diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:34:27 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 13:34:27 +0000 |
commit | 4dbdc42d9e7c3968ff7f690d00680419c9b8cb0f (patch) | |
tree | 47c1d492e9c956c1cd2b74dbd3b9d8b0db44dc4e /t/lib-httpd | |
parent | Initial commit. (diff) | |
download | git-4dbdc42d9e7c3968ff7f690d00680419c9b8cb0f.tar.xz git-4dbdc42d9e7c3968ff7f690d00680419c9b8cb0f.zip |
Adding upstream version 1:2.43.0.upstream/1%2.43.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/lib-httpd')
-rw-r--r-- | t/lib-httpd/apache.conf | 292 | ||||
-rw-r--r-- | t/lib-httpd/apply-one-time-perl.sh | 27 | ||||
-rw-r--r-- | t/lib-httpd/broken-smart-http.sh | 10 | ||||
-rw-r--r-- | t/lib-httpd/error-no-report.sh | 6 | ||||
-rw-r--r-- | t/lib-httpd/error-smart-http.sh | 3 | ||||
-rwxr-xr-x | t/lib-httpd/error.sh | 31 | ||||
-rw-r--r-- | t/lib-httpd/incomplete-body-upload-pack-v2-http.sh | 3 | ||||
-rw-r--r-- | t/lib-httpd/incomplete-length-upload-pack-v2-http.sh | 3 | ||||
-rw-r--r-- | t/lib-httpd/nph-custom-auth.sh | 39 | ||||
-rw-r--r-- | t/lib-httpd/passwd | 1 | ||||
-rw-r--r-- | t/lib-httpd/proxy-passwd | 1 | ||||
-rw-r--r-- | t/lib-httpd/ssl.cnf | 8 |
12 files changed, 424 insertions, 0 deletions
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf new file mode 100644 index 0000000..022276a --- /dev/null +++ b/t/lib-httpd/apache.conf @@ -0,0 +1,292 @@ +ServerName dummy +PidFile httpd.pid +DocumentRoot www +LogFormat "%h %l %u %t \"%r\" %>s %b" common +CustomLog access.log common +ErrorLog error.log +<IfModule !mod_log_config.c> + LoadModule log_config_module modules/mod_log_config.so +</IfModule> +<IfModule !mod_alias.c> + LoadModule alias_module modules/mod_alias.so +</IfModule> +<IfModule !mod_cgi.c> + LoadModule cgi_module modules/mod_cgi.so +</IfModule> +<IfModule !mod_env.c> + LoadModule env_module modules/mod_env.so +</IfModule> +<IfModule !mod_rewrite.c> + LoadModule rewrite_module modules/mod_rewrite.so +</IFModule> +<IfModule !mod_version.c> + LoadModule version_module modules/mod_version.so +</IfModule> +<IfModule !mod_headers.c> + LoadModule headers_module modules/mod_headers.so +</IfModule> +<IfModule !mod_setenvif.c> + LoadModule setenvif_module modules/mod_setenvif.so +</IfModule> + +<IfDefine HTTP2> +LoadModule http2_module modules/mod_http2.so +Protocols h2 h2c +</IfDefine> + +<IfModule !mod_auth_basic.c> + LoadModule auth_basic_module modules/mod_auth_basic.so +</IfModule> +<IfModule !mod_authn_file.c> + LoadModule authn_file_module modules/mod_authn_file.so +</IfModule> +<IfModule !mod_authz_user.c> + LoadModule authz_user_module modules/mod_authz_user.so +</IfModule> +<IfModule !mod_authz_host.c> + LoadModule authz_host_module modules/mod_authz_host.so +</IfModule> + +<IfDefine PROXY> +<IfModule !mod_proxy.c> + LoadModule proxy_module modules/mod_proxy.so +</IfModule> +<IfModule !mod_proxy_http.c> + LoadModule proxy_http_module modules/mod_proxy_http.so +</IfModule> +ProxyRequests On +<Proxy "*"> + AuthType Basic + AuthName "proxy-auth" + AuthUserFile proxy-passwd + Require valid-user +</Proxy> +</IfDefine> + +<IfModule !mod_authn_core.c> + LoadModule authn_core_module modules/mod_authn_core.so +</IfModule> +<IfModule !mod_authz_core.c> + LoadModule authz_core_module modules/mod_authz_core.so +</IfModule> +<IfModule !mod_access_compat.c> + LoadModule access_compat_module modules/mod_access_compat.so +</IfModule> +<IfModule !mod_unixd.c> + LoadModule unixd_module modules/mod_unixd.so +</IfModule> + +<IfDefine HTTP2> +<IfModule !mod_mpm_event.c> + LoadModule mpm_event_module modules/mod_mpm_event.so +</IfModule> +</IfDefine> +<IfDefine !HTTP2> +<IfModule !mod_mpm_prefork.c> + LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +</IfModule> +</IfDefine> + +PassEnv GIT_VALGRIND +PassEnv GIT_VALGRIND_OPTIONS +PassEnv GNUPGHOME +PassEnv ASAN_OPTIONS +PassEnv LSAN_OPTIONS +PassEnv UBSAN_OPTIONS +PassEnv GIT_TRACE +PassEnv GIT_CONFIG_NOSYSTEM +PassEnv GIT_TEST_SIDEBAND_ALL +PassEnv LANG +PassEnv LC_ALL + +Alias /dumb/ www/ +Alias /auth/dumb/ www/auth/dumb/ + +SetEnv PERL_PATH ${PERL_PATH} + +<LocationMatch /smart/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL +</LocationMatch> +<LocationMatch /smart_noexport/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} +</LocationMatch> +<LocationMatch /smart_custom_env/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + SetEnv GIT_COMMITTER_NAME "Custom User" + SetEnv GIT_COMMITTER_EMAIL custom@example.com +</LocationMatch> +<LocationMatch /smart_namespace/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + SetEnv GIT_NAMESPACE ns +</LocationMatch> +<LocationMatch /smart_cookies/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + Header set Set-Cookie name=value +</LocationMatch> +<LocationMatch /smart_headers/> + <RequireAll> + Require expr %{HTTP:x-magic-one} == 'abra' + Require expr %{HTTP:x-magic-two} == 'cadabra' + </RequireAll> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL +</LocationMatch> +<LocationMatch /one_time_perl/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL +</LocationMatch> +<LocationMatch /smart_v0/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + SetEnv GIT_PROTOCOL +</LocationMatch> +<LocationMatch /custom_auth/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + <IfDefine USE_CGIPASSAUTH> + CGIPassAuth on + </IfDefine> +</LocationMatch> +ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/ +ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/ +ScriptAlias /smart/no_report/git-receive-pack error-no-report.sh/ +ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/ +ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1 +ScriptAlias /broken_smart/ broken-smart-http.sh/ +ScriptAlias /error_smart/ error-smart-http.sh/ +ScriptAlias /error/ error.sh/ +ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1 +ScriptAliasMatch /custom_auth/(.*) nph-custom-auth.sh/$1 +<Directory ${GIT_EXEC_PATH}> + Options FollowSymlinks +</Directory> +<Files incomplete-length-upload-pack-v2-http.sh> + Options ExecCGI +</Files> +<Files incomplete-body-upload-pack-v2-http.sh> + Options ExecCGI +</Files> +<Files error-no-report.sh> + Options ExecCGI +</Files> +<Files broken-smart-http.sh> + Options ExecCGI +</Files> +<Files error-smart-http.sh> + Options ExecCGI +</Files> +<Files error.sh> + Options ExecCGI +</Files> +<Files apply-one-time-perl.sh> + Options ExecCGI +</Files> +<Files ${GIT_EXEC_PATH}/git-http-backend> + Options ExecCGI +</Files> + +RewriteEngine on +RewriteRule ^/dumb-redir/(.*)$ /dumb/$1 [R=301] +RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301] +RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302] +RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301] +RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] +RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] + +RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302] +RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302] + +# redir-to/502/x?y -> really-redir-to?path=502/x&qs=y which returns 502 +# redir-to/x?y -> really-redir-to?path=x&qs=y -> x?y +RewriteCond %{QUERY_STRING} ^(.*)$ +RewriteRule ^/redir-to/(.*)$ /really-redir-to?path=$1&qs=%1 [R=302] +RewriteCond %{QUERY_STRING} ^path=502/(.*)&qs=(.*)$ +RewriteRule ^/really-redir-to$ - [R=502,L] +RewriteCond %{QUERY_STRING} ^path=(.*)&qs=(.*)$ +RewriteRule ^/really-redir-to$ /%1?%2 [R=302] + +# The first rule issues a client-side redirect to something +# that _doesn't_ look like a git repo. The second rule is a +# server-side rewrite, so that it turns out the odd-looking +# thing _is_ a git repo. The "[PT]" tells Apache to match +# the usual ScriptAlias rules for /smart. +RewriteRule ^/insane-redir/(.*)$ /intern-redir/$1/foo [R=301] +RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT] + +# Serve info/refs internally without redirecting, but +# issue a redirect for any object requests. +RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT] +RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301] + +<IfDefine SSL> +LoadModule ssl_module modules/mod_ssl.so + +SSLCertificateFile httpd.pem +SSLCertificateKeyFile httpd.pem +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect file:/dev/urandom 512 +SSLSessionCache none +SSLEngine On +</IfDefine> + +<Location /auth/> + AuthType Basic + AuthName "git-auth" + AuthUserFile passwd + Require valid-user +</Location> + +<LocationMatch "^/auth-push/.*/git-receive-pack$"> + AuthType Basic + AuthName "git-auth" + AuthUserFile passwd + Require valid-user +</LocationMatch> + +<LocationMatch "^/auth-fetch/.*/git-upload-pack$"> + AuthType Basic + AuthName "git-auth" + AuthUserFile passwd + Require valid-user +</LocationMatch> + +RewriteCond %{QUERY_STRING} service=git-receive-pack [OR] +RewriteCond %{REQUEST_URI} /git-receive-pack$ +RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes] + +<Location /half-auth-complete/> + Order Deny,Allow + Deny from env=AUTHREQUIRED + + AuthType Basic + AuthName "Git Access" + AuthUserFile passwd + Require valid-user + Satisfy Any +</Location> + +<IfDefine DAV> + LoadModule dav_module modules/mod_dav.so + LoadModule dav_fs_module modules/mod_dav_fs.so + + DAVLockDB DAVLock + <Location /dumb/> + Dav on + </Location> + <Location /auth/dumb> + Dav on + </Location> +</IfDefine> + +<IfDefine SVN> + LoadModule dav_svn_module modules/mod_dav_svn.so + + <Location /${LIB_HTTPD_SVN}> + DAV svn + SVNPath "${LIB_HTTPD_SVNPATH}" + </Location> +</IfDefine> diff --git a/t/lib-httpd/apply-one-time-perl.sh b/t/lib-httpd/apply-one-time-perl.sh new file mode 100644 index 0000000..d7f9fed --- /dev/null +++ b/t/lib-httpd/apply-one-time-perl.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# If "one-time-perl" exists in $HTTPD_ROOT_PATH, run perl on the HTTP response, +# using the contents of "one-time-perl" as the perl command to be run. If the +# response was modified as a result, delete "one-time-perl" so that subsequent +# HTTP responses are no longer modified. +# +# This can be used to simulate the effects of the repository changing in +# between HTTP request-response pairs. +if test -f one-time-perl +then + LC_ALL=C + export LC_ALL + + "$GIT_EXEC_PATH/git-http-backend" >out + "$PERL_PATH" -pe "$(cat one-time-perl)" out >out_modified + + if cmp -s out out_modified + then + cat out + else + cat out_modified + rm one-time-perl + fi +else + "$GIT_EXEC_PATH/git-http-backend" +fi diff --git a/t/lib-httpd/broken-smart-http.sh b/t/lib-httpd/broken-smart-http.sh new file mode 100644 index 0000000..82cc610 --- /dev/null +++ b/t/lib-httpd/broken-smart-http.sh @@ -0,0 +1,10 @@ +printf "Content-Type: text/%s\n" "html" +echo +printf "%s\n" "001e# service=git-upload-pack" +printf "%s" "0000" +printf "%s%c%s%s\n" \ + "00a58681d9f286a48b08f37b3a095330da16689e3693 HEAD" \ + 0 \ + " include-tag multi_ack_detailed multi_ack ofs-delta" \ + " side-band side-band-64k thin-pack no-progress shallow no-done " +printf "%s" "0000" diff --git a/t/lib-httpd/error-no-report.sh b/t/lib-httpd/error-no-report.sh new file mode 100644 index 0000000..39ff75b --- /dev/null +++ b/t/lib-httpd/error-no-report.sh @@ -0,0 +1,6 @@ +echo "Content-Type: application/x-git-receive-pack-result" +echo +printf '0013\001000eunpack ok\n' +printf '0015\002skipping report\n' +printf '0009\0010000' +printf '0000' diff --git a/t/lib-httpd/error-smart-http.sh b/t/lib-httpd/error-smart-http.sh new file mode 100644 index 0000000..e65d447 --- /dev/null +++ b/t/lib-httpd/error-smart-http.sh @@ -0,0 +1,3 @@ +echo "Content-Type: application/x-git-upload-pack-advertisement" +echo +printf "%s" "0019ERR server-side error" diff --git a/t/lib-httpd/error.sh b/t/lib-httpd/error.sh new file mode 100755 index 0000000..a77b8e5 --- /dev/null +++ b/t/lib-httpd/error.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +printf "Status: 500 Intentional Breakage\n" + +printf "Content-Type: " +charset=iso-8859-1 +case "$PATH_INFO" in +*html*) + printf "text/html" + ;; +*text*) + printf "text/plain" + ;; +*charset*) + printf "text/plain; charset=utf-8" + charset=utf-8 + ;; +*utf16*) + printf "text/plain; charset=utf-16" + charset=utf-16 + ;; +*odd-spacing*) + printf "text/plain; foo=bar ;charset=utf-16; other=nonsense" + charset=utf-16 + ;; +esac +printf "\n" + +printf "\n" +printf "this is the error message\n" | +iconv -f us-ascii -t $charset diff --git a/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh b/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh new file mode 100644 index 0000000..90e73ef --- /dev/null +++ b/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh @@ -0,0 +1,3 @@ +printf "Content-Type: text/%s\n" "application/x-git-upload-pack-result" +echo +printf "%s%s" "0079" "45" diff --git a/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh b/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh new file mode 100644 index 0000000..dce552e --- /dev/null +++ b/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh @@ -0,0 +1,3 @@ +printf "Content-Type: text/%s\n" "application/x-git-upload-pack-result" +echo +printf "%s" "00" diff --git a/t/lib-httpd/nph-custom-auth.sh b/t/lib-httpd/nph-custom-auth.sh new file mode 100644 index 0000000..f5345e7 --- /dev/null +++ b/t/lib-httpd/nph-custom-auth.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +VALID_CREDS_FILE=custom-auth.valid +CHALLENGE_FILE=custom-auth.challenge + +# +# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid +# credential for the current request. Each line in the file is considered a +# valid HTTP Authorization header value. For example: +# +# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== +# +# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers +# in a 401 response if no valid authentication credentials were included in the +# request. For example: +# +# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0 +# WWW-Authenticate: Basic realm="example.com" +# + +if test -n "$HTTP_AUTHORIZATION" && \ + grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" +then + # Note that although git-http-backend returns a status line, it + # does so using a CGI 'Status' header. Because this script is an + # No Parsed Headers (NPH) script, we must return a real HTTP + # status line. + # This is only a test script, so we don't bother to check for + # the actual status from git-http-backend and always return 200. + echo 'HTTP/1.1 200 OK' + exec "$GIT_EXEC_PATH"/git-http-backend +fi + +echo 'HTTP/1.1 401 Authorization Required' +if test -f "$CHALLENGE_FILE" +then + cat "$CHALLENGE_FILE" +fi +echo diff --git a/t/lib-httpd/passwd b/t/lib-httpd/passwd new file mode 100644 index 0000000..99a34d6 --- /dev/null +++ b/t/lib-httpd/passwd @@ -0,0 +1 @@ +user@host:xb4E8pqD81KQs diff --git a/t/lib-httpd/proxy-passwd b/t/lib-httpd/proxy-passwd new file mode 100644 index 0000000..77c2513 --- /dev/null +++ b/t/lib-httpd/proxy-passwd @@ -0,0 +1 @@ +proxuser:2x7tAukjAED5M diff --git a/t/lib-httpd/ssl.cnf b/t/lib-httpd/ssl.cnf new file mode 100644 index 0000000..812e825 --- /dev/null +++ b/t/lib-httpd/ssl.cnf @@ -0,0 +1,8 @@ +RANDFILE = $ENV::RANDFILE_PATH + +[ req ] +default_bits = 2048 +distinguished_name = req_distinguished_name +prompt = no +[ req_distinguished_name ] +commonName = 127.0.0.1 |