diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 19:09:23 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 19:09:23 +0000 |
commit | 1b631c75a166e0258aad972d74af929b7968ea66 (patch) | |
tree | b5735fd08977a7f74bb1753a6952caeeb1fb73f6 /debian/perl-framework/t/modules/authz_core.t | |
parent | Adding upstream version 2.4.58. (diff) | |
download | apache2-1b631c75a166e0258aad972d74af929b7968ea66.tar.xz apache2-1b631c75a166e0258aad972d74af929b7968ea66.zip |
Adding debian version 2.4.58-1.debian/2.4.58-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/modules/authz_core.t')
-rw-r--r-- | debian/perl-framework/t/modules/authz_core.t | 360 |
1 files changed, 360 insertions, 0 deletions
diff --git a/debian/perl-framework/t/modules/authz_core.t b/debian/perl-framework/t/modules/authz_core.t new file mode 100644 index 0000000..6e43aa3 --- /dev/null +++ b/debian/perl-framework/t/modules/authz_core.t @@ -0,0 +1,360 @@ +use strict; +use warnings FATAL => 'all'; + +use Apache::Test; +use Apache::TestRequest; +use Apache::TestUtil qw(t_write_file); +use File::Spec; + +# test RequireAll/RequireAny containers and AuthzMerging + +plan tests => 168 + 14*24, + need need_lwp, + need_module('mod_authn_core'), + need_module('mod_authz_core'), + need_module('mod_authz_host'), + need_module('mod_authz_groupfile'), + need_min_apache_version('2.3.6'); + + +my $text = ''; + +sub check +{ + my $rc = shift; + my $path = shift; + + my @args; + foreach my $e (@_) { + if ($e =~ /user/) { + push @args, username => $e, password => $e; + } + else { + push @args, "X-Allowed$e" => 'yes'; + } + } + my $res = GET "/authz_core/$path", @args; + my $got = $res->code; + print "# got $got, expected $rc [$text: $path @_]\n"; + ok($got == $rc); +} + +sub write_htaccess +{ + my $path = shift; + my $merging = shift || ""; + my $container = shift || ""; + + $text = "$path $merging $container @_"; + + my $need_auth; + my $content = ""; + $content .= "AuthMerging $merging\n" if $merging; + + if ($container) { + $content .= "<Require$container>\n"; + } + foreach (@_) { + my $req = $_; + my $not = ""; + if ($req =~ s/^\!//) { + $not = 'not'; + } + if ($req =~ /all/) { + $content .= "Require $not $req\n"; + } + elsif ($req =~ /user/) { + # 'group' is correct, see comment about mod_authany below + $content .= "Require $not group $req\n"; + $need_auth = 1; + } + else { + $content .= "Require $not env allowed$req\n"; + } + } + if ($container) { + $content .= "</Require$container>\n"; + } + + if ($need_auth) { + $content .= "AuthType basic\n"; + $content .= "AuthName basic1\n"; + $content .= "AuthUserFile basic1\n"; + $content .= "AuthGroupFile groups1\n"; + } + + my $file = File::Spec->catfile(Apache::Test::vars('documentroot'), + "/authz_core/$path/.htaccess"); + t_write_file($file, $content); +} + +# create some users (username == password) +my $basic_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'basic1'); +t_write_file($basic_file, << 'EOF' ); +user1:NYSYdf7MU5KpU +user2:KJ7Yxzr1VVzAI +user3:xnpSvZ2iqti/c +EOF + +# mod_authany overrides the 'user' provider, so we can't check users directly :-( +# create some groups instead: +my $group_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'groups1'); +t_write_file($group_file, << 'EOF' ); +user1:user1 +user2:user2 +user3:user3 +EOF + +write_htaccess("a/", undef, undef); +check(200, "a/"); +check(200, "a/", 1); +check(200, "a/", 2); +check(200, "a/", 1, 2); +check(200, "a/", 3); + +write_htaccess("a/", undef, undef, "user1"); +check(401, "a/"); +check(200, "a/", "user1"); +check(401, "a/", "user2"); + +write_htaccess("a/", undef, "Any", 1, 2); +check(403, "a/"); +check(200, "a/", 1); +check(200, "a/", 2); +check(200, "a/", 1, 2); +check(403, "a/", 3); + write_htaccess("a/b/", undef, "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Off", "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Or", "Any", 2, 3); + check(403, "a/b/"); + check(200, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "And", "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 1, 2); + check(200, "a/b/", 1, 3); + check(200, "a/b/", 2, 3); + write_htaccess("a/b/", undef, "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Off", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Or", "All", 3, 4); + check(403, "a/b/"); + check(200, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 2, 3); + check(200, "a/b/", 3, 4); + check(403, "a/b/", 3); + check(403, "a/b/", 4); + write_htaccess("a/b/", "And", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 1, 2); + check(403, "a/b/", 1, 3); + check(200, "a/b/", 2, 3); + + +write_htaccess("a/", undef, "All", 1, "!2"); +check(403, "a/"); +check(200, "a/", 1); +check(403, "a/", 2); +check(403, "a/", 1, 2); +check(403, "a/", 3); + write_htaccess("a/b/", undef, "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Off", "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Or", "Any", 3, 4); + check(403, "a/b/"); + check(200, "a/b/", 1); + check(403, "a/b/", 1, 2); + check(200, "a/b/", 1, 2, 3); + check(200, "a/b/", 1, 2, 4); + check(200, "a/b/", 4); + write_htaccess("a/b/", "And", "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 1, 2); + check(200, "a/b/", 1, 3); + check(403, "a/b/", 2, 3); + # should not inherit AuthMerging And from a/b/ + write_htaccess("a/b/c/", undef, "Any", 4); + check(403, "a/b/c/", 1, 3); + check(200, "a/b/c/", 4); + check(200, "a/b/c/", 1, 2, 4); + write_htaccess("a/b/", undef, "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Off", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Or", "All", 3, 4); + check(403, "a/b/"); + check(200, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 2, 3); + check(200, "a/b/", 3, 4); + check(403, "a/b/", 3); + check(403, "a/b/", 4); + write_htaccess("a/b/", "And", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 1, 2); + check(403, "a/b/", 1, 3); + check(403, "a/b/", 2, 3); + + +write_htaccess("a/", undef, "All", 1, 2); +check(403, "a/"); +check(403, "a/", 1); +check(403, "a/", 2); +check(200, "a/", 1, 2); + write_htaccess("a/b/", undef, "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Off", "Any", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(200, "a/b/", 2); + check(200, "a/b/", 3); + write_htaccess("a/b/", "Or", "Any", 3, 4); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(200, "a/b/", 1, 2); + check(200, "a/b/", 3); + check(200, "a/b/", 4); + write_htaccess("a/b/", "And", "Any", 3, 4); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 4); + check(403, "a/b/", 1, 2); + check(200, "a/b/", 1, 2, 3); + check(200, "a/b/", 1, 2, 4); + check(403, "a/b/", 1, 3, 4); + write_htaccess("a/b/", undef, "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Off", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(200, "a/b/", 2, 3); + check(403, "a/b/", 1, 3); + write_htaccess("a/b/", "Or", "All", 3, 4); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 4); + check(403, "a/b/", 2, 3); + check(200, "a/b/", 3, 4); + check(200, "a/b/", 1, 2); + write_htaccess("a/b/", "And", "All", 2, 3); + check(403, "a/b/"); + check(403, "a/b/", 1); + check(403, "a/b/", 2); + check(403, "a/b/", 3); + check(403, "a/b/", 1, 2); + check(403, "a/b/", 1, 3); + check(403, "a/b/", 2, 3); + check(200, "a/b/", 1, 2, 3); + +# +# To test merging of a mix of user and non-user authz providers, +# we should test all orders. +# + +# helper function to get all permutations of an array +# returns array of references +sub permutations +{ + my @results = [shift]; + + foreach my $el (@_) { + my @new_results; + foreach my $arr (@results) { + my $len = scalar(@{$arr}); + foreach my $i (0 .. $len) { + my @new = @{$arr}; + splice @new, $i, 0, $el; + push @new_results, \@new; + } + } + @results = @new_results; + } + return @results; +} + + +my @perms = permutations(qw/user1 user2 1 2/); +foreach my $p (@perms) { + write_htaccess("a/", undef, "All", @{$p}); + check(403, "a/"); + check(403, "a/", 1); + check(403, "a/", "user1"); + check(401, "a/", 1, 2); + check(401, "a/", 1, 2, "user1"); + check(401, "a/", 1, 2, "user3"); + check(403, "a/", 1, "user1"); + + write_htaccess("a/", undef, "Any", @{$p}); + check(401, "a/"); + check(200, "a/", 1); + check(200, "a/", "user1"); + check(401, "a/", "user3"); + check(200, "a/", 1, 2); + check(200, "a/", 1, "user1"); + check(200, "a/", 1, "user3"); +} |