1: %% 2: %% %CopyrightBegin% 3: %% 4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved. 5: %% 6: %% The contents of this file are subject to the Erlang Public License, 7: %% Version 1.1, (the "License"); you may not use this file except in 8: %% compliance with the License. You should have received a copy of the 9: %% Erlang Public License along with this software. If not, it can be 10: %% retrieved online at http://www.erlang.org/. 11: %% 12: %% Software distributed under the License is distributed on an "AS IS" 13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 14: %% the License for the specific language governing rights and limitations 15: %% under the License. 16: %% 17: %% %CopyrightEnd% 18: %% 19: %% 20: 21: -module(orber_firewall_ipv4_in_SUITE). 22: 23: -include_lib("test_server/include/test_server.hrl"). 24: -include_lib("orber/include/corba.hrl"). 25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 26: -include_lib("orber/src/orber_iiop.hrl"). 27: -include_lib("orber/src/ifr_objects.hrl"). 28: -include("idl_output/orber_test_server.hrl"). 29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 31: 32: -define(default_timeout, ?t:minutes(15)). 33: 34: -define(match(ExpectedRes,Expr), 35: fun() -> 36: AcTuAlReS = (catch (Expr)), 37: case AcTuAlReS of 38: ExpectedRes -> 39: io:format("------ CORRECT RESULT ------~n~p~n", 40: [AcTuAlReS]), 41: AcTuAlReS; 42: _ -> 43: io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 44: [AcTuAlReS]), 45: ?line exit(AcTuAlReS) 46: end 47: end()). 48: 49: %%----------------------------------------------------------------- 50: %% External exports 51: %%----------------------------------------------------------------- 52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 53: init_per_suite/1, end_per_suite/1, 54: init_per_testcase/2, end_per_testcase/2, 55: deny_port_api/1, deny_port_range_api/1, deny_host_api/1, 56: deny_peerhost_api/1, allow_port_range_api/1, 57: allow_host_api/1, allow_peerhost_api/1, check_address_api/1]). 58: 59: %%----------------------------------------------------------------- 60: %% Func: all/1 61: %% Args: 62: %% Returns: 63: %%----------------------------------------------------------------- 64: suite() -> [{ct_hooks,[ts_install_cth]}]. 65: 66: all() -> 67: cases(). 68: 69: groups() -> 70: []. 71: 72: init_per_group(_GroupName, Config) -> 73: Config. 74: 75: end_per_group(_GroupName, Config) -> 76: Config. 77: 78: 79: %% NOTE - the fragment test cases must bu first since we explicitly set a request 80: %% id. Otherwise, the request-id counter would be increased and we cannot know 81: %% what it is. 82: cases() -> 83: [deny_port_api, deny_port_range_api, deny_host_api, 84: deny_peerhost_api, allow_port_range_api, allow_host_api, 85: allow_peerhost_api, check_address_api]. 86: 87: 88: init_per_testcase(_Case, Config) -> 89: ?line Dog=test_server:timetrap(?default_timeout), 90: [{watchdog, Dog}|Config]. 91: 92: 93: end_per_testcase(_Case, Config) -> 94: Dog = ?config(watchdog, Config), 95: test_server:timetrap_cancel(Dog), 96: ok. 97: 98: init_per_suite(Config) -> 99: if 100: is_list(Config) -> 101: orber:jump_start([{iiop_port, 0}, 102: {iiop_out_ports, {5980, 6000}}]), 103: Config; 104: true -> 105: exit("Config not a list") 106: end. 107: 108: end_per_suite(Config) -> 109: orber:jump_stop(), 110: Config. 111: 112: %%----------------------------------------------------------------- 113: %% Incomming connections - Deny 114: %%----------------------------------------------------------------- 115: deny_port_api(doc) -> ["Deny Access due to invalid local port"]; 116: deny_port_api(suite) -> []; 117: deny_port_api(_Config) -> 118: [IP] = ?match([_], orber:host()), 119: {ok, ServerNode, _ServerHost} = 120: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 121: {iiop_acl, [{tcp_in, IP++"/32#7000"}]}])), 122: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 123: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 124: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 125: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 126: ok. 127: 128: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"]; 129: deny_port_range_api(suite) -> []; 130: deny_port_range_api(_Config) -> 131: [IP] = ?match([_], orber:host()), 132: {ok, ServerNode, _ServerHost} = 133: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 134: {iiop_acl, [{tcp_in, IP++"/32#7000/8000"}]}])), 135: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 136: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 137: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 138: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 139: ok. 140: 141: 142: deny_host_api(doc) -> ["Deny Access due to invalid host"]; 143: deny_host_api(suite) -> []; 144: deny_host_api(_Config) -> 145: [IP] = ?match([_], orber:host()), 146: {ok, ServerNode, _ServerHost} = 147: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 148: {iiop_acl, [{tcp_in, "123.123.123.123/32"}]}])), 149: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 150: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 151: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 152: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 153: ok. 154: 155: deny_peerhost_api(doc) -> ["Deny Access due to invalid peerhost"]; 156: deny_peerhost_api(suite) -> []; 157: deny_peerhost_api(_Config) -> 158: [IP] = ?match([_], orber:host()), 159: {ok, ServerNode, _ServerHost} = 160: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 161: {iiop_acl, [{tcp_in, IP++"/32", ["123.123.123.123"]}]}])), 162: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 163: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 164: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 165: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 166: ok. 167: 168: %%----------------------------------------------------------------- 169: %% Incomming connections - Allow 170: %%----------------------------------------------------------------- 171: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"]; 172: allow_port_range_api(suite) -> []; 173: allow_port_range_api(_Config) -> 174: [IP] = ?match([_], orber:host()), 175: {ok, ServerNode, _ServerHost} = 176: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 177: {iiop_acl, [{tcp_in, IP++"/32#5980/6000"}]}])), 178: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 179: IOR = 180: ?match({'IOP_IOR',_,_}, 181: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 182: ?match(false, corba_object:not_existent(IOR)), 183: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 184: ok. 185: 186: 187: allow_host_api(doc) -> ["Allow Access due to valid host"]; 188: allow_host_api(suite) -> []; 189: allow_host_api(_Config) -> 190: [IP] = ?match([_], orber:host()), 191: {ok, ServerNode, _ServerHost} = 192: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 193: {iiop_acl, [{tcp_in, IP++"/32"}]}])), 194: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 195: IOR = 196: ?match({'IOP_IOR',_,_}, 197: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 198: ?match(false, corba_object:not_existent(IOR)), 199: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 200: ok. 201: 202: allow_peerhost_api(doc) -> ["Allow Access due to valid peerhost"]; 203: allow_peerhost_api(suite) -> []; 204: allow_peerhost_api(_Config) -> 205: [IP] = ?match([_], orber:host()), 206: {ok, ServerNode, _ServerHost} = 207: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 208: {iiop_acl, [{tcp_in, IP++"/32", [IP]}]}])), 209: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 210: IOR = 211: ?match({'IOP_IOR',_,_}, 212: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService", 213: [#'IOP_ServiceContext' 214: {context_id=?ORBER_GENERIC_CTX_ID, 215: context_data = {interface, IP}}])), 216: ?match(false, corba_object:not_existent(IOR, 217: [#'IOP_ServiceContext' 218: {context_id=?ORBER_GENERIC_CTX_ID, 219: context_data = {interface, IP}}])), 220: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 221: ok. 222: 223: %%----------------------------------------------------------------- 224: %% Test corbaloc strings 225: %%----------------------------------------------------------------- 226: check_address_api(doc) -> ["Test corbaloc strings"]; 227: check_address_api(suite) -> []; 228: check_address_api(_Config) -> 229: ?match({[[iiop,{1,0},"10.0.0.1",2809]],"NameService"}, 230: orber_cosnaming_utils:addresses(":10.0.0.1/NameService")), 231: ?match({[[iiop,{1,0},"10.0.0.1",2809]],[]}, 232: orber_cosnaming_utils:addresses(":10.0.0.1")), 233: ?match({[[iiop,{1,2},"10.0.0.1",2809]],"NameService"}, 234: orber_cosnaming_utils:addresses(":1.2@10.0.0.1/NameService")), 235: ?match({[[iiop,{1,0},"10.0.0.1",4001]],"NameService"}, 236: orber_cosnaming_utils:addresses(":10.0.0.1:4001/NameService")), 237: ?match({[[iiop,{1,1},"10.0.0.1",4001]],"NameService"}, 238: orber_cosnaming_utils:addresses(":1.1@10.0.0.1:4001/NameService")), 239: ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]}, 240: orber_cosnaming_utils:addresses(":1.1@10.0.0.1:4001")), 241: ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]}, 242: orber_cosnaming_utils:addresses("iiop:1.1@10.0.0.1:4001")), 243: ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]}, 244: orber_cosnaming_utils:addresses("iiop:1.1@10.0.0.1:4001/")), 245: 246: ?match({[[iiop,{1,1},"myhost",4001]],[]}, 247: orber_cosnaming_utils:addresses("iiop:1.1@myhost:4001")), 248: ?match({[[iiop,{1,1},"myhost.full.name",4001]],"NameService"}, 249: orber_cosnaming_utils:addresses("iiop:1.1@myhost.full.name:4001/NameService")), 250: ?match({[[iiop,{1,1},"myhost",4001], 251: [iiop,{1,1},"myhost.full.name",2809]],"NameService"}, 252: orber_cosnaming_utils:addresses("iiop:1.1@myhost:4001,iiop:1.1@myhost.full.name/NameService")), 253: 254: ?match({[[iiop,{1,1},"123.12.23.2",4001], 255: [iiop,{1,1},"10.0.0.1",4001]], "NameService"}, 256: orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1:4001/NameService")), 257: ?match({[[iiop,{1,1},"123.12.23.2",4001], 258: [iiop,{1,1},"10.0.0.1",4001]], []}, 259: orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1:4001")), 260: ?match({[[iiop,{1,0},"123.12.23.2",4001], 261: [iiop,{1,1},"10.0.0.1",4001]], "NameService"}, 262: orber_cosnaming_utils:addresses(":123.12.23.2:4001,:1.1@10.0.0.1:4001/NameService")), 263: ?match({[[iiop,{1,1},"123.12.23.2",4001], 264: [iiop,{1,0},"10.0.0.1",4001]], "NameService"}, 265: orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:10.0.0.1:4001/NameService")), 266: ?match({[[iiop,{1,1},"123.12.23.2",2809], 267: [iiop,{1,1},"10.0.0.1",4001]], "NameService"}, 268: orber_cosnaming_utils:addresses(":1.1@123.12.23.2,:1.1@10.0.0.1:4001/NameService")), 269: ?match({[[iiop,{1,1},"123.12.23.2",4001], 270: [iiop,{1,1},"10.0.0.1",2809]], "NameService"}, 271: orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1/NameService")), 272: ?match({[[iiop,{1,0},"123.12.23.2",2809], 273: [iiop,{1,0},"10.0.0.1",2809]], "NameService"}, 274: orber_cosnaming_utils:addresses(":123.12.23.2,:10.0.0.1/NameService")), 275: ?match({[[iiop,{1,0},"123.12.23.2",2809], 276: [iiop,{1,0},"10.0.0.1",2809]], []}, 277: orber_cosnaming_utils:addresses(":123.12.23.2,:10.0.0.1/")), 278: ?match({[[iiop,{1,0},"123.12.23.2",2809], 279: [iiop,{1,0},"10.0.0.1",2809]], []}, 280: orber_cosnaming_utils:addresses("iiop:123.12.23.2,:10.0.0.1/")), 281: 282: [IP] = ?match([_], orber:host()), 283: {ok, ServerNode, _ServerHost} = 284: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING}, 285: {iiop_acl, [{tcp_in, IP++"/32"}]}])), 286: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 287: ?match({'IOP_IOR',_,_}, 288: corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")), 289: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 290: 291: ok. 292: