diff options
Diffstat (limited to 'test/integration/test-authentication-basic')
-rwxr-xr-x | test/integration/test-authentication-basic | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic new file mode 100755 index 0000000..784a00c --- /dev/null +++ b/test/integration/test-authentication-basic @@ -0,0 +1,153 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'i386' + +insertpackage 'unstable' 'foo' 'all' '1' +setupaptarchive --no-update + +changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )" + +echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash +echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf + +testauthfailure() { + testfailure apthelper download-file "${1}/bash" ./downloaded/bash + # crappy test, but http and https output are wastely different… + testsuccess grep 401 rootdir/tmp/testfailure.output + testfailure test -s ./downloaded/bash +} + +testauthsuccess() { + testsuccess apthelper download-file "${1}/bash" ./downloaded/bash + testfileequal ./downloaded/bash "$(cat aptarchive/bash)" + testfilestats ./downloaded/bash '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:644" + rm -f ./downloaded/bash + + # lets see if got/retains acceptable permissions + if [ -n "$AUTHCONF" ]; then + if [ "$(id -u)" = '0' ]; then + testfilestats "$AUTHCONF" '%U:%G:%a' '=' "_apt:$(id -gn):600" + else + testfilestats "$AUTHCONF" '%U:%G:%a' '=' "${TEST_DEFAULT_USER}:${TEST_DEFAULT_GROUP}:600" + fi + fi + + rm -rf rootdir/var/lib/apt/lists + if expr index "$1" '@' >/dev/null; then + testsuccesswithnotice aptget update + else + testsuccess aptget update + fi + testsuccessequal 'Reading package lists... +Building dependency tree... +The following NEW packages will be installed: + foo +0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. +Inst foo (1 unstable [all]) +Conf foo (1 unstable [all])' aptget install foo -s +} + +authfile() { + local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}" + mkdir -p "$(dirname "$AUTHCONF")" + rm -f "$AUTHCONF" + printf '%s' "$1" > "$AUTHCONF" + chmod 600 "$AUTHCONF" +} + +runtest() { + # unauthorized fails + authfile '' + testauthfailure "$1" + + protocol="${1%%://*}" + + # good auth + authfile "machine ${protocol}://localhost +login star@irc +password hunter2" + testauthsuccess "$1" + + # bad auth + authfile "machine ${protocol}://localhost +login anonymous +password hunter2" + testauthfailure "$1" + + # 2 stanzas: unmatching + good auth + authfile "machine ${protocol}://debian.org +login debian +password jessie + +machine ${protocol}://localhost +login star@irc +password hunter2" + testauthsuccess "$1" + + # no protocol specifier + authfile "machine localhost +login star@irc +password hunter2" + if [ "$protocol" = "https" ]; then + testauthsuccess "$1" + else + testfailure apthelper download-file "${1}/bash" ./downloaded/bash + testsuccessequal "W: ${1}/bash: ${TMPWORKINGDIRECTORY}/rootdir/etc/apt/auth.conf: Credentials for localhost match, but the protocol is not encrypted. Annotate with http:// to use." grep "Credentials.*match" rootdir/tmp/testfailure.output + testauthfailure "$1" + fi + + # wrong protocol specifier + if [ "$protocol" = "https" ]; then + authfile "machine http://localhost +login star@irc +password hunter2" + else + authfile "machine https://localhost +login star@irc +password hunter2" + fi + testauthfailure "$1" + + # delete file, make sure it fails; add auth.conf.d snippet, works again. + rm rootdir/etc/apt/auth.conf + testauthfailure "$1" + + authfile "machine ${protocol}://localhost +login star@irc +password hunter2" rootdir/etc/apt/auth.conf.d/myauth.conf + testauthsuccess "$1" + rm rootdir/etc/apt/auth.conf.d/myauth.conf +} + +msgmsg 'server basic auth' +rewritesourceslist "http://localhost:${APTHTTPPORT}" +runtest "http://localhost:${APTHTTPPORT}" +rewritesourceslist "http://star%40irc:hunter2@localhost:${APTHTTPPORT}" +authfile '' +testauthsuccess "http://star%40irc:hunter2@localhost:${APTHTTPPORT}" +rewritesourceslist "https://localhost:${APTHTTPSPORT}" +runtest "https://localhost:${APTHTTPSPORT}" +rewritesourceslist "http://localhost:${APTHTTPPORT}" + +msgmsg 'proxy to server basic auth' +webserverconfig 'aptwebserver::request::absolute' 'uri' +# using ip instead of localhost avoids picking up the auth for the repo +# for the proxy as well as we serve them both over the same server… +export http_proxy="http://127.0.0.1:${APTHTTPPORT}" +runtest "http://localhost:${APTHTTPPORT}" +unset http_proxy + +msgmsg 'proxy basic auth to server basic auth' +webserverconfig 'aptwebserver::proxy-authorization' "$(printf 'moon:deer2' | base64)" +export http_proxy="http://moon:deer2@localhost:${APTHTTPPORT}" +runtest "http://localhost:${APTHTTPPORT}" + +msgmsg 'proxy basic auth to server' +authfile '' +webserverconfig 'aptwebserver::authorization' '' +testauthsuccess "http://localhost:${APTHTTPPORT}" |