diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2016-12-17 23:17:00 +0200 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-01-11 14:43:08 -0500 |
| commit | a64a32f520884039be0a2240bfa2b5f4040c9c99 (patch) | |
| tree | 530cd2646932424e87e8127e0a81c5b99cac6d48 /tests | |
| parent | 63706efbbc75ae6fd928813cdd45242025c0fe61 (diff) | |
| download | mod_auth_gssapi-a64a32f520884039be0a2240bfa2b5f4040c9c99.tar.gz mod_auth_gssapi-a64a32f520884039be0a2240bfa2b5f4040c9c99.tar.xz mod_auth_gssapi-a64a32f520884039be0a2240bfa2b5f4040c9c99.zip | |
rewrite: implicitly handle internal redirects
Internal redirects are a special case of subrequest - they
have no req->main but req->prev instead, so we should check
for that too in case the request is not initial.
Also, make sure to export MAG environment variables to
subrequests and internal redirects.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reported-by: scopev24
Closes #119
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/httpd.conf | 17 | ||||
| -rwxr-xr-x | tests/magtests.py | 21 | ||||
| -rwxr-xr-x | tests/t_spnego_rewrite.py | 18 |
3 files changed, 56 insertions, 0 deletions
diff --git a/tests/httpd.conf b/tests/httpd.conf index 66054c1..60d23c8 100644 --- a/tests/httpd.conf +++ b/tests/httpd.conf @@ -148,6 +148,23 @@ CoreDumpDirectory /tmp Require valid-user </Location> +<Location /spnego_rewrite> + Options +Includes + AddOutputFilter INCLUDES .html + + AuthType GSSAPI + AuthName "Login" + GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache + GssapiCredStore keytab:${HTTPROOT}/http.keytab + GssapiAllowedMech krb5 + Require valid-user + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule . /spnego_rewrite/index.html [L] +</Location> + <Location /spnego_negotiate_once> AuthType GSSAPI AuthName "Login Negotiate Once" diff --git a/tests/magtests.py b/tests/magtests.py index 3a29365..b60e648 100755 --- a/tests/magtests.py +++ b/tests/magtests.py @@ -306,6 +306,24 @@ def test_spnego_auth(testdir, testenv, testlog): sys.stderr.write('SPNEGO No Auth: SUCCESS\n') +def test_spnego_rewrite(testdir, testenv, testlog): + + spnego_rewrite_dir = os.path.join(testdir, 'httpd', 'html', + 'spnego_rewrite') + os.mkdir(spnego_rewrite_dir) + shutil.copy('tests/index.html', spnego_rewrite_dir) + + with (open(testlog, 'a')) as logfile: + spnego = subprocess.Popen(["tests/t_spnego_rewrite.py"], + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) + spnego.wait() + if spnego.returncode != 0: + sys.stderr.write('SPNEGO Rewrite: FAILED\n') + else: + sys.stderr.write('SPNEGO Rewrite: SUCCESS\n') + + def test_spnego_negotiate_once(testdir, testenv, testlog): spnego_negotiate_once_dir = os.path.join(testdir, 'httpd', 'html', @@ -400,6 +418,9 @@ if __name__ == '__main__': USR_NAME + '@' + TESTREALM) test_spnego_auth(testdir, testenv, testlog) + testenv['MAG_GSS_NAME'] = USR_NAME + '@' + TESTREALM + test_spnego_rewrite(testdir, testenv, testlog) + test_spnego_negotiate_once(testdir, testenv, testlog) testenv = {'MAG_USER_NAME': USR_NAME, diff --git a/tests/t_spnego_rewrite.py b/tests/t_spnego_rewrite.py new file mode 100755 index 0000000..0014bf5 --- /dev/null +++ b/tests/t_spnego_rewrite.py @@ -0,0 +1,18 @@ +#!/usr/bin/python +# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license. + +import os +import requests +from requests_kerberos import HTTPKerberosAuth, OPTIONAL + + +if __name__ == '__main__': + sess = requests.Session() + url = 'http://%s/spnego_rewrite/xxx' % os.environ['NSS_WRAPPER_HOSTNAME'] + r = sess.get(url, auth=HTTPKerberosAuth()) + + if r.status_code != 200: + raise ValueError('Spnego Rewrite failed') + + if r.text.rstrip() != os.environ['MAG_GSS_NAME']: + raise ValueError('Spnego Rewrite, GSS_NAME check failed') |