From 7ef569b20421827e3a153431aaecbf1079259c79 Mon Sep 17 00:00:00 2001 From: Christoph Kreutzer Date: Fri, 12 Aug 2016 09:58:48 +0200 Subject: [PATCH] [tests] test coverage for issues (#321, #322) FastCGI Authorizer support with FastCGI Responders x-ref: "mod_fastcgi authorizers cannot protect fastcgi responders" http://redmine.lighttpd.net/issues/321 x-ref: "FastCGI Authorizer support for Variable-name variable passing" http://redmine.lighttpd.net/issues/322 --- tests/fastcgi-auth.conf | 12 ++++++++++-- tests/fcgi-auth.c | 19 ++++++++----------- tests/fcgi-responder.c | 3 +++ tests/mod-fastcgi.t | 19 ++++++++++++++++++- 4 files changed, 39 insertions(+), 14 deletions(-) diff --git a/tests/fastcgi-auth.conf b/tests/fastcgi-auth.conf index 0bdc0f2f..61b35407 100644 --- a/tests/fastcgi-auth.conf +++ b/tests/fastcgi-auth.conf @@ -68,15 +68,23 @@ compress.filetype = ( fastcgi.debug = 0 fastcgi.server = ( "/" => ( - "grisu" => ( + "grisu" => ( "host" => "127.0.0.1", "port" => 20000, "bin-path" => env.SRCDIR + "/fcgi-auth", "mode" => "authorizer", - "docroot" => env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/", "check-local" => "disable", ), ), + ".fcgi" => ( + "grisu2" => ( + "host" => "127.0.0.1", + "port" => 10000, + "bin-path" => env.SRCDIR + "/fcgi-responder", + "check-local" => "disable", + "max-procs" => 1, + ), + ), ) cgi.assign = ( diff --git a/tests/fcgi-auth.c b/tests/fcgi-auth.c index d340b2e8..3c7cdfdc 100644 --- a/tests/fcgi-auth.c +++ b/tests/fcgi-auth.c @@ -7,26 +7,23 @@ #include #endif #include -#include #include int main (void) { - char* p; while (FCGI_Accept() >= 0) { - /* wait for fastcgi authorizer request */ - printf("Content-type: text/html\r\n"); + /* Status: 200 OK to allow access is implied + * if Status header is not included in response */ - if (((p = getenv("QUERY_STRING")) == NULL) || - strcmp(p, "ok") != 0) { - printf("Status: 403 Forbidden\r\n\r\n"); - } else { - printf("\r\n"); - /* default Status is 200 - allow access */ + char *p = getenv("QUERY_STRING"); + if (p != NULL && 0 == strcmp(p, "var")) { + printf("Variable-X-LIGHTTPD-FCGI-AUTH: LighttpdTestContent\r\n"); + } else if (p == NULL || 0 != strcmp(p, "ok")) { + printf("Status: 403 Forbidden\r\n"); } - printf("foobar\r\n"); + printf("\r\n"); } return 0; diff --git a/tests/fcgi-responder.c b/tests/fcgi-responder.c index de04d0eb..8a86a73d 100644 --- a/tests/fcgi-responder.c +++ b/tests/fcgi-responder.c @@ -44,6 +44,9 @@ int main (void) { printf("%s", getenv("PATH_INFO")); } else if (0 == strcmp(p, "script_name")) { printf("%s", getenv("SCRIPT_NAME")); + } else if (0 == strcmp(p, "var")) { + p = getenv("X_LIGHTTPD_FCGI_AUTH"); + printf("%s", p ? p : "(no value)"); } else { printf("test123"); } diff --git a/tests/mod-fastcgi.t b/tests/mod-fastcgi.t index 4efce3fe..1a2219cf 100755 --- a/tests/mod-fastcgi.t +++ b/tests/mod-fastcgi.t @@ -7,7 +7,7 @@ BEGIN { } use strict; -use Test::More tests => 58; +use Test::More tests => 60; use LightyTest; my $tf = LightyTest->new(); @@ -292,6 +292,23 @@ EOF $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; ok($tf->handle_http($t) == 0, 'FastCGI - Auth in subdirectory'); + $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; + ok($tf->handle_http($t) == 0, 'FastCGI - Auth Fail with FastCGI responder afterwards'); + + $t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => 'LighttpdTestContent' } ]; + ok($tf->handle_http($t) == 0, 'FastCGI - Auth Success with Variable- to Env expansion'); + + ok($tf->stop_proc == 0, "Stopping lighttpd"); }