From 069fbf5bda85526cdae9cf684a61c49d6961c065 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Thu, 9 Apr 2020 14:03:48 -0400 Subject: [PATCH 12/45] test(dbus): zone: verify runtime config APIs (cherry picked from commit b1e7a3843f7c6dfc31ac3ac38cc938bd8ece7c6c) (cherry picked from commit 2bc363979f3223ed0b98f027c96d8af7c3d79211) --- src/tests/dbus/dbus.at | 1 + src/tests/dbus/zone_runtime_functional.at | 297 ++++++++++++++++++++++ 2 files changed, 298 insertions(+) create mode 100644 src/tests/dbus/zone_runtime_functional.at diff --git a/src/tests/dbus/dbus.at b/src/tests/dbus/dbus.at index 31c180dc3d3d..d9f7a2953131 100644 --- a/src/tests/dbus/dbus.at +++ b/src/tests/dbus/dbus.at @@ -4,3 +4,4 @@ m4_include([dbus/service.at]) m4_include([dbus/zone_permanent_signatures.at]) m4_include([dbus/zone_runtime_signatures.at]) m4_include([dbus/zone_permanent_functional.at]) +m4_include([dbus/zone_runtime_functional.at]) diff --git a/src/tests/dbus/zone_runtime_functional.at b/src/tests/dbus/zone_runtime_functional.at new file mode 100644 index 000000000000..d0098dfdff65 --- /dev/null +++ b/src/tests/dbus/zone_runtime_functional.at @@ -0,0 +1,297 @@ +FWD_START_TEST([dbus api - zone permanent functional]) +AT_KEYWORDS(dbus zone gh586) + +dnl #################### +dnl Global APIs +dnl #################### + +DBUS_CHECK([], [getZoneSettings], ["public"], 0, [dnl + (('', dnl version + 'Public', dnl short + 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', dnl description + false, dnl bogus/unused + 'default', dnl target + @<:@'ssh', 'dhcpv6-client', 'cockpit'@:>@, dnl services + @a(ss) @<:@@:>@, dnl ports + @as @<:@@:>@, dnl ICMP Blocks + false, dnl masquerade + @a(ssss) @<:@@:>@, dnl forward ports + @as @<:@@:>@, dnl interfaces + @as @<:@@:>@, dnl sources + @as @<:@@:>@, dnl rules_str + @as @<:@@:>@, dnl protocols + @a(ss) @<:@@:>@, dnl source ports + false),) +]) + +dnl Default Zone +DBUS_CHECK([], [getDefaultZone], [], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [setDefaultZone], ['drop'], 0, [dnl + () +]) +DBUS_CHECK([], [getDefaultZone], [], 0, [dnl + ('drop',) +]) + +dnl Fetching Zones +DBUS_CHECK([], [zone.getZones], [], 0, [dnl + [(['block', 'dmz', 'drop', 'external', 'home', 'internal', 'public', 'trusted', 'work'],)] +]) +FWD_CHECK([-q --zone public --add-interface dummy0]) +FWD_CHECK([-q --zone public --add-source 10.1.1.1]) +DBUS_CHECK([], [zone.getActiveZones], [], 0, [dnl + ['public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']}] +]) +FWD_CHECK([-q --zone public --remove-interface dummy0]) +FWD_CHECK([-q --zone public --remove-source 10.1.1.1]) + +dnl Interfaces/Sources +FWD_CHECK([-q --zone public --add-interface dummy1]) +DBUS_CHECK([], [zone.getZoneOfInterface], ["dummy1"], 0, [dnl + ('public',) +]) +FWD_CHECK([-q --zone public --remove-interface dummy1]) +FWD_CHECK([-q --zone drop --add-source 10.10.10.0/24]) +DBUS_CHECK([], [zone.getZoneOfSource], ["10.10.10.0/24"], 0, [dnl + ('drop',) +]) +FWD_CHECK([-q --zone drop --remove-source 10.10.10.0/24]) + +dnl #################### +dnl Zone Individual APIs +dnl #################### + +dnl isImmutable +DBUS_CHECK([], [zone.isImmutable], ["public"], 0, [dnl + (false,) +]) + +dnl Interfaces +DBUS_CHECK([], [zone.addInterface], ["public" "dummy0"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.changeZone], ["drop" "dummy0"], 0, [dnl + ('drop',) +]) +DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl + (false,) +]) +DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.changeZoneOfInterface], ["public" "dummy0"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl + (false,) +]) +DBUS_CHECK([], [zone.addInterface], ["public" "dummy1"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl + [(['dummy0', 'dummy1'],)] +]) +DBUS_CHECK([], [zone.removeInterface], ["public" "dummy0"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl + [(['dummy1'],)] +]) + +dnl Sources +DBUS_CHECK([], [zone.addSource], ["public" "10.10.10.0/24"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.changeZoneOfSource], ["drop" "10.10.10.0/24"], 0, [dnl + ('drop',) +]) +DBUS_CHECK([], [zone.querySource], ["public" "10.10.10.0/24"], 0, [dnl + (false,) +]) +DBUS_CHECK([], [zone.querySource], ["drop" "10.10.10.0/24"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.changeZoneOfSource], ["public" "10.10.10.0/24"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.addSource], ["public" "10.20.0.0/16"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl + [(['10.10.10.0/24', '10.20.0.0/16'],)] +]) +DBUS_CHECK([], [zone.removeSource], ["public" "10.10.10.0/24"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl + [(['10.20.0.0/16'],)] +]) + +dnl Services +DBUS_CHECK([], [zone.addService], ["public" "samba" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.getServices], ["public"], 0, [dnl + [(['ssh', 'dhcpv6-client', 'cockpit', 'samba'],)] +]) +DBUS_CHECK([], [zone.removeService], ["public" "samba"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl + (false,) +]) + +dnl Protocols +DBUS_CHECK([], [zone.addProtocol], ["public" "icmp" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.getProtocols], ["public"], 0, [dnl + [(['icmp'],)] +]) +DBUS_CHECK([], [zone.removeProtocol], ["public" "icmp"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl + (false,) +]) + +dnl Ports +DBUS_CHECK([], [zone.addPort], ["public" "1234" "tcp" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.addPort], ["public" "4321" "udp" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getPorts], ["public"], 0, [dnl + [([['1234', 'tcp'], ['4321', 'udp']],)] +]) +DBUS_CHECK([], [zone.removePort], ["public" "1234" "tcp"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl + (false,) +]) + +dnl Source Ports +DBUS_CHECK([], [zone.addSourcePort], ["public" "1234" "tcp" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.addSourcePort], ["public" "4321" "udp" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getSourcePorts], ["public"], 0, [dnl + [([['1234', 'tcp'], ['4321', 'udp']],)] +]) +DBUS_CHECK([], [zone.removeSourcePort], ["public" "1234" "tcp"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl + (false,) +]) + +dnl Forward Ports +DBUS_CHECK([], [zone.addForwardPort], ["public" "1234" "tcp" "1111" "" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.addForwardPort], ["public" "4321" "udp" "4444" "10.10.10.10" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getForwardPorts], ["public"], 0, [dnl + [([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],)] +]) +DBUS_CHECK([], [zone.removeForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl + (false,) +]) + +dnl Masquerade +DBUS_CHECK([], [zone.addMasquerade], ["public" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.removeMasquerade], ["public"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl + (false,) +]) + +dnl ICMP Block +DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-reply" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-request" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getIcmpBlocks], ["public"], 0, [dnl + [(['echo-reply', 'echo-request'],)] +]) +DBUS_CHECK([], [zone.removeIcmpBlock], ["public" "echo-reply"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl + (false,) +]) + +dnl ICMP Block Inversion +DBUS_CHECK([], [zone.addIcmpBlockInversion], ["public"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.removeIcmpBlockInversion], ["public"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl + (false,) +]) + +dnl Rich Rules +DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl + (true,) +]) +DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept" 0], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.getRichRules], ["public"], 0, [dnl + [(['rule family="ipv4" source address="10.10.10.10" accept', 'rule family="ipv4" source address="20.20.20.20" accept'],)] +]) +DBUS_CHECK([], [zone.removeRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl + ('public',) +]) +DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl + (false,) +]) + +FWD_END_TEST -- 2.27.0