1: %%
    2: %% %CopyrightBegin%
    3: %% 
    4: %% Copyright Ericsson AB 2004-2011. All Rights Reserved.
    5: %% 
    6: %% The contents of this file are subject to the Erlang Public License,
    7: %% Version 1.1, (the "License"); you may not use this file except in
    8: %% compliance with the License. You should have received a copy of the
    9: %% Erlang Public License along with this software. If not, it can be
   10: %% retrieved online at http://www.erlang.org/.
   11: %% 
   12: %% Software distributed under the License is distributed on an "AS IS"
   13: %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
   14: %% the License for the specific language governing rights and limitations
   15: %% under the License.
   16: %% 
   17: %% %CopyrightEnd%
   18: %%
   19: %%
   20: 
   21: -module(orber_firewall_ipv4_out_SUITE).
   22: 
   23: -include_lib("test_server/include/test_server.hrl").
   24: -include_lib("orber/include/corba.hrl").
   25: -include_lib("orber/COSS/CosNaming/CosNaming.hrl").
   26: -include_lib("orber/src/orber_iiop.hrl").
   27: -include_lib("orber/src/ifr_objects.hrl").
   28: -include("idl_output/orber_test_server.hrl").
   29: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContextExt.hrl").
   30: -include_lib("orber/COSS/CosNaming/CosNaming_NamingContext.hrl").
   31: 
   32: -define(default_timeout, ?t:minutes(15)).
   33: 
   34: -define(match(ExpectedRes,Expr),
   35: 	fun() ->
   36: 		AcTuAlReS = (catch (Expr)),
   37: 		case AcTuAlReS of
   38: 		    ExpectedRes ->
   39: 			io:format("------ CORRECT RESULT ------~n~p~n",
   40: 				 [AcTuAlReS]),
   41: 			AcTuAlReS;
   42: 		    _ ->
   43: 			io:format("###### ERROR ERROR ######~nRESULT:  ~p~n",
   44: 				  [AcTuAlReS]),
   45: 			?line exit(AcTuAlReS)
   46: 		end
   47: 	end()).
   48: 
   49: %%-----------------------------------------------------------------
   50: %% External exports
   51: %%-----------------------------------------------------------------
   52: -export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
   53: 	 init_per_suite/1, end_per_suite/1, 
   54: 	 init_per_testcase/2, end_per_testcase/2,  
   55: 	 deny_port_api/1, deny_port_range_api/1, deny_host_api/1,
   56: 	 allow_port_api/1, allow_port_range_api/1, allow_host_api/1,
   57: 	 local_interface_api/1]).
   58: 
   59: %%-----------------------------------------------------------------
   60: %% Func: all/1
   61: %% Args: 
   62: %% Returns: 
   63: %%-----------------------------------------------------------------
   64: suite() -> [{ct_hooks,[ts_install_cth]}].
   65: 
   66: all() -> 
   67:     cases().
   68: 
   69: groups() -> 
   70:     [].
   71: 
   72: init_per_group(_GroupName, Config) ->
   73:     Config.
   74: 
   75: end_per_group(_GroupName, Config) ->
   76:     Config.
   77: 
   78: 
   79: %% NOTE - the fragment test cases must bu first since we explicitly set a request
   80: %% id. Otherwise, the request-id counter would be increased and we cannot know
   81: %% what it is.
   82: cases() -> 
   83:     [deny_port_api, deny_port_range_api, deny_host_api,
   84:      allow_port_api, allow_port_range_api, allow_host_api,
   85:      local_interface_api].
   86: 
   87: 
   88: init_per_testcase(_Case, Config) ->
   89:     ?line Dog=test_server:timetrap(?default_timeout),
   90:     [{watchdog, Dog}|Config].
   91: 
   92: 
   93: end_per_testcase(_Case, Config) ->
   94:     Dog = ?config(watchdog, Config),
   95:     test_server:timetrap_cancel(Dog),
   96:     ok.
   97: 
   98: init_per_suite(Config) ->
   99:     if
  100: 	is_list(Config) ->
  101: 	    orber:jump_start([{iiop_port, 0},
  102: 			      {iiop_out_ports, {5980, 6000}}]),
  103: 	    Config;
  104: 	true ->
  105: 	    exit("Config not a list")
  106:     end.
  107: 
  108: end_per_suite(Config) ->
  109:     orber:jump_stop(),
  110:     Config.
  111: 
  112: %%-----------------------------------------------------------------
  113: %%  Incomming connections - Deny
  114: %%-----------------------------------------------------------------
  115: deny_port_api(doc) -> ["Deny Access due to invalid local port"];
  116: deny_port_api(suite) -> [];
  117: deny_port_api(_Config) ->
  118:     [IP] = ?match([_], orber:host()),
  119:     ServerPort = orber:iiop_port(),
  120:     {ok, ClientNode, _ClientHost} = 
  121: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  122: 						 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort+10)}]}])),
  123:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  124: 	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  125: 	   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  126: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  127:     ok.
  128: 
  129: deny_port_range_api(doc) -> ["Deny Access due to invalid local port range"];
  130: deny_port_range_api(suite) -> [];
  131: deny_port_range_api(_Config) ->
  132:     [IP] = ?match([_], orber:host()),
  133:     ServerPort = orber:iiop_port(),
  134:     {ok, ClientNode, _ClientHost} = 
  135: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  136: 						 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort+100)++ "/" ++ integer_to_list(ServerPort+120)}]}])),
  137:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  138: 	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  139: 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  140: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  141:     ok.
  142: 
  143: 
  144: deny_host_api(doc) -> ["Deny Access due to invalid host"];
  145: deny_host_api(suite) -> [];
  146: deny_host_api(_Config) ->
  147:     [IP] = ?match([_], orber:host()),
  148:     {ok, ClientNode, _ClientHost} = 
  149: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  150: 						 {iiop_acl, [{tcp_out, "123.123.123.123/32"}]}])),
  151:     ServerPort = orber:iiop_port(),
  152:     ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
  153: 	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  154: 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  155: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  156:     ok.
  157: 
  158: %%-----------------------------------------------------------------
  159: %%  Incomming connections - Allow
  160: %%-----------------------------------------------------------------
  161: allow_port_api(doc) -> ["Allow Access due to valid local port range"];
  162: allow_port_api(suite) -> [];
  163: allow_port_api(_Config) ->
  164:     [IP] = ?match([_], orber:host()),
  165:     ServerPort = orber:iiop_port(),
  166:     {ok, ClientNode, _ClientHost} = 
  167: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  168: 						 {iiop_acl, [{tcp_out, IP++"/32#"++integer_to_list(ServerPort)}]}])),
  169:     IOR =
  170: 	?match({'IOP_IOR',_,_},
  171: 	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  172: 					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  173:     ?match(false, 
  174: 	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
  175: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  176:     ok.
  177: 
  178: allow_port_range_api(doc) -> ["Allow Access due to valid local port range"];
  179: allow_port_range_api(suite) -> [];
  180: allow_port_range_api(_Config) ->
  181:     [IP] = ?match([_], orber:host()),
  182:     ServerPort = orber:iiop_port(),
  183:     {ok, ClientNode, _ClientHost} = 
  184: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  185: 						 {iiop_acl, [{tcp_out, IP++"/32#" ++ integer_to_list(ServerPort-10) ++ "/" ++ integer_to_list(ServerPort+10)}]}])),
  186:     IOR = 
  187: 	?match({'IOP_IOR',_,_},
  188: 	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  189: 					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  190:     ?match(false, 
  191: 	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
  192: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  193:     ok.
  194: 
  195: 
  196: allow_host_api(doc) -> ["Allow Access due to valid host"];
  197: allow_host_api(suite) -> [];
  198: allow_host_api(_Config) ->
  199:     [IP] = ?match([_], orber:host()),
  200:     {ok, ClientNode, _ClientHost} = 
  201: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  202: 						 {iiop_acl, [{tcp_out, IP++"/32"}]}])),
  203:     ServerPort = orber:iiop_port(),
  204:     IOR =
  205: 	?match({'IOP_IOR',_,_}, 
  206: 	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  207: 					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  208:     ?match(false, 
  209: 	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
  210: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  211:     ok.
  212: 
  213: local_interface_api(doc) -> ["Allow Access due to valid host via a spcific interface"];
  214: local_interface_api(suite) -> [];
  215: local_interface_api(_Config) ->
  216:     IP = orber_test_lib:get_host(),
  217:     Loopback = orber_test_lib:get_loopback_interface(),
  218:     {ok, ServerNode, _ServerHost} = 
  219: 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_port, 0},
  220: 						 {iiop_out_ports, {5980, 6000}},
  221: 						 {ip_address, IP}])),
  222:     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
  223: 
  224:     {ok, ClientNode, _ClientHost} = 
  225: 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_ACL_OUTGOING},
  226: 						 {iiop_acl, [{tcp_out, IP, [Loopback]}]}])),
  227:     IOR =
  228: 	?match({'IOP_IOR',_,_}, 
  229: 	       orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
  230: 					   ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
  231:     ?match(false, 
  232: 	   orber_test_lib:remote_apply(ClientNode, corba_object, not_existent, [IOR])),
  233: %    ?line catch orber_test_lib:destroy_node(ClientNode, timeout),
  234:     ok.
  235: