diff options
| author | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-23 11:20:11 +0100 |
|---|---|---|
| committer | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-30 12:03:38 +0100 |
| commit | cda71908dbb680b3f34fe7290d3351873416a8ae (patch) | |
| tree | 8e10633f67a22b96f19a4956036a46a25e373c59 | |
| parent | 2685a61a6a7b4a6886d715b8cd9f543d750e6183 (diff) | |
| download | mod_intercept_form_submit-cda71908dbb680b3f34fe7290d3351873416a8ae.tar.gz mod_intercept_form_submit-cda71908dbb680b3f34fe7290d3351873416a8ae.tar.xz mod_intercept_form_submit-cda71908dbb680b3f34fe7290d3351873416a8ae.zip | |
Add basic testing of the mod_intercept_form_submit modules.
The chmod g+r /etc/shadow approach is obviously only for testing.
| -rw-r--r-- | .cirrus.yml | 10 | ||||
| -rw-r--r-- | .github/workflows/build-test.yaml | 31 | ||||
| -rw-r--r-- | tests/Dockerfile | 9 | ||||
| -rwxr-xr-x | tests/auth.cgi | 10 | ||||
| -rw-r--r-- | tests/auth.conf | 17 | ||||
| -rwxr-xr-x | tests/build.sh | 24 | ||||
| -rwxr-xr-x | tests/config.sh | 14 | ||||
| -rw-r--r-- | tests/pam-webl | 2 | ||||
| -rwxr-xr-x | tests/run.sh | 23 |
9 files changed, 140 insertions, 0 deletions
diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 0000000..84f3dfc --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,10 @@ +test_task: + arm_container: + matrix: + image: registry.fedoraproject.org/fedora:latest + image: quay.io/centos/centos:stream8 + image: centos:centos7 + build_script: tests/build.sh + config_script: tests/config.sh + run_httpd_background_script: /usr/sbin/httpd -DFOREGROUND + test_script: tests/run.sh diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml new file mode 100644 index 0000000..119c614 --- /dev/null +++ b/.github/workflows/build-test.yaml @@ -0,0 +1,31 @@ +name: Build and test mod_intercept_form_submit + +on: + push: + pull_request: + workflow_dispatch: + schedule: + - cron: '48 4 3,17 * *' + +jobs: + build: + name: Run tests in container + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + os: + - 'registry.fedoraproject.org/fedora:rawhide' + - 'registry.fedoraproject.org/fedora:latest' + - 'quay.io/centos/centos:stream8' + - 'registry.centos.org/centos:7' + steps: + - uses: actions/checkout@v2 + - name: Set the right OS in the Dockerfile + run: sed -i "s#^FROM.*#FROM ${{ matrix.os }}#" tests/Dockerfile + - name: Build image + run: docker build -t mod_intercept_form_submit -f tests/Dockerfile . + - name: Run container + run: docker run --name mod_intercept_form_submit --rm -d mod_intercept_form_submit + - name: Run tests in the container + run: docker exec mod_intercept_form_submit tests/run.sh diff --git a/tests/Dockerfile b/tests/Dockerfile new file mode 100644 index 0000000..8ec9389 --- /dev/null +++ b/tests/Dockerfile @@ -0,0 +1,9 @@ +FROM registry.fedoraproject.org/fedora +COPY Makefile *intercept_form_submit* LICENSE README /src/ +WORKDIR /src +COPY tests/build.sh /src/tests/ +COPY docs/* /src/docs/ +RUN tests/build.sh +COPY tests/* /src/tests/ +RUN tests/config.sh +ENTRYPOINT [ "/usr/sbin/httpd", "-DFOREGROUND" ] diff --git a/tests/auth.cgi b/tests/auth.cgi new file mode 100755 index 0000000..6a17487 --- /dev/null +++ b/tests/auth.cgi @@ -0,0 +1,10 @@ +#!/bin/bash + +echo "Content-Type: text/plain" +echo "Pragma: no-cache" +echo +echo "REMOTE_USER=[$REMOTE_USER]" +echo --- +cat +echo +echo --- diff --git a/tests/auth.conf b/tests/auth.conf new file mode 100644 index 0000000..914d4a5 --- /dev/null +++ b/tests/auth.conf @@ -0,0 +1,17 @@ +LoadModule intercept_form_submit_module modules/mod_intercept_form_submit.so +LoadModule authnz_pam_module modules/mod_authnz_pam.so + +ScriptAlias /auth1 /var/www/cgi-bin/auth.cgi +<LocationMatch ^/auth1> + InterceptFormPAMService webl + InterceptFormLogin login + InterceptFormPassword password +</LocationMatch> + +ScriptAlias /auth1r /var/www/cgi-bin/auth.cgi +<LocationMatch ^/auth1r> + InterceptFormPAMService webl + InterceptFormLogin login + InterceptFormPassword password + InterceptFormPasswordRedact on +</LocationMatch> diff --git a/tests/build.sh b/tests/build.sh new file mode 100755 index 0000000..76e97c3 --- /dev/null +++ b/tests/build.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e +set -x + +DNF=yum +BUILDDEP_PROVIDER=yum-utils +BUILDDEP=yum-builddep +if type dnf 2> /dev/null ; then + DNF=dnf + BUILDDEP_PROVIDER='dnf-command(builddep)' + BUILDDEP='dnf builddep' +fi + +$DNF install -y rpm-build "$BUILDDEP_PROVIDER" +$BUILDDEP -y mod_intercept_form_submit.spec +NAME_VERSION=$( rpm -q --qf '%{name}-%{version}\n' --specfile mod_intercept_form_submit.spec | head -1 ) +mkdir .$NAME_VERSION +cp -rp * .$NAME_VERSION +mv .$NAME_VERSION $NAME_VERSION +mkdir -p ~/rpmbuild/SOURCES +tar cvzf ~/rpmbuild/SOURCES/$NAME_VERSION.tar.gz $NAME_VERSION +rpmbuild -bb --define "dist $( rpm --eval '%{dist}' ).localbuild" mod_intercept_form_submit.spec +$DNF install -y ~/rpmbuild/RPMS/*/$NAME_VERSION-*.localbuild.*.rpm diff --git a/tests/config.sh b/tests/config.sh new file mode 100755 index 0000000..3f949b6 --- /dev/null +++ b/tests/config.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e +set -x + +sed -i 's/^MaxClients.*/MaxClients 1/' /etc/httpd/conf/httpd.conf +cp -p tests/auth.cgi /var/www/cgi-bin/auth.cgi +cp tests/pam-webl /etc/pam.d/webl +chmod a+x /var/log/httpd +cp tests/auth.conf /etc/httpd/conf.d/ +useradd user1 +echo user1:heslo1 | chpasswd +chgrp apache /etc/shadow +chmod g+r /etc/shadow diff --git a/tests/pam-webl b/tests/pam-webl new file mode 100644 index 0000000..7ae90c8 --- /dev/null +++ b/tests/pam-webl @@ -0,0 +1,2 @@ +auth sufficient pam_unix.so +account required pam_unix.so diff --git a/tests/run.sh b/tests/run.sh new file mode 100755 index 0000000..ef7d240 --- /dev/null +++ b/tests/run.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e +set -x + +echo "Wait for the HTTP server to start ..." +for i in $( seq 1 10 ) ; do + if curl -s -o /dev/null http://localhost/ ; then + break + fi + sleep 3 +done + +curl -s http://localhost/auth1 | tee /dev/stderr | grep -F 'REMOTE_USER=[]' +curl -u userx:heslox -s http://localhost/auth1 | tee /dev/stderr | grep -F 'REMOTE_USER=[]' +curl --data '' -si http://localhost/auth1 | tee /dev/stderr | grep -F 'REMOTE_USER=[]' +curl --data 'login=user1&password=heslox' -si http://localhost/auth1 | tee /dev/stderr | grep -F 'REMOTE_USER=[]' +curl --data 'login=user1&password=heslo1' -si http://localhost/auth1 | tee /dev/stderr | grep -F -e 'REMOTE_USER=[user1]' -e 'login=user1&password=heslo1' | wc -l | grep -q 2 +curl --data 'something=somewhere&password=heslo1&something=else&login=user1' -si http://localhost/auth1 | tee /dev/stderr | grep -F -e 'REMOTE_USER=[user1]' -e 'something=somewhere&password=heslo1&something=else&login=user1' | wc -l | grep -q 2 +curl --data 'login=user1&password=heslo1' -si http://localhost/auth1r | tee /dev/stderr | grep -F -e 'REMOTE_USER=[user1]' -e 'login=user1&password=[REDACTED]' | wc -l | grep -q 2 +curl --data 'something=somewhere&password=heslo1&something=else&login=user1' -si http://localhost/auth1r | tee /dev/stderr | grep -F -e 'REMOTE_USER=[user1]' -e 'something=somewhere&password=[REDACTED]&something=else&login=user1' | wc -l | grep -q 2 + +echo OK $0. |