1: %%
    2: %% %CopyrightBegin%
    3: %% 
    4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved.
    5: %% 
    6: %% The contents of this file are subject to the Erlang Public License,
    7: %% Version 1.1, (the "License"); you may not use this file except in
    8: %% compliance with the License. You should have received a copy of the
    9: %% Erlang Public License along with this software. If not, it can be
   10: %% retrieved online at http://www.erlang.org/.
   11: %% 
   12: %% Software distributed under the License is distributed on an "AS IS"
   13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
   14: %% the License for the specific language governing rights and limitations
   15: %% under the License.
   16: %% 
   17: %% %CopyrightEnd%
   18: %%
   19: %%
   20: 
   21: -module(orber_firewall_ipv4_in_SUITE).
   22: 
   23: -include_lib("test_server/include/test_server.hrl").
   24: -include_lib("orber/include/corba.hrl").
   25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl").
   26: -include_lib("orber/src/orber_iiop.hrl").
   27: -include_lib("orber/src/ifr_objects.hrl").
   28: -include("idl_output/orber_test_server.hrl").
   29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
   30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
   31: 
   32: -define(default_timeout, ?t:minutes(15)).
   33: 
   34: -define(match(ExpectedRes,Expr),
   35: 	fun() ->
   36: 		AcTuAlReS = (catch (Expr)),
   37: 		case AcTuAlReS of
   38: 		    ExpectedRes ->
   39: 			io:format("------ CORRECT RESULT ------~n~p~n",
   40: 				 [AcTuAlReS]),
   41: 			AcTuAlReS;
   42: 		    _ ->
   43: 			io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
   44: 				  [AcTuAlReS]),
   45: 			?line exit(AcTuAlReS)
   46: 		end
   47: 	end()).
   48: 
   49: %%-----------------------------------------------------------------
   50: %% External exports
   51: %%-----------------------------------------------------------------
   52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
   53: 	 init_per_suite/1, end_per_suite/1, 
   54: 	 init_per_testcase/2, end_per_testcase/2,  
   55: 	 deny_port_api/1, deny_port_range_api/1, deny_host_api/1,
   56: 	 deny_peerhost_api/1, allow_port_range_api/1, 
   57: 	 allow_host_api/1, allow_peerhost_api/1, check_address_api/1]).
   58: 
   59: %%-----------------------------------------------------------------
   60: %% Func: all/1
   61: %% Args: 
   62: %% Returns: 
   63: %%-----------------------------------------------------------------
   64: suite() -> [{ct_hooks,[ts_install_cth]}].
   65: 
   66: all() -> 
   67:     cases().
   68: 
   69: groups() -> 
   70:     [].
   71: 
   72: init_per_group(_GroupName, Config) ->
   73:     Config.
   74: 
   75: end_per_group(_GroupName, Config) ->
   76:     Config.
   77: 
   78: 
   79: %% NOTE - the fragment test cases must bu first since we explicitly set a request
   80: %% id. Otherwise, the request-id counter would be increased and we cannot know
   81: %% what it is.
   82: cases() -> 
   83:     [deny_port_api, deny_port_range_api, deny_host_api,
   84:      deny_peerhost_api, allow_port_range_api, allow_host_api,
   85:      allow_peerhost_api, check_address_api].
   86: 
   87: 
   88: init_per_testcase(_Case, Config) ->
   89:     ?line Dog=test_server:timetrap(?default_timeout),
   90:     [{watchdog, Dog}|Config].
   91: 
   92: 
   93: end_per_testcase(_Case, Config) ->
   94:     Dog = ?config(watchdog, Config),
   95:     test_server:timetrap_cancel(Dog),
   96:     ok.
   97: 
   98: init_per_suite(Config) ->
   99:     if
  100: 	is_list(Config) ->
  101: 	    orber:jump_start([{iiop_port, 0},
  102: 			      {iiop_out_ports, {5980, 6000}}]),
  103: 	    Config;
  104: 	true ->
  105: 	    exit("Config not a list")
  106:     end.
  107: 
  108: end_per_suite(Config) ->
  109:     orber:jump_stop(),
  110:     Config.
  111: 
  112: %%-----------------------------------------------------------------
  113: %%  Incomming connections - Deny
  114: %%-----------------------------------------------------------------
  115: deny_port_api(doc) -> ["Deny Access due to invalid local port"];
  116: deny_port_api(suite) -> [];
  117: deny_port_api(_Config) ->
  118:     [IP] = ?match([_], orber:host()),
  119:     {ok, ServerNode, _ServerHost} = 
  120: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  121: 						 {iiop_acl, [{tcp_in, IP++"/32#7000"}]}])),
  122:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  123:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  124: 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  125: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  126:     ok.
  127: 
  128: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"];
  129: deny_port_range_api(suite) -> [];
  130: deny_port_range_api(_Config) ->
  131:     [IP] = ?match([_], orber:host()),
  132:     {ok, ServerNode, _ServerHost} = 
  133: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  134: 						 {iiop_acl, [{tcp_in, IP++"/32#7000/8000"}]}])),
  135:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  136:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  137: 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  138: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  139:     ok.
  140: 
  141: 
  142: deny_host_api(doc) -> ["Deny Access due to invalid host"];
  143: deny_host_api(suite) -> [];
  144: deny_host_api(_Config) ->
  145:     [IP] = ?match([_], orber:host()),
  146:     {ok, ServerNode, _ServerHost} = 
  147: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  148: 						 {iiop_acl, [{tcp_in, "123.123.123.123/32"}]}])),
  149:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  150:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  151: 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  152: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  153:     ok.
  154: 
  155: deny_peerhost_api(doc) -> ["Deny Access due to invalid peerhost"];
  156: deny_peerhost_api(suite) -> [];
  157: deny_peerhost_api(_Config) ->
  158:     [IP] = ?match([_], orber:host()),
  159:     {ok, ServerNode, _ServerHost} = 
  160: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  161: 						 {iiop_acl, [{tcp_in, IP++"/32", ["123.123.123.123"]}]}])),
  162:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  163:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  164: 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  165: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  166:     ok.
  167: 
  168: %%-----------------------------------------------------------------
  169: %%  Incomming connections - Allow
  170: %%-----------------------------------------------------------------
  171: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"];
  172: allow_port_range_api(suite) -> [];
  173: allow_port_range_api(_Config) ->
  174:     [IP] = ?match([_], orber:host()),
  175:     {ok, ServerNode, _ServerHost} = 
  176: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  177: 						 {iiop_acl, [{tcp_in, IP++"/32#5980/6000"}]}])),
  178:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  179:     IOR =
  180: 	?match({'IOP_IOR',_,_},
  181: 	       corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  182:     ?match(false, corba_object:not_existent(IOR)),
  183: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  184:     ok.
  185: 
  186: 
  187: allow_host_api(doc) -> ["Allow Access due to valid host"];
  188: allow_host_api(suite) -> [];
  189: allow_host_api(_Config) ->
  190:     [IP] = ?match([_], orber:host()),
  191:     {ok, ServerNode, _ServerHost} = 
  192: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  193: 						 {iiop_acl, [{tcp_in, IP++"/32"}]}])),
  194:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  195:     IOR =
  196: 	?match({'IOP_IOR',_,_}, 
  197: 	       corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  198:     ?match(false, corba_object:not_existent(IOR)),
  199: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  200:     ok.
  201: 
  202: allow_peerhost_api(doc) -> ["Allow Access due to valid peerhost"];
  203: allow_peerhost_api(suite) -> [];
  204: allow_peerhost_api(_Config) ->
  205:     [IP] = ?match([_], orber:host()),
  206:     {ok, ServerNode, _ServerHost} = 
  207: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  208: 						 {iiop_acl, [{tcp_in, IP++"/32", [IP]}]}])),
  209:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  210:     IOR =
  211: 	?match({'IOP_IOR',_,_}, 
  212: 	       corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService",
  213: 				      [#'IOP_ServiceContext'
  214: 				       {context_id=?ORBER_GENERIC_CTX_ID, 
  215: 					context_data = {interface, IP}}])),
  216:     ?match(false, corba_object:not_existent(IOR,
  217: 					    [#'IOP_ServiceContext'
  218: 					     {context_id=?ORBER_GENERIC_CTX_ID, 
  219: 					      context_data = {interface, IP}}])),
  220: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  221:     ok.
  222: 
  223: %%-----------------------------------------------------------------
  224: %%  Test corbaloc strings
  225: %%-----------------------------------------------------------------
  226: check_address_api(doc) -> ["Test corbaloc strings"];
  227: check_address_api(suite) -> [];
  228: check_address_api(_Config) ->
  229:     ?match({[[iiop,{1,0},"10.0.0.1",2809]],"NameService"},
  230: 	   orber_cosnaming_utils:addresses(":10.0.0.1/NameService")),
  231:     ?match({[[iiop,{1,0},"10.0.0.1",2809]],[]},
  232: 	   orber_cosnaming_utils:addresses(":10.0.0.1")),
  233:     ?match({[[iiop,{1,2},"10.0.0.1",2809]],"NameService"},
  234: 	   orber_cosnaming_utils:addresses(":1.2@10.0.0.1/NameService")),
  235:     ?match({[[iiop,{1,0},"10.0.0.1",4001]],"NameService"},
  236: 	   orber_cosnaming_utils:addresses(":10.0.0.1:4001/NameService")),
  237:     ?match({[[iiop,{1,1},"10.0.0.1",4001]],"NameService"},
  238: 	   orber_cosnaming_utils:addresses(":1.1@10.0.0.1:4001/NameService")),
  239:     ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]},
  240: 	   orber_cosnaming_utils:addresses(":1.1@10.0.0.1:4001")),
  241:     ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]},
  242: 	   orber_cosnaming_utils:addresses("iiop:1.1@10.0.0.1:4001")),
  243:     ?match({[[iiop,{1,1},"10.0.0.1",4001]],[]},
  244: 	   orber_cosnaming_utils:addresses("iiop:1.1@10.0.0.1:4001/")),
  245: 
  246:     ?match({[[iiop,{1,1},"myhost",4001]],[]},
  247: 	   orber_cosnaming_utils:addresses("iiop:1.1@myhost:4001")),
  248:     ?match({[[iiop,{1,1},"myhost.full.name",4001]],"NameService"},
  249: 	   orber_cosnaming_utils:addresses("iiop:1.1@myhost.full.name:4001/NameService")),
  250:     ?match({[[iiop,{1,1},"myhost",4001], 
  251: 	     [iiop,{1,1},"myhost.full.name",2809]],"NameService"},
  252: 	   orber_cosnaming_utils:addresses("iiop:1.1@myhost:4001,iiop:1.1@myhost.full.name/NameService")),
  253: 
  254:     ?match({[[iiop,{1,1},"123.12.23.2",4001],
  255: 	     [iiop,{1,1},"10.0.0.1",4001]], "NameService"},
  256: 	   orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1:4001/NameService")),
  257:     ?match({[[iiop,{1,1},"123.12.23.2",4001],
  258: 	     [iiop,{1,1},"10.0.0.1",4001]], []},
  259: 	   orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1:4001")),
  260:     ?match({[[iiop,{1,0},"123.12.23.2",4001],
  261: 	     [iiop,{1,1},"10.0.0.1",4001]], "NameService"},
  262: 	   orber_cosnaming_utils:addresses(":123.12.23.2:4001,:1.1@10.0.0.1:4001/NameService")),
  263:     ?match({[[iiop,{1,1},"123.12.23.2",4001],
  264: 	     [iiop,{1,0},"10.0.0.1",4001]], "NameService"},
  265: 	   orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:10.0.0.1:4001/NameService")),
  266:     ?match({[[iiop,{1,1},"123.12.23.2",2809],
  267: 	     [iiop,{1,1},"10.0.0.1",4001]], "NameService"},
  268: 	   orber_cosnaming_utils:addresses(":1.1@123.12.23.2,:1.1@10.0.0.1:4001/NameService")),
  269:     ?match({[[iiop,{1,1},"123.12.23.2",4001],
  270: 	     [iiop,{1,1},"10.0.0.1",2809]], "NameService"},
  271: 	   orber_cosnaming_utils:addresses(":1.1@123.12.23.2:4001,:1.1@10.0.0.1/NameService")),
  272:     ?match({[[iiop,{1,0},"123.12.23.2",2809],
  273: 	     [iiop,{1,0},"10.0.0.1",2809]], "NameService"},
  274: 	   orber_cosnaming_utils:addresses(":123.12.23.2,:10.0.0.1/NameService")),
  275:     ?match({[[iiop,{1,0},"123.12.23.2",2809],
  276: 	     [iiop,{1,0},"10.0.0.1",2809]], []},
  277: 	   orber_cosnaming_utils:addresses(":123.12.23.2,:10.0.0.1/")),
  278:     ?match({[[iiop,{1,0},"123.12.23.2",2809],
  279: 	     [iiop,{1,0},"10.0.0.1",2809]], []},
  280: 	   orber_cosnaming_utils:addresses("iiop:123.12.23.2,:10.0.0.1/")),
  281: 
  282:     [IP] = ?match([_], orber:host()),
  283:     {ok, ServerNode, _ServerHost} = 
  284: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_INCOMING},
  285: 						 {iiop_acl, [{tcp_in, IP++"/32"}]}])),
  286:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  287:     ?match({'IOP_IOR',_,_}, 
  288: 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
  289: %    ?line catch orber_test_lib:destroy_node(ServerNode, timeout),
  290: 
  291:     ok.
  292: