|
 |
8072fb |
From 069fbf5bda85526cdae9cf684a61c49d6961c065 Mon Sep 17 00:00:00 2001
|
|
|
8072fb |
From: Eric Garver <eric@garver.life>
|
|
|
8072fb |
Date: Thu, 9 Apr 2020 14:03:48 -0400
|
|
|
8072fb |
Subject: [PATCH 12/45] test(dbus): zone: verify runtime config APIs
|
|
|
8072fb |
|
|
|
8072fb |
(cherry picked from commit b1e7a3843f7c6dfc31ac3ac38cc938bd8ece7c6c)
|
|
|
8072fb |
(cherry picked from commit 2bc363979f3223ed0b98f027c96d8af7c3d79211)
|
|
|
8072fb |
---
|
|
|
8072fb |
src/tests/dbus/dbus.at | 1 +
|
|
|
8072fb |
src/tests/dbus/zone_runtime_functional.at | 297 ++++++++++++++++++++++
|
|
|
8072fb |
2 files changed, 298 insertions(+)
|
|
|
8072fb |
create mode 100644 src/tests/dbus/zone_runtime_functional.at
|
|
|
8072fb |
|
|
|
8072fb |
diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at
|
|
|
8072fb |
index 31c180dc3d3d..d9f7a2953131 100644
|
|
|
8072fb |
--- a/src/tests/dbus/dbus.at
|
|
|
8072fb |
+++ b/src/tests/dbus/dbus.at
|
|
|
8072fb |
@@ -4,3 +4,4 @@ m4_include([dbus/service.at])
|
|
|
8072fb |
m4_include([dbus/zone_permanent_signatures.at])
|
|
|
8072fb |
m4_include([dbus/zone_runtime_signatures.at])
|
|
|
8072fb |
m4_include([dbus/zone_permanent_functional.at])
|
|
|
8072fb |
+m4_include([dbus/zone_runtime_functional.at])
|
|
|
8072fb |
diff --git a/src/tests/dbus/zone_runtime_functional.at b/src/tests/dbus/zone_runtime_functional.at
|
|
|
8072fb |
new file mode 100644
|
|
|
8072fb |
index 000000000000..d0098dfdff65
|
|
|
8072fb |
--- /dev/null
|
|
|
8072fb |
+++ b/src/tests/dbus/zone_runtime_functional.at
|
|
|
8072fb |
@@ -0,0 +1,297 @@
|
|
|
8072fb |
+FWD_START_TEST([dbus api - zone permanent functional])
|
|
|
8072fb |
+AT_KEYWORDS(dbus zone gh586)
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl ####################
|
|
|
8072fb |
+dnl Global APIs
|
|
|
8072fb |
+dnl ####################
|
|
|
8072fb |
+
|
|
|
8072fb |
+DBUS_CHECK([], [getZoneSettings], ["public"], 0, [dnl
|
|
|
8072fb |
+ (('', dnl version
|
|
|
8072fb |
+ 'Public', dnl short
|
|
|
8072fb |
+ 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', dnl description
|
|
|
8072fb |
+ false, dnl bogus/unused
|
|
|
8072fb |
+ 'default', dnl target
|
|
|
8072fb |
+ @<:@'ssh', 'dhcpv6-client', 'cockpit'@:>@, dnl services
|
|
|
8072fb |
+ @a(ss) @<:@@:>@, dnl ports
|
|
|
8072fb |
+ @as @<:@@:>@, dnl ICMP Blocks
|
|
|
8072fb |
+ false, dnl masquerade
|
|
|
8072fb |
+ @a(ssss) @<:@@:>@, dnl forward ports
|
|
|
8072fb |
+ @as @<:@@:>@, dnl interfaces
|
|
|
8072fb |
+ @as @<:@@:>@, dnl sources
|
|
|
8072fb |
+ @as @<:@@:>@, dnl rules_str
|
|
|
8072fb |
+ @as @<:@@:>@, dnl protocols
|
|
|
8072fb |
+ @a(ss) @<:@@:>@, dnl source ports
|
|
|
8072fb |
+ false),)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Default Zone
|
|
|
8072fb |
+DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [setDefaultZone], ['drop'], 0, [dnl
|
|
|
8072fb |
+ ()
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
|
|
|
8072fb |
+ ('drop',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Fetching Zones
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getZones], [], 0, [dnl
|
|
|
8072fb |
+ [(['block', 'dmz', 'drop', 'external', 'home', 'internal', 'public', 'trusted', 'work'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --add-interface dummy0])
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --add-source 10.1.1.1])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getActiveZones], [], 0, [dnl
|
|
|
8072fb |
+ ['public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']}]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --remove-interface dummy0])
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --remove-source 10.1.1.1])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Interfaces/Sources
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --add-interface dummy1])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getZoneOfInterface], ["dummy1"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+FWD_CHECK([-q --zone public --remove-interface dummy1])
|
|
|
8072fb |
+FWD_CHECK([-q --zone drop --add-source 10.10.10.0/24])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getZoneOfSource], ["10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ ('drop',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+FWD_CHECK([-q --zone drop --remove-source 10.10.10.0/24])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl ####################
|
|
|
8072fb |
+dnl Zone Individual APIs
|
|
|
8072fb |
+dnl ####################
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl isImmutable
|
|
|
8072fb |
+DBUS_CHECK([], [zone.isImmutable], ["public"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Interfaces
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addInterface], ["public" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.changeZone], ["drop" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ ('drop',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.changeZoneOfInterface], ["public" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addInterface], ["public" "dummy1"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['dummy0', 'dummy1'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeInterface], ["public" "dummy0"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['dummy1'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Sources
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addSource], ["public" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.changeZoneOfSource], ["drop" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ ('drop',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.querySource], ["public" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.querySource], ["drop" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.changeZoneOfSource], ["public" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addSource], ["public" "10.20.0.0/16"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['10.10.10.0/24', '10.20.0.0/16'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeSource], ["public" "10.10.10.0/24"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['10.20.0.0/16'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Services
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addService], ["public" "samba" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getServices], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['ssh', 'dhcpv6-client', 'cockpit', 'samba'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeService], ["public" "samba"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Protocols
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addProtocol], ["public" "icmp" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getProtocols], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['icmp'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeProtocol], ["public" "icmp"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Ports
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addPort], ["public" "1234" "tcp" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addPort], ["public" "4321" "udp" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getPorts], ["public"], 0, [dnl
|
|
|
8072fb |
+ [([['1234', 'tcp'], ['4321', 'udp']],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removePort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Source Ports
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addSourcePort], ["public" "1234" "tcp" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addSourcePort], ["public" "4321" "udp" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getSourcePorts], ["public"], 0, [dnl
|
|
|
8072fb |
+ [([['1234', 'tcp'], ['4321', 'udp']],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeSourcePort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Forward Ports
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addForwardPort], ["public" "1234" "tcp" "1111" "" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addForwardPort], ["public" "4321" "udp" "4444" "10.10.10.10" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getForwardPorts], ["public"], 0, [dnl
|
|
|
8072fb |
+ [([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Masquerade
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addMasquerade], ["public" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeMasquerade], ["public"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl ICMP Block
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-reply" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-request" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getIcmpBlocks], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['echo-reply', 'echo-request'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeIcmpBlock], ["public" "echo-reply"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl ICMP Block Inversion
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addIcmpBlockInversion], ["public"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeIcmpBlockInversion], ["public"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+dnl Rich Rules
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
|
|
|
8072fb |
+ (true,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept" 0], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.getRichRules], ["public"], 0, [dnl
|
|
|
8072fb |
+ [(['rule family="ipv4" source address="10.10.10.10" accept', 'rule family="ipv4" source address="20.20.20.20" accept'],)]
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.removeRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
|
|
|
8072fb |
+ ('public',)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
|
|
|
8072fb |
+ (false,)
|
|
|
8072fb |
+])
|
|
|
8072fb |
+
|
|
|
8072fb |
+FWD_END_TEST
|
|
|
8072fb |
--
|
|
|
8072fb |
2.27.0
|
|
|
8072fb |
|