You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test-authentication-basic 3.7 KiB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. #!/bin/sh
  2. set -e
  3. TESTDIR="$(readlink -f "$(dirname "$0")")"
  4. . "$TESTDIR/framework"
  5. setupenvironment
  6. configarchitecture 'i386'
  7. insertpackage 'unstable' 'foo' 'all' '1'
  8. setupaptarchive --no-update
  9. changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )"
  10. echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash
  11. echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf
  12. testauthfailure() {
  13. testfailure apthelper download-file "${1}/bash" ./downloaded/bash
  14. # crappy test, but http and https output are wastely different…
  15. testsuccess grep 401 rootdir/tmp/testfailure.output
  16. testfailure test -s ./downloaded/bash
  17. }
  18. testauthsuccess() {
  19. testsuccess apthelper download-file "${1}/bash" ./downloaded/bash
  20. testfileequal ./downloaded/bash "$(cat aptarchive/bash)"
  21. testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644"
  22. rm -f ./downloaded/bash
  23. # lets see if got/retains acceptable permissions
  24. if [ -n "$AUTHCONF" ]; then
  25. if [ "$(id -u)" = '0' ]; then
  26. testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600"
  27. else
  28. testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600"
  29. fi
  30. fi
  31. rm -rf rootdir/var/lib/apt/lists
  32. if expr index "$1" '@' >/dev/null; then
  33. testsuccesswithnotice aptget update
  34. else
  35. testsuccess aptget update
  36. fi
  37. testsuccessequal 'Reading package lists...
  38. Building dependency tree...
  39. The following NEW packages will be installed:
  40. foo
  41. 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  42. Inst foo (1 unstable [all])
  43. Conf foo (1 unstable [all])' aptget install foo -s
  44. }
  45. authfile() {
  46. local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}"
  47. mkdir -p "$(dirname "$AUTHCONF")"
  48. rm -f "$AUTHCONF"
  49. printf '%s' "$1" > "$AUTHCONF"
  50. chmod 600 "$AUTHCONF"
  51. }
  52. runtest() {
  53. # unauthorized fails
  54. authfile ''
  55. testauthfailure "$1"
  56. # good auth
  57. authfile 'machine localhost
  58. login star@irc
  59. password hunter2'
  60. testauthsuccess "$1"
  61. # bad auth
  62. authfile 'machine localhost
  63. login anonymous
  64. password hunter2'
  65. testauthfailure "$1"
  66. # 2 stanzas: unmatching + good auth
  67. authfile 'machine debian.org
  68. login debian
  69. password jessie
  70. machine localhost
  71. login star@irc
  72. password hunter2'
  73. testauthsuccess "$1"
  74. # delete file, make sure it fails; add auth.conf.d snippet, works again.
  75. rm rootdir/etc/apt/auth.conf
  76. testauthfailure "$1"
  77. authfile 'machine localhost
  78. login star@irc
  79. password hunter2' rootdir/etc/apt/auth.conf.d/myauth.conf
  80. testauthsuccess "$1"
  81. rm rootdir/etc/apt/auth.conf.d/myauth.conf
  82. }
  83. msgmsg 'server basic auth'
  84. rewritesourceslist "http://localhost:${APTHTTPPORT}"
  85. runtest "http://localhost:${APTHTTPPORT}"
  86. rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
  87. authfile ''
  88. testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}"
  89. rewritesourceslist "https://localhost:${APTHTTPSPORT}"
  90. runtest "https://localhost:${APTHTTPSPORT}"
  91. rewritesourceslist "http://localhost:${APTHTTPPORT}"
  92. msgmsg 'proxy to server basic auth'
  93. webserverconfig 'aptwebserver::request::absolute' 'uri'
  94. # using ip instead of localhost avoids picking up the auth for the repo
  95. # for the proxy as well as we serve them both over the same server…
  96. export http_proxy="http://127.0.0.1:${APTHTTPPORT}"
  97. runtest "http://localhost:${APTHTTPPORT}"
  98. unset http_proxy
  99. msgmsg 'proxy basic auth to server basic auth'
  100. webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)"
  101. export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}"
  102. runtest "http://localhost:${APTHTTPPORT}"
  103. msgmsg 'proxy basic auth to server'
  104. authfile ''
  105. webserverconfig 'aptwebserver::authorization' ''
  106. testauthsuccess "http://localhost:${APTHTTPPORT}"