From 6dc1e9c2121517d82055f84d94af7e142c3d5228 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Mon, 27 Jul 2015 05:49:44 +0300 Subject: [PATCH] Add test for Basic Proxy authentication Reviewed-by: Simo Sorce --- tests/httpd.conf | 17 +++++++++++++++++ tests/magtests.py | 16 +++++++++++++++- tests/t_basic_proxy.py | 20 ++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100755 tests/t_basic_proxy.py diff --git a/tests/httpd.conf b/tests/httpd.conf index 18ba14b..1e249ec 100644 --- a/tests/httpd.conf +++ b/tests/httpd.conf @@ -1,6 +1,7 @@ ServerRoot "${HTTPROOT}" ServerName "${HTTPNAME}" Listen ${HTTPADDR}:${HTTPPORT} +Listen ${HTTPADDR}:${PROXYPORT} LoadModule access_compat_module modules/mod_access_compat.so LoadModule actions_module modules/mod_actions.so @@ -63,6 +64,8 @@ LoadModule userdir_module modules/mod_userdir.so LoadModule version_module modules/mod_version.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule auth_gssapi_module mod_auth_gssapi.so @@ -149,3 +152,17 @@ CoreDumpDirectory /tmp Require valid-user + + ProxyRequests On + ProxyVia On + + + AuthType GSSAPI + AuthName "Proxy Login" + GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache + GssapiCredStore client_keytab:${HTTPROOT}/http.keytab + GssapiCredStore keytab:${HTTPROOT}/http.keytab + GssapiBasicAuth On + Require valid-user + + diff --git a/tests/magtests.py b/tests/magtests.py index e144e83..1861f21 100755 --- a/tests/magtests.py +++ b/tests/magtests.py @@ -23,6 +23,8 @@ def parse_args(): WRAP_HOSTNAME = "kdc.mag.dev" WRAP_IPADDR = '127.0.0.9' +WRAP_HTTP_PORT = '80' +WRAP_PROXY_PORT = '8080' def setup_wrappers(base): @@ -47,6 +49,7 @@ def setup_wrappers(base): wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so', 'SOCKET_WRAPPER_DIR': wrapdir, 'SOCKET_WRAPPER_DEFAULT_IFACE': '9', + 'WRAP_PROXY_PORT': WRAP_PROXY_PORT, 'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME, 'NSS_WRAPPER_HOSTS': hosts_file} @@ -218,7 +221,8 @@ def setup_http(testdir, wrapenv): text = t.substitute({'HTTPROOT': httpdir, 'HTTPNAME': WRAP_HOSTNAME, 'HTTPADDR': WRAP_IPADDR, - 'HTTPPORT': '80'}) + 'PROXYPORT': WRAP_PROXY_PORT, + 'HTTPPORT': WRAP_HTTP_PORT}) config = os.path.join(httpdir, 'httpd.conf') with open(config, 'w+') as f: f.write(text) @@ -296,6 +300,16 @@ def test_basic_auth_krb5(testdir, testenv, testlog): else: sys.stderr.write('BASIC-AUTH Two Users: SUCCESS\n') + with (open(testlog, 'a')) as logfile: + basick5 = subprocess.Popen(["tests/t_basic_proxy.py"], + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) + basick5.wait() + if basick5.returncode != 0: + sys.stderr.write('BASIC Proxy Auth: FAILED\n') + else: + sys.stderr.write('BASIC Proxy Auth: SUCCESS\n') + if __name__ == '__main__': diff --git a/tests/t_basic_proxy.py b/tests/t_basic_proxy.py new file mode 100755 index 0000000..4290695 --- /dev/null +++ b/tests/t_basic_proxy.py @@ -0,0 +1,20 @@ +#!/usr/bin/python +# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license. + +import os +import requests +from requests.auth import HTTPBasicAuth + + +if __name__ == '__main__': + proxy = 'http://%s:%s@%s:%s' % (os.environ['MAG_USER_NAME'], + os.environ['MAG_USER_PASSWORD'], + os.environ['NSS_WRAPPER_HOSTNAME'], + os.environ['WRAP_PROXY_PORT']) + proxies = { "http": proxy, } + url = 'http://%s/basic_auth_krb5/' % os.environ['NSS_WRAPPER_HOSTNAME'] + r = requests.get(url, proxies=proxies, + auth=HTTPBasicAuth(os.environ['MAG_USER_NAME_2'], + os.environ['MAG_USER_PASSWORD_2'])) + if r.status_code != 200: + raise ValueError('Basic Proxy Auth Failed') -- 2.1.4