diff options
Diffstat (limited to 't/lib-httpd')
-rw-r--r-- | t/lib-httpd/apache.conf | 88 | ||||
-rw-r--r-- | t/lib-httpd/apply-one-time-perl.sh | 2 | ||||
-rw-r--r-- | t/lib-httpd/error-no-report.sh | 6 | ||||
-rw-r--r-- | t/lib-httpd/nph-custom-auth.sh | 39 | ||||
-rw-r--r-- | t/lib-httpd/passwd | 2 | ||||
-rw-r--r-- | t/lib-httpd/proxy-passwd | 1 | ||||
-rw-r--r-- | t/lib-httpd/ssl.cnf | 2 |
7 files changed, 106 insertions, 34 deletions
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index afa91e3..022276a 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -29,17 +29,11 @@ ErrorLog error.log LoadModule setenvif_module modules/mod_setenvif.so </IfModule> -<IfVersion < 2.4> -LockFile accept.lock -</IfVersion> - -<IfVersion < 2.1> -<IfModule !mod_auth.c> - LoadModule auth_module modules/mod_auth.so -</IfModule> -</IfVersion> +<IfDefine HTTP2> +LoadModule http2_module modules/mod_http2.so +Protocols h2 h2c +</IfDefine> -<IfVersion >= 2.1> <IfModule !mod_auth_basic.c> LoadModule auth_basic_module modules/mod_auth_basic.so </IfModule> @@ -52,9 +46,23 @@ LockFile accept.lock <IfModule !mod_authz_host.c> LoadModule authz_host_module modules/mod_authz_host.so </IfModule> -</IfVersion> -<IfVersion >= 2.4> +<IfDefine PROXY> +<IfModule !mod_proxy.c> + LoadModule proxy_module modules/mod_proxy.so +</IfModule> +<IfModule !mod_proxy_http.c> + LoadModule proxy_http_module modules/mod_proxy_http.so +</IfModule> +ProxyRequests On +<Proxy "*"> + AuthType Basic + AuthName "proxy-auth" + AuthUserFile proxy-passwd + Require valid-user +</Proxy> +</IfDefine> + <IfModule !mod_authn_core.c> LoadModule authn_core_module modules/mod_authn_core.so </IfModule> @@ -64,28 +72,38 @@ LockFile accept.lock <IfModule !mod_access_compat.c> LoadModule access_compat_module modules/mod_access_compat.so </IfModule> -<IfModule !mod_mpm_prefork.c> - LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -</IfModule> <IfModule !mod_unixd.c> LoadModule unixd_module modules/mod_unixd.so </IfModule> -</IfVersion> + +<IfDefine HTTP2> +<IfModule !mod_mpm_event.c> + LoadModule mpm_event_module modules/mod_mpm_event.so +</IfModule> +</IfDefine> +<IfDefine !HTTP2> +<IfModule !mod_mpm_prefork.c> + LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +</IfModule> +</IfDefine> PassEnv GIT_VALGRIND PassEnv GIT_VALGRIND_OPTIONS PassEnv GNUPGHOME PassEnv ASAN_OPTIONS PassEnv LSAN_OPTIONS +PassEnv UBSAN_OPTIONS PassEnv GIT_TRACE PassEnv GIT_CONFIG_NOSYSTEM PassEnv GIT_TEST_SIDEBAND_ALL - -SetEnvIf Git-Protocol ".*" GIT_PROTOCOL=$0 +PassEnv LANG +PassEnv LC_ALL Alias /dumb/ www/ Alias /auth/dumb/ www/auth/dumb/ +SetEnv PERL_PATH ${PERL_PATH} + <LocationMatch /smart/> SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL @@ -110,6 +128,10 @@ Alias /auth/dumb/ www/auth/dumb/ Header set Set-Cookie name=value </LocationMatch> <LocationMatch /smart_headers/> + <RequireAll> + Require expr %{HTTP:x-magic-one} == 'abra' + Require expr %{HTTP:x-magic-two} == 'cadabra' + </RequireAll> SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL </LocationMatch> @@ -117,14 +139,28 @@ Alias /auth/dumb/ www/auth/dumb/ SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL </LocationMatch> +<LocationMatch /smart_v0/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + SetEnv GIT_PROTOCOL +</LocationMatch> +<LocationMatch /custom_auth/> + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} + SetEnv GIT_HTTP_EXPORT_ALL + <IfDefine USE_CGIPASSAUTH> + CGIPassAuth on + </IfDefine> +</LocationMatch> ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/ ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/ +ScriptAlias /smart/no_report/git-receive-pack error-no-report.sh/ ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/ ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1 ScriptAlias /broken_smart/ broken-smart-http.sh/ ScriptAlias /error_smart/ error-smart-http.sh/ ScriptAlias /error/ error.sh/ ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1 +ScriptAliasMatch /custom_auth/(.*) nph-custom-auth.sh/$1 <Directory ${GIT_EXEC_PATH}> Options FollowSymlinks </Directory> @@ -134,6 +170,9 @@ ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1 <Files incomplete-body-upload-pack-v2-http.sh> Options ExecCGI </Files> +<Files error-no-report.sh> + Options ExecCGI +</Files> <Files broken-smart-http.sh> Options ExecCGI </Files> @@ -183,18 +222,6 @@ RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT] RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT] RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301] -# Apache 2.2 does not understand <RequireAll>, so we use RewriteCond. -# And as RewriteCond does not allow testing for non-matches, we match -# the desired case first (one has abra, two has cadabra), and let it -# pass by marking the RewriteRule as [L], "last rule, do not process -# any other matching RewriteRules after this"), and then have another -# RewriteRule that matches all other cases and lets them fail via '[F]', -# "fail the request". -RewriteCond %{HTTP:x-magic-one} =abra -RewriteCond %{HTTP:x-magic-two} =cadabra -RewriteRule ^/smart_headers/.* - [L] -RewriteRule ^/smart_headers/.* - [F] - <IfDefine SSL> LoadModule ssl_module modules/mod_ssl.so @@ -203,7 +230,6 @@ SSLCertificateKeyFile httpd.pem SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect file:/dev/urandom 512 SSLSessionCache none -SSLMutex file:ssl_mutex SSLEngine On </IfDefine> diff --git a/t/lib-httpd/apply-one-time-perl.sh b/t/lib-httpd/apply-one-time-perl.sh index 09a0abd..d7f9fed 100644 --- a/t/lib-httpd/apply-one-time-perl.sh +++ b/t/lib-httpd/apply-one-time-perl.sh @@ -13,7 +13,7 @@ then export LC_ALL "$GIT_EXEC_PATH/git-http-backend" >out - perl -pe "$(cat one-time-perl)" out >out_modified + "$PERL_PATH" -pe "$(cat one-time-perl)" out >out_modified if cmp -s out out_modified then diff --git a/t/lib-httpd/error-no-report.sh b/t/lib-httpd/error-no-report.sh new file mode 100644 index 0000000..39ff75b --- /dev/null +++ b/t/lib-httpd/error-no-report.sh @@ -0,0 +1,6 @@ +echo "Content-Type: application/x-git-receive-pack-result" +echo +printf '0013\001000eunpack ok\n' +printf '0015\002skipping report\n' +printf '0009\0010000' +printf '0000' diff --git a/t/lib-httpd/nph-custom-auth.sh b/t/lib-httpd/nph-custom-auth.sh new file mode 100644 index 0000000..f5345e7 --- /dev/null +++ b/t/lib-httpd/nph-custom-auth.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +VALID_CREDS_FILE=custom-auth.valid +CHALLENGE_FILE=custom-auth.challenge + +# +# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid +# credential for the current request. Each line in the file is considered a +# valid HTTP Authorization header value. For example: +# +# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== +# +# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers +# in a 401 response if no valid authentication credentials were included in the +# request. For example: +# +# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0 +# WWW-Authenticate: Basic realm="example.com" +# + +if test -n "$HTTP_AUTHORIZATION" && \ + grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" +then + # Note that although git-http-backend returns a status line, it + # does so using a CGI 'Status' header. Because this script is an + # No Parsed Headers (NPH) script, we must return a real HTTP + # status line. + # This is only a test script, so we don't bother to check for + # the actual status from git-http-backend and always return 200. + echo 'HTTP/1.1 200 OK' + exec "$GIT_EXEC_PATH"/git-http-backend +fi + +echo 'HTTP/1.1 401 Authorization Required' +if test -f "$CHALLENGE_FILE" +then + cat "$CHALLENGE_FILE" +fi +echo diff --git a/t/lib-httpd/passwd b/t/lib-httpd/passwd index 99a34d6..d9c122f 100644 --- a/t/lib-httpd/passwd +++ b/t/lib-httpd/passwd @@ -1 +1 @@ -user@host:xb4E8pqD81KQs +user@host:$apr1$LGPmCZWj$9vxEwj5Z5GzQLBMxp3mCx1 diff --git a/t/lib-httpd/proxy-passwd b/t/lib-httpd/proxy-passwd new file mode 100644 index 0000000..2ad7705 --- /dev/null +++ b/t/lib-httpd/proxy-passwd @@ -0,0 +1 @@ +proxuser:$apr1$RxS6MLkD$DYsqQdflheq4GPNxzJpx5. diff --git a/t/lib-httpd/ssl.cnf b/t/lib-httpd/ssl.cnf index 6dab257..812e825 100644 --- a/t/lib-httpd/ssl.cnf +++ b/t/lib-httpd/ssl.cnf @@ -1,7 +1,7 @@ RANDFILE = $ENV::RANDFILE_PATH [ req ] -default_bits = 1024 +default_bits = 2048 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] |