1: %% 2: %% %CopyrightBegin% 3: %% 4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved. 5: %% 6: %% The contents of this file are subject to the Erlang Public License, 7: %% Version 1.1, (the "License"); you may not use this file except in 8: %% compliance with the License. You should have received a copy of the 9: %% Erlang Public License along with this software. If not, it can be 10: %% retrieved online at http://www.erlang.org/. 11: %% 12: %% Software distributed under the License is distributed on an "AS IS" 13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 14: %% the License for the specific language governing rights and limitations 15: %% under the License. 16: %% 17: %% %CopyrightEnd% 18: %% 19: %% 20: 21: -module(orber_firewall_ipv6_out_SUITE). 22: 23: -include_lib("test_server/include/test_server.hrl"). 24: -include_lib("orber/include/corba.hrl"). 25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl"). 26: -include_lib("orber/src/orber_iiop.hrl"). 27: -include_lib("orber/src/ifr_objects.hrl"). 28: -include("idl_output/orber_test_server.hrl"). 29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl"). 30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl"). 31: 32: -define(default_timeout, ?t:minutes(15)). 33: 34: -define(match(ExpectedRes,Expr), 35: fun() -> 36: AcTuAlReS = (catch (Expr)), 37: case AcTuAlReS of 38: ExpectedRes -> 39: io:format("------ CORRECT RESULT ------~n~p~n", 40: [AcTuAlReS]), 41: AcTuAlReS; 42: _ -> 43: io:format("###### ERROR ERROR ######~nRESULT: ~p~n", 44: [AcTuAlReS]), 45: ?line exit(AcTuAlReS) 46: end 47: end()). 48: 49: %%----------------------------------------------------------------- 50: %% External exports 51: %%----------------------------------------------------------------- 52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 53: init_per_suite/1, end_per_suite/1, 54: init_per_testcase/2, end_per_testcase/2, 55: deny_port_api/1, deny_port_range_api/1, deny_host_api/1, 56: allow_port_api/1, allow_port_range_api/1, allow_host_api/1, 57: local_interface_api/1]). 58: 59: %%----------------------------------------------------------------- 60: %% Func: all/1 61: %% Args: 62: %% Returns: 63: %%----------------------------------------------------------------- 64: suite() -> [{ct_hooks,[ts_install_cth]}]. 65: 66: all() -> 67: cases(). 68: 69: groups() -> 70: []. 71: 72: init_per_group(_GroupName, Config) -> 73: Config. 74: 75: end_per_group(_GroupName, Config) -> 76: Config. 77: 78: 79: %% NOTE - the fragment test cases must bu first since we explicitly set a request 80: %% id. Otherwise, the request-id counter would be increased and we cannot know 81: %% what it is. 82: cases() -> 83: [deny_port_api, deny_port_range_api, deny_host_api, 84: allow_port_api, allow_port_range_api, allow_host_api, 85: local_interface_api]. 86: 87: 88: init_per_testcase(_Case, Config) -> 89: ?line Dog=test_server:timetrap(?default_timeout), 90: orber:jump_start([{iiop_port, 0}, 91: {iiop_out_ports, {5980, 6000}}, 92: {flags, ?ORB_ENV_USE_IPV6}]), 93: [{watchdog, Dog}|Config]. 94: 95: 96: end_per_testcase(_Case, Config) -> 97: orber:jump_stop(), 98: Dog = ?config(watchdog, Config), 99: test_server:timetrap_cancel(Dog), 100: ok. 101: 102: init_per_suite(Config) -> 103: case orber_test_lib:version_ok() of 104: true -> 105: if 106: is_list(Config) -> 107: Config; 108: true -> 109: exit("Config not a list") 110: end; 111: Reason -> 112: Reason 113: end. 114: 115: end_per_suite(Config) -> 116: Config. 117: 118: 119: %%----------------------------------------------------------------- 120: %% Incomming connections - Deny 121: %%----------------------------------------------------------------- 122: deny_port_api(doc) -> ["Deny Access due to invalid local port"]; 123: deny_port_api(suite) -> []; 124: deny_port_api(_Config) -> 125: [IP] = ?match([_], orber:host()), 126: ServerPort = orber:iiop_port(), 127: {ok, ServerNode, ServerHost} = 128: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 129: ?ORB_ENV_USE_ACL_OUTGOING)}, 130: {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort+10)}]}])), 131: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 132: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 133: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 134: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 135: ok. 136: 137: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"]; 138: deny_port_range_api(suite) -> []; 139: deny_port_range_api(_Config) -> 140: [IP] = ?match([_], orber:host()), 141: ServerPort = orber:iiop_port(), 142: {ok, ServerNode, ServerHost} = 143: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 144: ?ORB_ENV_USE_ACL_OUTGOING)}, 145: {iiop_acl, [{tcp_out, IP++"/128#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])), 146: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 147: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 148: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 149: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 150: ok. 151: 152: 153: deny_host_api(doc) -> ["Deny Access due to invalid host"]; 154: deny_host_api(suite) -> []; 155: deny_host_api(_Config) -> 156: {ok, ServerNode, ServerHost} = 157: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 158: ?ORB_ENV_USE_ACL_OUTGOING)}, 159: {iiop_acl, [{tcp_out, "0:0:0:0:0:0:10.1.1.1/128"}]}])), 160: ServerPort = orber:iiop_port(), 161: ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 162: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 163: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 164: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 165: ok. 166: 167: %%----------------------------------------------------------------- 168: %% Incomming connections - Allow 169: %%----------------------------------------------------------------- 170: allow_port_api(doc) -> ["Allow Access due to valid local port"]; 171: allow_port_api(suite) -> []; 172: allow_port_api(_Config) -> 173: [IP] = ?match([_], orber:host()), 174: ServerPort = orber:iiop_port(), 175: {ok, ServerNode, ServerHost} = 176: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 177: ?ORB_ENV_USE_ACL_OUTGOING)}, 178: {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort)}]}])), 179: IOR = 180: ?match({'IOP_IOR',_,_}, 181: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 182: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 183: ?match(false, 184: orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 185: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 186: ok. 187: 188: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"]; 189: allow_port_range_api(suite) -> []; 190: allow_port_range_api(_Config) -> 191: [IP] = ?match([_], orber:host()), 192: ServerPort = orber:iiop_port(), 193: {ok, ServerNode, ServerHost} = 194: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 195: ?ORB_ENV_USE_ACL_OUTGOING)}, 196: {iiop_acl, [{tcp_out, IP++"/128#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])), 197: IOR = 198: ?match({'IOP_IOR',_,_}, 199: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 200: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 201: ?match(false, 202: orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 203: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 204: ok. 205: 206: 207: allow_host_api(doc) -> ["Allow Access due to valid host"]; 208: allow_host_api(suite) -> []; 209: allow_host_api(_Config) -> 210: [IP] = ?match([_], orber:host()), 211: {ok, ServerNode, ServerHost} = 212: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 213: ?ORB_ENV_USE_ACL_OUTGOING)}, 214: {iiop_acl, [{tcp_out, IP}]}])), 215: ServerPort = orber:iiop_port(), 216: IOR = 217: ?match({'IOP_IOR',_,_}, 218: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 219: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 220: ?match(false, 221: orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 222: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 223: ok. 224: 225: local_interface_api(doc) -> ["Allow Access due to valid host via a spcific interface"]; 226: local_interface_api(suite) -> []; 227: local_interface_api(_Config) -> 228: [IP] = ?match([_], orber:host()), 229: {ok, ServerNode, ServerHost} = 230: ?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 231: ?ORB_ENV_USE_ACL_OUTGOING)}, 232: {iiop_acl, [{tcp_out, IP, [IP]}]}])), 233: ServerPort = orber:iiop_port(), 234: IOR = 235: ?match({'IOP_IOR',_,_}, 236: orber_test_lib:remote_apply(ServerNode, corba, string_to_object, 237: ["corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService"])), 238: ?match(false, 239: orber_test_lib:remote_apply(ServerNode, corba_object, not_existent, [IOR])), 240: % ?line catch orber_test_lib:destroy_node(ServerNode, timeout), 241: ok. 242: