1: %% 2: %% %CopyrightBegin% 3: %% 4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved. 5: %% 6: %% The contents of this file are subject to the Erlang Public License, 7: %% Version 1.1, (the "License"); you may not use this file except in 8: %% compliance with the License. You should have received a copy of the 9: %% Erlang Public License along with this software. If not, it can be 10: %% retrieved online at http://www.erlang.org/. 11: %% 12: %% Software distributed under the License is distributed on an "AS IS" 13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 14: %% the License for the specific language governing rights and limitations 15: %% under the License. 16: %% 17: %% %CopyrightEnd% 18: %% 19: %% 20: 21: -module(orber_firewall_ipv4_out_SUITE). 22: 23: -include_lib("test_server/include/test_server.hrl"). 24: -include_lib("orber/include/corba.hrl"). 25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 26: -include_lib("orber/src/orber_iiop.hrl"). 27: -include_lib("orber/src/ifr_objects.hrl"). 28: -include("idl_output/orber_test_server.hrl"). 29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 31: 32: -define(default_timeout, ?t:minutes(15)). 33: 34: -define(match(ExpectedRes,Expr), 35: fun() -> 36: AcTuAlReS = (catch (Expr)), 37: case AcTuAlReS of 38: ExpectedRes -> 39: io:format("------ CORRECT RESULT ------~n~p~n", 40: [AcTuAlReS]), 41: AcTuAlReS; 42: _ -> 43: io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 44: [AcTuAlReS]), 45: ?line exit(AcTuAlReS) 46: end 47: end()). 48: 49: %%----------------------------------------------------------------- 50: %% External exports 51: %%----------------------------------------------------------------- 52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 53: init_per_suite/1, end_per_suite/1, 54: init_per_testcase/2, end_per_testcase/2, 55: deny_port_api/1, deny_port_range_api/1, deny_host_api/1, 56: allow_port_api/1, allow_port_range_api/1, allow_host_api/1, 57: local_interface_api/1]). 58: 59: %%----------------------------------------------------------------- 60: %% Func: all/1 61: %% Args: 62: %% Returns: 63: %%----------------------------------------------------------------- 64: suite() -> [{ct_hooks,[ts_install_cth]}]. 65: 66: all() -> 67: cases(). 68: 69: groups() -> 70: []. 71: 72: init_per_group(_GroupName, Config) -> 73: Config. 74: 75: end_per_group(_GroupName, Config) -> 76: Config. 77: 78: 79: %% NOTE - the fragment test cases must bu first since we explicitly set a request 80: %% id. Otherwise, the request-id counter would be increased and we cannot know 81: %% what it is. 82: cases() -> 83: [deny_port_api, deny_port_range_api, deny_host_api, 84: allow_port_api, allow_port_range_api, allow_host_api, 85: local_interface_api]. 86: 87: 88: init_per_testcase(_Case, Config) -> 89: ?line Dog=test_server:timetrap(?default_timeout), 90: [{watchdog, Dog}|Config]. 91: 92: 93: end_per_testcase(_Case, Config) -> 94: Dog = ?config(watchdog, Config), 95: test_server:timetrap_cancel(Dog), 96: ok. 97: 98: init_per_suite(Config) -> 99: if 100: is_list(Config) -> 101: orber:jump_start([{iiop_port, 0}, 102: {iiop_out_ports, {5980, 6000}}]), 103: Config; 104: true -> 105: exit("Config not a list") 106: end. 107: 108: end_per_suite(Config) -> 109: orber:jump_stop(), 110: Config. 111: 112: %%----------------------------------------------------------------- 113: %% Incomming connections - Deny 114: %%----------------------------------------------------------------- 115: deny_port_api(doc) -> ["Deny Access due to invalid local port"]; 116: deny_port_api(suite) -> []; 117: deny_port_api(_Config) -> 118: [IP] = ?match([_], orber:host()), 119: ServerPort = orber:iiop_port(), 120: {ok, ClientNode, _ClientHost} = 121: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 122: {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort+10)}]}])), 123: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 124: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 125: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 126: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 127: ok. 128: 129: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"]; 130: deny_port_range_api(suite) -> []; 131: deny_port_range_api(_Config) -> 132: [IP] = ?match([_], orber:host()), 133: ServerPort = orber:iiop_port(), 134: {ok, ClientNode, _ClientHost} = 135: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 136: {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])), 137: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 138: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 139: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 140: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 141: ok. 142: 143: 144: deny_host_api(doc) -> ["Deny Access due to invalid host"]; 145: deny_host_api(suite) -> []; 146: deny_host_api(_Config) -> 147: [IP] = ?match([_], orber:host()), 148: {ok, ClientNode, _ClientHost} = 149: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 150: {iiop_acl, [{tcp_out, "123.123.123.123/32"}]}])), 151: ServerPort = orber:iiop_port(), 152: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 153: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 154: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 155: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 156: ok. 157: 158: %%----------------------------------------------------------------- 159: %% Incomming connections - Allow 160: %%----------------------------------------------------------------- 161: allow_port_api(doc) -> ["Allow Access due to valid local port range"]; 162: allow_port_api(suite) -> []; 163: allow_port_api(_Config) -> 164: [IP] = ?match([_], orber:host()), 165: ServerPort = orber:iiop_port(), 166: {ok, ClientNode, _ClientHost} = 167: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 168: {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort)}]}])), 169: IOR = 170: ?match({'IOP_IOR',_,_}, 171: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 172: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 173: ?match(false, 174: orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 175: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 176: ok. 177: 178: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"]; 179: allow_port_range_api(suite) -> []; 180: allow_port_range_api(_Config) -> 181: [IP] = ?match([_], orber:host()), 182: ServerPort = orber:iiop_port(), 183: {ok, ClientNode, _ClientHost} = 184: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 185: {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])), 186: IOR = 187: ?match({'IOP_IOR',_,_}, 188: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 189: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 190: ?match(false, 191: orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 192: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 193: ok. 194: 195: 196: allow_host_api(doc) -> ["Allow Access due to valid host"]; 197: allow_host_api(suite) -> []; 198: allow_host_api(_Config) -> 199: [IP] = ?match([_], orber:host()), 200: {ok, ClientNode, _ClientHost} = 201: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 202: {iiop_acl, [{tcp_out, IP++"/32"}]}])), 203: ServerPort = orber:iiop_port(), 204: IOR = 205: ?match({'IOP_IOR',_,_}, 206: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 207: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 208: ?match(false, 209: orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 210: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 211: ok. 212: 213: local_interface_api(doc) -> ["Allow Access due to valid host via a spcific interface"]; 214: local_interface_api(suite) -> []; 215: local_interface_api(_Config) -> 216: IP = orber_test_lib:get_host(), 217: Loopback = orber_test_lib:get_loopback_interface(), 218: {ok, ServerNode, _ServerHost} = 219: ?match({ok,_,_}, orber_test_lib:js_node([{iiop_port, 0}, 220: {iiop_out_ports, {5980, 6000}}, 221: {ip_address, IP}])), 222: ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []), 223: 224: {ok, ClientNode, _ClientHost} = 225: ?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING}, 226: {iiop_acl, [{tcp_out, IP, [Loopback]}]}])), 227: IOR = 228: ?match({'IOP_IOR',_,_}, 229: orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 230: ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])), 231: ?match(false, 232: orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])), 233: % ?line catch orber_test_lib:destroy_node(ClientNode, timeout), 234: ok. 235: