				  [AcTuAlReS]),
46			exit(AcTuAlReS)
47		end
48	end()).
49
50%%-----------------------------------------------------------------
51%% External exports
52%%-----------------------------------------------------------------
53-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
54	 init_per_suite/1, end_per_suite/1,
55	 init_per_testcase/2, end_per_testcase/2,
56	 deny_port_api/1, deny_port_range_api/1, deny_host_api/1,
57	 allow_port_api/1, allow_port_range_api/1, allow_host_api/1,
58	 local_interface_api/1]).
59
60%%-----------------------------------------------------------------
61%% Func: all/1
62%% Args:
63%% Returns:
64%%-----------------------------------------------------------------
65suite() -> [{ct_hooks,[ts_install_cth]}].
66
67all() ->
68    cases().
69
70groups() ->
71    [].
72
73init_per_group(_GroupName, Config) ->
74    Config.
75
76end_per_group(_GroupName, Config) ->
77    Config.
78
79
80%% NOTE - the fragment test cases must bu first since we explicitly set a request
81%% id. Otherwise, the request-id counter would be increased and we cannot know
82%% what it is.
83cases() ->
84    [deny_port_api, deny_port_range_api, deny_host_api,
85     allow_port_api, allow_port_range_api, allow_host_api,
86     local_interface_api].
87
88
89init_per_testcase(_Case, Config) ->
90    Dog=test_server:timetrap(?default_timeout),
91    [{watchdog, Dog}|Config].
92
93
94end_per_testcase(_Case, Config) ->
95    Dog = proplists:get_value(watchdog, Config),
96    test_server:timetrap_cancel(Dog),
97    ok.
98
99init_per_suite(Config) ->
100    if
101	is_list(Config) ->
102	    orber:jump_start([{iiop_port, 0},
103			      {iiop_out_ports, {5980, 6000}}]),
104	    Config;
105	true ->
106	    exit("Config not a list")
107    end.
108
109end_per_suite(Config) ->
110    orber:jump_stop(),
111    Config.
112
113%%-----------------------------------------------------------------
114%%  Incomming connections - Deny
115%%-----------------------------------------------------------------
116%% Deny Access due to invalid local port
117deny_port_api(_Config) ->
118    [IP] = ?match([_], orber:host()),
119    ServerPort = orber:iiop_port(),
120    {ok, ClientNode, _ClientHost} =
121	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
122						 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort+10)}]}])),
123    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
124	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
125	   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
126%    catch orber_test_lib:destroy_node(ClientNode, timeout),
127    ok.
128
129%% Deny Access due to invalid local port range
130deny_port_range_api(_Config) ->
131    [IP] = ?match([_], orber:host()),
132    ServerPort = orber:iiop_port(),
133    {ok, ClientNode, _ClientHost} =
134	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
135						 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])),
136    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
137	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
138				       ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
139%    catch orber_test_lib:destroy_node(ClientNode, timeout),
140    ok.
141
142
143%% Deny Access due to invalid host
144deny_host_api(_Config) ->
145    [IP] = ?match([_], orber:host()),
146    {ok, ClientNode, _ClientHost} =
147	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
148						 {iiop_acl, [{tcp_out, "123.123.123.123/32"}]}])),
149    ServerPort = orber:iiop_port(),
150    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
151	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
152				       ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
153%    catch orber_test_lib:destroy_node(ClientNode, timeout),
154    ok.
155
156%%-----------------------------------------------------------------
157%%  Incomming connections - Allow
158%%-----------------------------------------------------------------
159%% Allow Access due to valid local port range
160allow_port_api(_Config) ->
161    [IP] = ?match([_], orber:host()),
162    ServerPort = orber:iiop_port(),
163    {ok, ClientNode, _ClientHost} =
164	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
165						 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort)}]}])),
166    IOR =
167	?match({'IOP_IOR',_,_},
168	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
169					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
170    ?match(false,
171	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
172%    catch orber_test_lib:destroy_node(ClientNode, timeout),
173    ok.
174
175%% Allow Access due to valid local port range
176allow_port_range_api(_Config) ->
177    [IP] = ?match([_], orber:host()),
178    ServerPort = orber:iiop_port(),
179    {ok, ClientNode, _ClientHost} =
180	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
181						 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])),
182    IOR =
183	?match({'IOP_IOR',_,_},
184	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
185					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
186    ?match(false,
187	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
188%    catch orber_test_lib:destroy_node(ClientNode, timeout),
189    ok.
190
191
192%% Allow Access due to valid host
193allow_host_api(_Config) ->
194    [IP] = ?match([_], orber:host()),
195    {ok, ClientNode, _ClientHost} =
196	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
197						 {iiop_acl, [{tcp_out, IP++"/32"}]}])),
198    ServerPort = orber:iiop_port(),
199    IOR =
200	?match({'IOP_IOR',_,_},
201	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
202					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
203    ?match(false,
204	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
205%    catch orber_test_lib:destroy_node(ClientNode, timeout),
206    ok.
207
208%% Allow Access due to valid host via a spcific interface
209local_interface_api(_Config) ->
210    IP = orber_test_lib:get_host(),
211    Loopback = orber_test_lib:get_loopback_interface(),
212    {ok, ServerNode, _ServerHost} =
213	?match({ok,_,_}, orber_test_lib:js_node([{iiop_port, 0},
214						 {iiop_out_ports, {5980, 6000}},
215						 {ip_address, IP}])),
216    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
217
218    {ok, ClientNode, _ClientHost} =
219	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
220						 {iiop_acl, [{tcp_out, IP, [Loopback]}]}])),
221    IOR =
222	?match({'IOP_IOR',_,_},
223	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
224					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
225    ?match(false,
226	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
227%    catch orber_test_lib:destroy_node(ClientNode, timeout),
228    ok.
229
230