You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
165 lines
4.7 KiB
165 lines
4.7 KiB
6 years ago
|
From 082e7194605e99f0e50f8909fcaf10adee747cc8 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Tomas Hozza <thozza@redhat.com>
|
||
|
|
Date: Fri, 5 May 2017 13:46:11 +0200
|
||
|
|
Subject: [PATCH] Fix client/server synchronization in
|
||
|
|
Test-proxied-https-auth.px test
|
||
|
|
|
||
|
|
Combination of upstream commits vithout adding support for Valgrind:
|
||
|
|
3eff3ad69a46364475e1f4abdf9412cfa87e3d6c
|
||
|
|
2303793a626158627bdb2ac255e0f58697682b24
|
||
|
|
|
||
|
|
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
||
|
|
---
|
||
|
|
tests/Test-proxied-https-auth.px | 82 +++++++++++++++++++++++-----------------
|
||
|
|
1 file changed, 48 insertions(+), 34 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
|
||
|
|
index 1de5357..e1a6c44 100755
|
||
|
|
--- a/tests/Test-proxied-https-auth.px
|
||
|
|
+++ b/tests/Test-proxied-https-auth.px
|
||
|
|
@@ -1,4 +1,6 @@
|
||
|
|
#!/usr/bin/env perl
|
||
|
|
+# Simulate a tunneling proxy to a HTTPS URL that needs authentication.
|
||
|
|
+# Use two connections (Connection: close)
|
||
|
|
|
||
|
|
use strict;
|
||
|
|
use warnings;
|
||
|
|
@@ -39,31 +41,33 @@ sub get_request {
|
||
|
|
}
|
||
|
|
|
||
|
|
sub do_server {
|
||
|
|
- my $alrm = alarm 10;
|
||
|
|
-
|
||
|
|
+ my ($synch_callback) = @_;
|
||
|
|
my $s = $SOCKET;
|
||
|
|
my $conn;
|
||
|
|
my $rqst;
|
||
|
|
my $rspn;
|
||
|
|
+
|
||
|
|
+ my %options = (
|
||
|
|
+ SSL_server => 1,
|
||
|
|
+ SSL_passwd_cb => sub { return "Hello"; });
|
||
|
|
+ $options{SSL_cert_file} = $cert_path if ($cert_path);
|
||
|
|
+ $options{SSL_key_file} = $key_path if ($key_path);
|
||
|
|
+ my @options = %options;
|
||
|
|
+
|
||
|
|
+ # sync with the parent
|
||
|
|
+ $synch_callback->();
|
||
|
|
+
|
||
|
|
+ # Simulate a HTTPS proxy server with tunneling.
|
||
|
|
+
|
||
|
|
for my $expect_inner_auth (0, 1) {
|
||
|
|
$conn = $s->accept;
|
||
|
|
$rqst = $conn->get_request;
|
||
|
|
-
|
||
|
|
- # TODO: expect no auth the first time, request it, expect it the second
|
||
|
|
- # time.
|
||
|
|
-
|
||
|
|
die "Method not CONNECT\n" if ($rqst->method ne 'CONNECT');
|
||
|
|
$rspn = HTTP::Response->new(200, 'OK');
|
||
|
|
$conn->send_response($rspn);
|
||
|
|
|
||
|
|
- my %options = (
|
||
|
|
- SSL_server => 1,
|
||
|
|
- SSL_passwd_cb => sub { return "Hello"; });
|
||
|
|
-
|
||
|
|
- $options{SSL_cert_file} = $cert_path if ($cert_path);
|
||
|
|
- $options{SSL_key_file} = $key_path if ($key_path);
|
||
|
|
-
|
||
|
|
- my @options = %options;
|
||
|
|
+ # Now switch from plain to SSL (for simulating a transparent tunnel
|
||
|
|
+ # to an HTTPS server).
|
||
|
|
|
||
|
|
$conn = IO::Socket::SSL->new_from_fd($conn->fileno, @options)
|
||
|
|
or die "Couldn't initiate SSL";
|
||
|
|
@@ -74,14 +78,10 @@ sub do_server {
|
||
|
|
unless ($expect_inner_auth) {
|
||
|
|
die "Early proxied auth\n" if $rqst->header('Authorization');
|
||
|
|
|
||
|
|
- # TODO: handle non-persistent connection here.
|
||
|
|
$rspn = HTTP::Response->new(401, 'Unauthorized', [
|
||
|
|
'WWW-Authenticate' => 'Basic realm="gondor"',
|
||
|
|
Connection => 'close'
|
||
|
|
]);
|
||
|
|
- $rspn->protocol('HTTP/1.0');
|
||
|
|
- print $rspn->as_string;
|
||
|
|
- print $conn $rspn->as_string;
|
||
|
|
} else {
|
||
|
|
die "No proxied auth\n" unless $rqst->header('Authorization');
|
||
|
|
|
||
|
|
@@ -89,41 +89,55 @@ sub do_server {
|
||
|
|
'Content-Type' => 'text/plain',
|
||
|
|
'Connection' => 'close',
|
||
|
|
], "foobarbaz\n");
|
||
|
|
- $rspn->protocol('HTTP/1.0');
|
||
|
|
- print "=====\n";
|
||
|
|
- print $rspn->as_string;
|
||
|
|
- print "\n=====\n";
|
||
|
|
- print $conn $rspn->as_string;
|
||
|
|
}
|
||
|
|
+
|
||
|
|
+ $rspn->protocol('HTTP/1.0');
|
||
|
|
+ print STDERR "=====\n";
|
||
|
|
+ print STDERR $rspn->as_string;
|
||
|
|
+ print STDERR "\n=====\n";
|
||
|
|
+ print $conn $rspn->as_string;
|
||
|
|
+
|
||
|
|
$conn->close;
|
||
|
|
}
|
||
|
|
+
|
||
|
|
undef $conn;
|
||
|
|
undef $s;
|
||
|
|
- alarm $alrm;
|
||
|
|
}
|
||
|
|
|
||
|
|
sub fork_server {
|
||
|
|
- my $pid = fork;
|
||
|
|
- die "Couldn't fork" if ($pid < 0);
|
||
|
|
- return $pid if $pid;
|
||
|
|
+ pipe(FROM_CHILD, TO_PARENT) or die "Cannot create pipe!";
|
||
|
|
+ select((select(TO_PARENT), $| = 1)[0]);
|
||
|
|
+
|
||
|
|
+ my $pid = fork();
|
||
|
|
+ if ($pid < 0) {
|
||
|
|
+ die "Cannot fork";
|
||
|
|
+ } elsif ($pid == 0) {
|
||
|
|
+ # child
|
||
|
|
+ close FROM_CHILD;
|
||
|
|
+ do_server(sub { print TO_PARENT "SYNC\n"; close TO_PARENT });
|
||
|
|
+ exit 0;
|
||
|
|
+ } else {
|
||
|
|
+ # parent
|
||
|
|
+ close TO_PARENT;
|
||
|
|
+ chomp(my $line = <FROM_CHILD>);
|
||
|
|
+ close FROM_CHILD;
|
||
|
|
+ }
|
||
|
|
|
||
|
|
- &do_server;
|
||
|
|
- exit;
|
||
|
|
+ return $pid;
|
||
|
|
}
|
||
|
|
|
||
|
|
-system ('rm -f needs-auth.txt');
|
||
|
|
+unlink "needs-auth.txt";
|
||
|
|
my $pid = &fork_server;
|
||
|
|
|
||
|
|
-sleep 1;
|
||
|
|
my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
|
||
|
|
. " --password=Dodgson -e https_proxy=localhost:{{port}}"
|
||
|
|
. " --no-check-certificate"
|
||
|
|
. " https://no.such.domain/needs-auth.txt";
|
||
|
|
$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
|
||
|
|
|
||
|
|
-my $code = system($cmdline);
|
||
|
|
-system ('rm -f needs-auth.txt');
|
||
|
|
+my $code = system($cmdline . " 2>&1") >> 8;
|
||
|
|
+unlink "needs-auth.txt";
|
||
|
|
|
||
|
|
warn "Got code: $code\n" if $code;
|
||
|
|
kill ('TERM', $pid);
|
||
|
|
-exit ($code >> 8);
|
||
|
|
+exit ($code != 0);
|
||
|
|
--
|
||
|
|
2.7.4
|
||
|
|
|