From 069fbf5bda85526cdae9cf684a61c49d6961c065 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 9 Apr 2020 14:03:48 -0400
Subject: [PATCH 12/45] test(dbus): zone: verify runtime config APIs
(cherry picked from commit b1e7a3843f7c6dfc31ac3ac38cc938bd8ece7c6c)
(cherry picked from commit 2bc363979f3223ed0b98f027c96d8af7c3d79211)
---
src/tests/dbus/dbus.at | 1 +
src/tests/dbus/zone_runtime_functional.at | 297 ++++++++++++++++++++++
2 files changed, 298 insertions(+)
create mode 100644 src/tests/dbus/zone_runtime_functional.at
diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at
index 31c180dc3d3d..d9f7a2953131 100644
--- a/src/tests/dbus/dbus.at
+++ b/src/tests/dbus/dbus.at
@@ -4,3 +4,4 @@ m4_include([dbus/service.at])
m4_include([dbus/zone_permanent_signatures.at])
m4_include([dbus/zone_runtime_signatures.at])
m4_include([dbus/zone_permanent_functional.at])
+m4_include([dbus/zone_runtime_functional.at])
diff --git a/src/tests/dbus/zone_runtime_functional.at b/src/tests/dbus/zone_runtime_functional.at
new file mode 100644
index 000000000000..d0098dfdff65
--- /dev/null
+++ b/src/tests/dbus/zone_runtime_functional.at
@@ -0,0 +1,297 @@
+FWD_START_TEST([dbus api - zone permanent functional])
+AT_KEYWORDS(dbus zone gh586)
+
+dnl ####################
+dnl Global APIs
+dnl ####################
+
+DBUS_CHECK([], [getZoneSettings], ["public"], 0, [dnl
+ (('', dnl version
+ 'Public', dnl short
+ 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', dnl description
+ false, dnl bogus/unused
+ 'default', dnl target
+ @<:@'ssh', 'dhcpv6-client', 'cockpit'@:>@, dnl services
+ @a(ss) @<:@@:>@, dnl ports
+ @as @<:@@:>@, dnl ICMP Blocks
+ false, dnl masquerade
+ @a(ssss) @<:@@:>@, dnl forward ports
+ @as @<:@@:>@, dnl interfaces
+ @as @<:@@:>@, dnl sources
+ @as @<:@@:>@, dnl rules_str
+ @as @<:@@:>@, dnl protocols
+ @a(ss) @<:@@:>@, dnl source ports
+ false),)
+])
+
+dnl Default Zone
+DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [setDefaultZone], ['drop'], 0, [dnl
+ ()
+])
+DBUS_CHECK([], [getDefaultZone], [], 0, [dnl
+ ('drop',)
+])
+
+dnl Fetching Zones
+DBUS_CHECK([], [zone.getZones], [], 0, [dnl
+ [(['block', 'dmz', 'drop', 'external', 'home', 'internal', 'public', 'trusted', 'work'],)]
+])
+FWD_CHECK([-q --zone public --add-interface dummy0])
+FWD_CHECK([-q --zone public --add-source 10.1.1.1])
+DBUS_CHECK([], [zone.getActiveZones], [], 0, [dnl
+ ['public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']}]
+])
+FWD_CHECK([-q --zone public --remove-interface dummy0])
+FWD_CHECK([-q --zone public --remove-source 10.1.1.1])
+
+dnl Interfaces/Sources
+FWD_CHECK([-q --zone public --add-interface dummy1])
+DBUS_CHECK([], [zone.getZoneOfInterface], ["dummy1"], 0, [dnl
+ ('public',)
+])
+FWD_CHECK([-q --zone public --remove-interface dummy1])
+FWD_CHECK([-q --zone drop --add-source 10.10.10.0/24])
+DBUS_CHECK([], [zone.getZoneOfSource], ["10.10.10.0/24"], 0, [dnl
+ ('drop',)
+])
+FWD_CHECK([-q --zone drop --remove-source 10.10.10.0/24])
+
+dnl ####################
+dnl Zone Individual APIs
+dnl ####################
+
+dnl isImmutable
+DBUS_CHECK([], [zone.isImmutable], ["public"], 0, [dnl
+ (false,)
+])
+
+dnl Interfaces
+DBUS_CHECK([], [zone.addInterface], ["public" "dummy0"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.changeZone], ["drop" "dummy0"], 0, [dnl
+ ('drop',)
+])
+DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
+ (false,)
+])
+DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.changeZoneOfInterface], ["public" "dummy0"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl
+ (false,)
+])
+DBUS_CHECK([], [zone.addInterface], ["public" "dummy1"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
+ [(['dummy0', 'dummy1'],)]
+])
+DBUS_CHECK([], [zone.removeInterface], ["public" "dummy0"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl
+ [(['dummy1'],)]
+])
+
+dnl Sources
+DBUS_CHECK([], [zone.addSource], ["public" "10.10.10.0/24"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.changeZoneOfSource], ["drop" "10.10.10.0/24"], 0, [dnl
+ ('drop',)
+])
+DBUS_CHECK([], [zone.querySource], ["public" "10.10.10.0/24"], 0, [dnl
+ (false,)
+])
+DBUS_CHECK([], [zone.querySource], ["drop" "10.10.10.0/24"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.changeZoneOfSource], ["public" "10.10.10.0/24"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.addSource], ["public" "10.20.0.0/16"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
+ [(['10.10.10.0/24', '10.20.0.0/16'],)]
+])
+DBUS_CHECK([], [zone.removeSource], ["public" "10.10.10.0/24"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl
+ [(['10.20.0.0/16'],)]
+])
+
+dnl Services
+DBUS_CHECK([], [zone.addService], ["public" "samba" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.getServices], ["public"], 0, [dnl
+ [(['ssh', 'dhcpv6-client', 'cockpit', 'samba'],)]
+])
+DBUS_CHECK([], [zone.removeService], ["public" "samba"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl
+ (false,)
+])
+
+dnl Protocols
+DBUS_CHECK([], [zone.addProtocol], ["public" "icmp" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.getProtocols], ["public"], 0, [dnl
+ [(['icmp'],)]
+])
+DBUS_CHECK([], [zone.removeProtocol], ["public" "icmp"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl
+ (false,)
+])
+
+dnl Ports
+DBUS_CHECK([], [zone.addPort], ["public" "1234" "tcp" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.addPort], ["public" "4321" "udp" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getPorts], ["public"], 0, [dnl
+ [([['1234', 'tcp'], ['4321', 'udp']],)]
+])
+DBUS_CHECK([], [zone.removePort], ["public" "1234" "tcp"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl
+ (false,)
+])
+
+dnl Source Ports
+DBUS_CHECK([], [zone.addSourcePort], ["public" "1234" "tcp" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.addSourcePort], ["public" "4321" "udp" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getSourcePorts], ["public"], 0, [dnl
+ [([['1234', 'tcp'], ['4321', 'udp']],)]
+])
+DBUS_CHECK([], [zone.removeSourcePort], ["public" "1234" "tcp"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl
+ (false,)
+])
+
+dnl Forward Ports
+DBUS_CHECK([], [zone.addForwardPort], ["public" "1234" "tcp" "1111" "" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.addForwardPort], ["public" "4321" "udp" "4444" "10.10.10.10" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getForwardPorts], ["public"], 0, [dnl
+ [([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],)]
+])
+DBUS_CHECK([], [zone.removeForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl
+ (false,)
+])
+
+dnl Masquerade
+DBUS_CHECK([], [zone.addMasquerade], ["public" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.removeMasquerade], ["public"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl
+ (false,)
+])
+
+dnl ICMP Block
+DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-reply" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-request" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getIcmpBlocks], ["public"], 0, [dnl
+ [(['echo-reply', 'echo-request'],)]
+])
+DBUS_CHECK([], [zone.removeIcmpBlock], ["public" "echo-reply"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl
+ (false,)
+])
+
+dnl ICMP Block Inversion
+DBUS_CHECK([], [zone.addIcmpBlockInversion], ["public"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.removeIcmpBlockInversion], ["public"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl
+ (false,)
+])
+
+dnl Rich Rules
+DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
+ (true,)
+])
+DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept" 0], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.getRichRules], ["public"], 0, [dnl
+ [(['rule family="ipv4" source address="10.10.10.10" accept', 'rule family="ipv4" source address="20.20.20.20" accept'],)]
+])
+DBUS_CHECK([], [zone.removeRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
+ ('public',)
+])
+DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl
+ (false,)
+])
+
+FWD_END_TEST
--
2.27.0