Add test for Basic Proxy authentication

Reviewed-by: Simo Sorce <simo@redhat.com>

diff --git a/tests/httpd.conf b/tests/httpd.conf
index 18ba14b..1e249ec 100644 (file)
--- a/tests/httpd.conf
+++ b/tests/httpd.conf
@@ -1,6 +1,7 @@
 ServerRoot "${HTTPROOT}"
 ServerName "${HTTPNAME}"
 Listen ${HTTPADDR}:${HTTPPORT}
 ServerRoot "${HTTPROOT}"
 ServerName "${HTTPNAME}"
 Listen ${HTTPADDR}:${HTTPPORT}

+Listen ${HTTPADDR}:${PROXYPORT}

 
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule actions_module modules/mod_actions.so
 
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule actions_module modules/mod_actions.so


@@ -63,6 +64,8 @@ LoadModule userdir_module modules/mod_userdir.so
 LoadModule version_module modules/mod_version.so
 LoadModule vhost_alias_module modules/mod_vhost_alias.so
 LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
 LoadModule version_module modules/mod_version.so
 LoadModule vhost_alias_module modules/mod_vhost_alias.so
 LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so

 
 LoadModule auth_gssapi_module mod_auth_gssapi.so
 
 
 LoadModule auth_gssapi_module mod_auth_gssapi.so
 


@@ -149,3 +152,17 @@ CoreDumpDirectory /tmp
   Require valid-user
 </Location>
 
   Require valid-user
 </Location>
 

+<VirtualHost *:${PROXYPORT}>
+  ProxyRequests On
+  ProxyVia On
+
+  <Proxy *>
+    AuthType GSSAPI
+    AuthName "Proxy Login"
+    GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache
+    GssapiCredStore client_keytab:${HTTPROOT}/http.keytab
+    GssapiCredStore keytab:${HTTPROOT}/http.keytab
+    GssapiBasicAuth On
+    Require valid-user
+  </Proxy>
+</VirtualHost>

diff --git a/tests/magtests.py b/tests/magtests.py
index e144e83..1861f21 100755 (executable)
--- a/tests/magtests.py
+++ b/tests/magtests.py
@@ -23,6 +23,8 @@ def parse_args():
 
 WRAP_HOSTNAME = "kdc.mag.dev"
 WRAP_IPADDR = '127.0.0.9'
 
 WRAP_HOSTNAME = "kdc.mag.dev"
 WRAP_IPADDR = '127.0.0.9'

+WRAP_HTTP_PORT = '80'
+WRAP_PROXY_PORT = '8080'

 
 def setup_wrappers(base):
 
 
 def setup_wrappers(base):
 


@@ -47,6 +49,7 @@ def setup_wrappers(base):
     wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so',
             'SOCKET_WRAPPER_DIR': wrapdir,
             'SOCKET_WRAPPER_DEFAULT_IFACE': '9',
     wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so',
             'SOCKET_WRAPPER_DIR': wrapdir,
             'SOCKET_WRAPPER_DEFAULT_IFACE': '9',

+            'WRAP_PROXY_PORT': WRAP_PROXY_PORT,

             'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME,
             'NSS_WRAPPER_HOSTS': hosts_file}
 
             'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME,
             'NSS_WRAPPER_HOSTS': hosts_file}
 


@@ -218,7 +221,8 @@ def setup_http(testdir, wrapenv):
         text = t.substitute({'HTTPROOT': httpdir,
                              'HTTPNAME': WRAP_HOSTNAME,
                              'HTTPADDR': WRAP_IPADDR,
         text = t.substitute({'HTTPROOT': httpdir,
                              'HTTPNAME': WRAP_HOSTNAME,
                              'HTTPADDR': WRAP_IPADDR,

-                             'HTTPPORT': '80'})
+                             'PROXYPORT': WRAP_PROXY_PORT,
+                             'HTTPPORT': WRAP_HTTP_PORT})

     config = os.path.join(httpdir, 'httpd.conf')
     with open(config, 'w+') as f:
         f.write(text)
     config = os.path.join(httpdir, 'httpd.conf')
     with open(config, 'w+') as f:
         f.write(text)


@@ -296,6 +300,16 @@ def test_basic_auth_krb5(testdir, testenv, testlog):
         else:
             sys.stderr.write('BASIC-AUTH Two Users: SUCCESS\n')
 
         else:
             sys.stderr.write('BASIC-AUTH Two Users: SUCCESS\n')
 

+    with (open(testlog, 'a')) as logfile:
+        basick5 = subprocess.Popen(["tests/t_basic_proxy.py"],
+                                   stdout=logfile, stderr=logfile,
+                                   env=testenv, preexec_fn=os.setsid)
+        basick5.wait()
+        if basick5.returncode != 0:
+            sys.stderr.write('BASIC Proxy Auth: FAILED\n')
+        else:
+            sys.stderr.write('BASIC Proxy Auth: SUCCESS\n')
+

 
 if __name__ == '__main__':
 
 
 if __name__ == '__main__':
 

diff --git a/tests/t_basic_proxy.py b/tests/t_basic_proxy.py
new file mode 100755 (executable)
index 0000000..4290695
--- /dev/null
+++ b/tests/t_basic_proxy.py
@@ -0,0 +1,20 @@
+#!/usr/bin/python
+# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
+
+import os
+import requests
+from requests.auth import HTTPBasicAuth
+
+
+if __name__ == '__main__':
+    proxy = 'http://%s:%s@%s:%s' % (os.environ['MAG_USER_NAME'],
+                                      os.environ['MAG_USER_PASSWORD'],
+                                      os.environ['NSS_WRAPPER_HOSTNAME'],
+                                      os.environ['WRAP_PROXY_PORT'])
+    proxies = { "http": proxy, }
+    url = 'http://%s/basic_auth_krb5/' % os.environ['NSS_WRAPPER_HOSTNAME']
+    r = requests.get(url, proxies=proxies,
+                     auth=HTTPBasicAuth(os.environ['MAG_USER_NAME_2'],
+                                        os.environ['MAG_USER_PASSWORD_2']))
+    if r.status_code != 200:
+        raise ValueError('Basic Proxy Auth Failed')