1: %%
    2: %% %CopyrightBegin%
    3: %% 
    4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved.
    5: %% 
    6: %% The contents of this file are subject to the Erlang Public License,
    7: %% Version 1.1, (the "License"); you may not use this file except in
    8: %% compliance with the License. You should have received a copy of the
    9: %% Erlang Public License along with this software. If not, it can be
   10: %% retrieved online at http://www.erlang.org/.
   11: %% 
   12: %% Software distributed under the License is distributed on an "AS IS"
   13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
   14: %% the License for the specific language governing rights and limitations
   15: %% under the License.
   16: %% 
   17: %% %CopyrightEnd%
   18: %%
   19: %%
   20: 
   21: -module(orber_firewall_ipv6_out_SUITE).
   22: 
   23: -include_lib("test_server/include/test_server.hrl").
   24: -include_lib("orber/include/corba.hrl").
   25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl").
   26: -include_lib("orber/src/orber_iiop.hrl").
   27: -include_lib("orber/src/ifr_objects.hrl").
   28: -include("idl_output/orber_test_server.hrl").
   29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
   30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
   31: 
   32: -define(default_timeout, ?t:minutes(15)).
   33: 
   34: -define(match(ExpectedRes,Expr),
   35: 	fun() ->
   36: 		AcTuAlReS = (catch (Expr)),
   37: 		case AcTuAlReS of
   38: 		    ExpectedRes ->
   39: 			io:format("------ CORRECT RESULT ------~n~p~n",
   40: 				 [AcTuAlReS]),
   41: 			AcTuAlReS;
   42: 		    _ ->
   43: 			io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
   44: 				  [AcTuAlReS]),
   45: 			?line exit(AcTuAlReS)
   46: 		end
   47: 	end()).
   48: 
   49: %%-----------------------------------------------------------------
   50: %% External exports
   51: %%-----------------------------------------------------------------
   52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
   53: 	 init_per_suite/1, end_per_suite/1, 
   54: 	 init_per_testcase/2, end_per_testcase/2,  
   55: 	 deny_port_api/1, deny_port_range_api/1, deny_host_api/1,
   56: 	 allow_port_api/1, allow_port_range_api/1, allow_host_api/1,
   57: 	 local_interface_api/1]).
   58: 
   59: %%-----------------------------------------------------------------
   60: %% Func: all/1
   61: %% Args: 
   62: %% Returns: 
   63: %%-----------------------------------------------------------------
   64: suite() -> [{ct_hooks,[ts_install_cth]}].
   65: 
   66: all() -> 
   67:     cases().
   68: 
   69: groups() -> 
   70:     [].
   71: 
   72: init_per_group(_GroupName, Config) ->
   73:     Config.
   74: 
   75: end_per_group(_GroupName, Config) ->
   76:     Config.
   77: 
   78: 
   79: %% NOTE - the fragment test cases must bu first since we explicitly set a request
   80: %% id. Otherwise, the request-id counter would be increased and we cannot know
   81: %% what it is.
   82: cases() -> 
   83:     [deny_port_api, deny_port_range_api, deny_host_api,
   84:      allow_port_api, allow_port_range_api, allow_host_api,
   85:      local_interface_api].
   86: 
   87: 
   88: init_per_testcase(_Case, Config) ->
   89:     ?line Dog=test_server:timetrap(?default_timeout),
   90:     orber:jump_start([{iiop_port, 0},
   91: 		      {iiop_out_ports, {5980, 6000}},
   92: 		      {flags, ?ORB_ENV_USE_IPV6}]),
   93:     [{watchdog, Dog}|Config].
   94: 
   95: 
   96: end_per_testcase(_Case, Config) ->
   97:     orber:jump_stop(),
   98:     Dog = ?config(watchdog, Config),
   99:     test_server:timetrap_cancel(Dog),
  100:     ok.
  101: 
  102: init_per_suite(Config) ->
  103:     case orber_test_lib:version_ok() of
  104: 	true ->
  105: 	    if
  106: 		is_list(Config) ->
  107: 		    Config;
  108: 		true ->
  109: 		    exit("Config not a list")
  110: 	    end;
  111: 	Reason ->
  112: 	    Reason
  113:     end.
  114: 
  115: end_per_suite(Config) ->
  116:     Config.
  117: 
  118: 
  119: %%-----------------------------------------------------------------
  120: %%  Incomming connections - Deny
  121: %%-----------------------------------------------------------------
  122: deny_port_api(doc) -> ["Deny Access due to invalid local port"];
  123: deny_port_api(suite) -> [];
  124: deny_port_api(_Config) ->
  125:     [IP] = ?match([_], orber:host()),
  126:     ServerPort = orber:iiop_port(),
  127:     {ok, ServerNode, ServerHost} = 
  128: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  129: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  130: 						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort+10)}]}])),
  131:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  132: 	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  133: 				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  134: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  135:     ok.
  136: 
  137: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"];
  138: deny_port_range_api(suite) -> [];
  139: deny_port_range_api(_Config) ->
  140:     [IP] = ?match([_], orber:host()),
  141:     ServerPort = orber:iiop_port(),
  142:     {ok, ServerNode, ServerHost} = 
  143: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  144: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  145: 						 {iiop_acl, [{tcp_out, IP++"/128#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])),
  146:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  147: 	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  148: 				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  149: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  150:     ok.
  151: 
  152: 
  153: deny_host_api(doc) -> ["Deny Access due to invalid host"];
  154: deny_host_api(suite) -> [];
  155: deny_host_api(_Config) ->
  156:     {ok, ServerNode, ServerHost} = 
  157: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  158: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  159: 						 {iiop_acl, [{tcp_out, "0:0:0:0:0:0:10.1.1.1/128"}]}])),
  160:     ServerPort = orber:iiop_port(),
  161:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  162: 	   orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  163: 				       ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  164: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  165:     ok.
  166: 
  167: %%-----------------------------------------------------------------
  168: %%  Incomming connections - Allow
  169: %%-----------------------------------------------------------------
  170: allow_port_api(doc) -> ["Allow Access due to valid local port"];
  171: allow_port_api(suite) -> [];
  172: allow_port_api(_Config) ->
  173:     [IP] = ?match([_], orber:host()),
  174:     ServerPort = orber:iiop_port(),
  175:     {ok, ServerNode, ServerHost} = 
  176: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  177: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  178: 						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort)}]}])),
  179:     IOR =
  180: 	?match({'IOP_IOR',_,_},
  181: 	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  182: 					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  183:     ?match(false, 
  184: 	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
  185: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  186:     ok.
  187: 
  188: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"];
  189: allow_port_range_api(suite) -> [];
  190: allow_port_range_api(_Config) ->
  191:     [IP] = ?match([_], orber:host()),
  192:     ServerPort = orber:iiop_port(),
  193:     {ok, ServerNode, ServerHost} = 
  194: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  195: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  196: 						 {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])),
  197:     IOR =
  198: 	?match({'IOP_IOR',_,_},
  199: 	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  200: 					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  201:     ?match(false, 
  202: 	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
  203: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  204:     ok.
  205: 
  206: 
  207: allow_host_api(doc) -> ["Allow Access due to valid host"];
  208: allow_host_api(suite) -> [];
  209: allow_host_api(_Config) ->
  210:     [IP] = ?match([_], orber:host()),
  211:     {ok, ServerNode, ServerHost} = 
  212: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  213: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  214: 						 {iiop_acl, [{tcp_out, IP}]}])),
  215:     ServerPort = orber:iiop_port(),
  216:     IOR =
  217: 	?match({'IOP_IOR',_,_}, 
  218: 	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  219: 					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  220:     ?match(false, 
  221: 	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
  222: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  223:     ok.
  224: 
  225: local_interface_api(doc) -> ["Allow Access due to valid host via a spcific interface"];
  226: local_interface_api(suite) -> [];
  227: local_interface_api(_Config) ->
  228:     [IP] = ?match([_], orber:host()),
  229:     {ok, ServerNode, ServerHost} = 
  230: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
  231: 							  ?ORB_ENV_USE_ACL_OUTGOING)},
  232: 						 {iiop_acl, [{tcp_out, IP, [IP]}]}])),
  233:     ServerPort = orber:iiop_port(),
  234:     IOR =
  235: 	?match({'IOP_IOR',_,_}, 
  236: 	       orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 
  237: 					   ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])),
  238:     ?match(false, 
  239: 	   orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])),
  240: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  241:     ok.
  242: