You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/01/08 15:26:30 UTC
svn commit: r1056711 - /httpd/test/framework/trunk/t/modules/authz_core.t
Author: sf
Date: Sat Jan 8 14:26:30 2011
New Revision: 1056711
URL: http://svn.apache.org/viewvc?rev=1056711&view=rev
Log:
Add a few hundred additional tests to catch problems when mixing
user-based and non-user-based authorization providers
Modified:
httpd/test/framework/trunk/t/modules/authz_core.t
Modified: httpd/test/framework/trunk/t/modules/authz_core.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/authz_core.t?rev=1056711&r1=1056710&r2=1056711&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/modules/authz_core.t (original)
+++ httpd/test/framework/trunk/t/modules/authz_core.t Sat Jan 8 14:26:30 2011
@@ -8,11 +8,12 @@ use File::Spec;
# test RequireAll/RequireAny containers and AuthzMerging
-plan tests => 165,
+plan tests => 168 + 14*24,
need need_lwp,
need_module('mod_authn_core'),
need_module('mod_authz_core'),
need_module('mod_authz_host'),
+ need_module('mod_authz_groupfile'),
need_min_apache_version('2.3.6');
@@ -25,10 +26,17 @@ sub check
my @args;
foreach my $e (@_) {
- push @args, "X-Allowed$e" => 'yes';
+ if ($e =~ /user/) {
+ push @args, username => $e, password => $e;
+ }
+ else {
+ push @args, "X-Allowed$e" => 'yes';
+ }
}
my $res = GET "/authz_core/$path", @args;
- ok($res->code, $rc, "$text: $path @_");
+ my $got = $res->code;
+ print "# got $got, expected $rc [$text: $path @_]\n";
+ ok($got == $rc);
}
sub write_htaccess
@@ -39,39 +47,75 @@ sub write_htaccess
$text = "$path $merging $container @_";
+ my $need_auth;
my $content = "";
$content .= "AuthMerging $merging\n" if $merging;
if ($container) {
$content .= "<Require$container>\n";
- foreach (@_) {
- my $req = $_;
- my $not = "";
- if ($req =~ s/^\!//) {
- $not = 'not';
- }
- if ($req =~ /all/) {
- $content .= "Require $not $req\n";
- }
- else {
- $content .= "Require $not env allowed$req\n";
- }
+ }
+ foreach (@_) {
+ my $req = $_;
+ my $not = "";
+ if ($req =~ s/^\!//) {
+ $not = 'not';
}
+ if ($req =~ /all/) {
+ $content .= "Require $not $req\n";
+ }
+ elsif ($req =~ /user/) {
+ # 'group' is correct, see comment about mod_authany below
+ $content .= "Require $not group $req\n";
+ $need_auth = 1;
+ }
+ else {
+ $content .= "Require $not env allowed$req\n";
+ }
+ }
+ if ($container) {
$content .= "</Require$container>\n";
}
+ if ($need_auth) {
+ $content .= "AuthType basic\n";
+ $content .= "AuthName basic1\n";
+ $content .= "AuthUserFile basic1\n";
+ $content .= "AuthGroupFile groups1\n";
+ }
+
my $file = File::Spec->catfile(Apache::Test::vars('documentroot'),
"/authz_core/$path/.htaccess");
t_write_file($file, $content);
}
-write_htaccess("a/", undef, 0);
+# create some users (username == password)
+my $basic_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'basic1');
+t_write_file($basic_file, << 'EOF' );
+user1:NYSYdf7MU5KpU
+user2:KJ7Yxzr1VVzAI
+user3:xnpSvZ2iqti/c
+EOF
+
+# mod_authany overrides the 'user' provider, so we can't check users directly :-(
+# create some groups instead:
+my $group_file = File::Spec->catfile(Apache::Test::vars('serverroot'), 'groups1');
+t_write_file($group_file, << 'EOF' );
+user1:user1
+user2:user2
+user3:user3
+EOF
+
+write_htaccess("a/", undef, undef);
check(200, "a/");
check(200, "a/", 1);
check(200, "a/", 2);
check(200, "a/", 1, 2);
check(200, "a/", 3);
+write_htaccess("a/", undef, undef, "user1");
+check(401, "a/");
+check(200, "a/", "user1");
+check(401, "a/", "user2");
write_htaccess("a/", undef, "Any", 1, 2);
check(403, "a/");
@@ -267,3 +311,50 @@ check(200, "a/", 1, 2);
check(403, "a/b/", 2, 3);
check(200, "a/b/", 1, 2, 3);
+#
+# To test merging of a mix of user and non-user authz providers,
+# we should test all orders.
+#
+
+# helper function to get all permutations of an array
+# returns array of references
+sub permutations
+{
+ my @results = [shift];
+
+ foreach my $el (@_) {
+ my @new_results;
+ foreach my $arr (@results) {
+ my $len = scalar(@{$arr});
+ foreach my $i (0 .. $len) {
+ my @new = @{$arr};
+ splice @new, $i, 0, $el;
+ push @new_results, \@new;
+ }
+ }
+ @results = @new_results;
+ }
+ return @results;
+}
+
+
+my @perms = permutations(qw/user1 user2 1 2/);
+foreach my $p (@perms) {
+ write_htaccess("a/", undef, "All", @{$p});
+ check(403, "a/");
+ check(403, "a/", 1);
+ check(403, "a/", "user1");
+ check(401, "a/", 1, 2);
+ check(401, "a/", 1, 2, "user1");
+ check(401, "a/", 1, 2, "user3");
+ check(403, "a/", 1, "user1");
+
+ write_htaccess("a/", undef, "Any", @{$p});
+ check(401, "a/");
+ check(200, "a/", 1);
+ check(200, "a/", "user1");
+ check(401, "a/", "user3");
+ check(200, "a/", 1, 2);
+ check(200, "a/", 1, "user1");
+ check(200, "a/", 1, "user3");
+}