Merge branch 'apache24'

configure.ac

@@ -5,7 +5,7 @@ AC_LANG(C++)
 AM_INIT_AUTOMAKE([dist-bzip2 foreign])
 AC_CONFIG_HEADERS(src/sso/config.h)
 AC_CONFIG_MACRO_DIR([m4])
-AC_DISABLE_SHARED
+dnl AC_DISABLE_SHARED
 
 dnl Program checks.
 AC_PROG_CC
@@ -39,27 +39,12 @@ dnl Checks for apxs.
 if test "$build_mod_sso" != "no" ; then
   AX_WITH_APXS()
   APACHE_CFLAGS="-I`${APXS} -q INCLUDEDIR`"
-  AC_ARG_WITH(apr_config,
-              AC_HELP_STRING([[--with-apr-config=FILE]],
-                             [Path to apr-config program]),
-              [ apr_config="$withval" ],
-              [AC_PATH_PROGS(apr_config,
-                 [apr-config apr-0-config apr-1-config],
-                 [no],
-                 [$PATH:/usr/sbin/:/usr/local/apache2/bin]
-              )]
-  )
-  if test "$apr_config" != "no" ; then
-    AC_MSG_CHECKING('APR includes')
-    APACHE_CFLAGS="$APACHE_CFLAGS -I`${apr_config} --includedir`"
-    AC_MSG_RESULT($APACHE_CFLAGS)
-    AC_MSG_CHECKING('APR libs')
-    APR_LIBS="`${apr_config} --link-libtool --libs`"
-    AC_MSG_RESULT($APR_LIBS)
-  fi
   AC_SUBST(APACHE_CFLAGS)
   APACHE_LIBEXEC_DIR="`${APXS} -q LIBEXECDIR`"
   AC_SUBST(APACHE_LIBEXEC_DIR)
+
+  PKG_CHECK_MODULES(APR, [apr-1, apr-util-1])
+  AC_SUBST(APR_CFLAGS)
   AC_SUBST(APR_LIBS)
 fi
 AM_CONDITIONAL(ENABLE_MOD_SSO, [ test "$build_mod_sso" != "no" ])

debian/control

@@ -4,7 +4,8 @@ Priority: extra
 Maintainer: Autistici/Inventati <debian@autistici.org>
 Build-Depends: debhelper (>= 5), apache2-prefork-dev | apache2-threaded-dev,
  autoconf, automake, libtool, python-dev, python-support, swig,
- libpam-dev, python-setuptools
+ libpam-dev, python-setuptools, python-flup, pkg-config, libz-dev,
+ python-werkzeug, python-mox, python-flask, python-nose, apache2-bin | apache2
 Standards-Version: 3.7.2
 
 Package: ai-sso

src/mod_sso/Makefile.am

@@ -8,7 +8,7 @@ noinst_DATA = mod_sso.la
 SSO_LIBS = $(top_builddir)/src/sso/libsso.la
 
 libmod_sso_la_SOURCES = mod_sso.c mod_sso.h sso_utils.c
-libmod_sso_la_CPPFLAGS = $(APACHE_CFLAGS) $(AM_CPPFLAGS)
+libmod_sso_la_CPPFLAGS = $(APACHE_CFLAGS) $(APR_CFLAGS) $(AM_CPPFLAGS)
 libmod_sso_la_LDFLAGS = -module
 libmod_sso_la_LIBADD = $(SSO_LIBS)
 

src/mod_sso/mod_sso.h

@@ -26,6 +26,10 @@
 #include "ap_config.h"
 #include "apr_strings.h"
 
+#ifdef APLOG_USE_MODULE
+APLOG_USE_MODULE(sso);
+#endif
+
 /* overwrite package vars set by apache */
 #undef PACKAGE_BUGREPORT
 #undef PACKAGE_NAME

src/mod_sso/test/.gitignore

 public.key
 *_unittest
+*.log
+*.trs

src/mod_sso/test/Makefile.am

@@ -6,7 +6,7 @@ check_PROGRAMS = \
 EXTRA_DIST = httpd_integration_test.py
 
 TESTS = $(check_PROGRAMS)
-AM_CPPFLAGS += $(APACHE_CFLAGS) $(GTEST_CPPFLAGS)
+AM_CPPFLAGS += $(APACHE_CFLAGS) $(APR_CFLAGS) $(GTEST_CPPFLAGS)
 AM_LDFLAGS += $(GTEST_LDFLAGS)
 LDADD = $(builddir)/../libmod_sso.la $(GTEST_LIBS) $(APR_LIBS) -laprutil-1
 

src/mod_sso/test/httpd_integration_test.py

@@ -17,6 +17,9 @@ for exe in (APACHE_BIN, APXS_BIN):
     if not os.path.exists(exe):
         raise Exception('%s not found, this test cannot run' % exe)
 
+# Use 2.4 ocnfiguration.
+APACHE_CONFIG = 'test-httpd-2.4.conf'
+
 devnull = open(os.devnull)
 
 
@@ -27,10 +30,12 @@ def _start_httpd(public_key):
     env['TESTROOT'] = os.getcwd()
     env['MODULEDIR'] = subprocess.check_output(
         [APXS_BIN, '-q', 'LIBEXECDIR'], stderr=devnull).strip()
-    cmd = [APACHE_BIN, "-f", os.path.join(os.getcwd(), "test-httpd.conf"), "-X"]
+    cmd = [APACHE_BIN, "-f", os.path.join(os.getcwd(), APACHE_CONFIG), "-X"]
 
     if os.getenv('STRACE'):
         cmd = ['strace', '-s', '256', '-f'] + cmd
+    if os.getenv('VALGRIND'):
+        cmd = ['valgrind'] + cmd
 
     httpd = subprocess.Popen(cmd, env=env)
     print 'httpd pid:', httpd.pid
@@ -136,12 +141,17 @@ class HttpdIntegrationTest(unittest.TestCase):
         def mkcookie(tkt):
             return "SSO_test=%s" % tkt
 
+        # Set to a non-empty string when testing the SSOGroups directive
+        # (normally only the requested groups are generated).
+        #extra_groups = "&g=group1,group2,group3"
+        extra_groups = ''
+
         # Tests have a name so that we can recognize failures.
         checks = [
             ("index -> redirect",
              {"url": "/index.html", 
               "status": 302, 
-              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html"}),
+              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html" + extra_groups}),
             ("index with cookie -> ok",
              {"url": "/index.html",
               "cookie": mkcookie(self._ticket()),
@@ -151,12 +161,12 @@ class HttpdIntegrationTest(unittest.TestCase):
              {"url": "/index.html",
               "cookie": mkcookie('blahblah' * 8),
               "status": 302,
-              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html"}),
+              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html" + extra_groups}),
 
             ("protected-user -> redirect",
              {"url": "/protected-user/index.html", 
               "status": 302, 
-              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-user%2Findex.html"}),
+              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-user%2Findex.html" + extra_groups}),
             ("protected-user with cookie -> ok",
              {"url": "/protected-user/index.html",
               "cookie": mkcookie(self._ticket()),
@@ -170,28 +180,32 @@ class HttpdIntegrationTest(unittest.TestCase):
             ("protected-group -> redirect",
              {"url": "/protected-group/index.html", 
               "status": 302, 
-              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html&g=group1"}),
+              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html" + (extra_groups if extra_groups else "&g=group1")}),
             ("protected-group with cookie -> ok",
              {"url": "/protected-group/index.html",
               "cookie": mkcookie(self._ticket()),
               "status": 200,
               "body": "ok"}),
+            #("protected-group with cookie wrong group -> unauthorized",
+            # {"url": "/protected-group/index.html",
+            #  "cookie": mkcookie(self._ticket(group="group2")),
+            #  "status": 401}),
             ("protected-group with cookie wrong group -> redirect",
              {"url": "/protected-group/index.html",
               "cookie": mkcookie(self._ticket(group="group2")),
               "status": 302,
-              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html&g=group1"}),
+              "location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html" + (extra_groups if extra_groups else "&g=group1")}),
 
             ("other-service -> redirect",
              {"url": "/other-service/index.html",
               "status": 302,
               "http_host": "testhost.example.com",
-              "location": "https://login.example.com/?s=testhost.example.com%2Fother-service%2F&d=https%3A%2F%2Ftesthost.example.com%2Fother-service%2Findex.html"}),
+              "location": "https://login.example.com/?s=testhost.example.com%2Fother-service%2F&d=https%3A%2F%2Ftesthost.example.com%2Fother-service%2Findex.html" + extra_groups}),
 
             ("protected-htaccess -> redirect",
              {"url": "/protected-htaccess/index.html",
               "status": 302,
-              "location": "https://login.example.com/?s=service.example.com%2Fprotected-htaccess%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-htaccess%2Findex.html"}),
+              "location": "https://login.example.com/?s=service.example.com%2Fprotected-htaccess%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-htaccess%2Findex.html" + extra_groups}),
             ("protected-htaccess with cookie -> ok",
              {"url": "/protected-htaccess/index.html",
               "cookie": mkcookie(self._ticket(service="service.example.com/protected-htaccess/")),
@@ -204,6 +218,7 @@ class HttpdIntegrationTest(unittest.TestCase):
             ]
         for name, check in checks:
             for i in xrange(10):
+                print 'CHECKING %s (%d of 10)' % (name, i), check
                 status, body, location = _query(check["url"],
                                                 host=check.get("http_host"),
                                                 cookie=check.get("cookie"))

src/mod_sso/test/test-httpd-2.4.conf

+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
+
+LoadModule auth_basic_module ${MODULEDIR}/mod_auth_basic.so
+LoadModule authn_core_module ${MODULEDIR}/mod_authn_core.so
+LoadModule authz_core_module ${MODULEDIR}/mod_authz_core.so
+LoadModule authz_user_module ${MODULEDIR}/mod_authz_user.so
+
+LoadModule sso_module ${TESTROOT}/../.libs/mod_sso.so
+LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
+
+Listen 127.0.0.1:33000
+ServerName test
+PidFile ${TESTROOT}/test-httpd.pid
+ErrorLog /dev/fd/2
+LogLevel debug
+
+SSOLoginServer login.example.com
+SSODomain example.com
+SSOPublicKeyFile ${TESTROOT}/public.key
+#SSOGroups group1,group2,group3
+
+DocumentRoot ${TESTROOT}/htdocs
+<Directory "${TESTROOT}/htdocs">
+	AuthType SSO
+	AuthName test
+	SSOService service.example.com/
+	require valid-user
+
+	AllowOverride All
+</Directory>
+
+<Location "/other-service">
+	SSOService /other-service/
+</Location>
+
+<Directory "${TESTROOT}/htdocs/protected-group">
+	require group group1
+</Directory>
+
+<Directory "${TESTROOT}/htdocs/protected-user">
+	require user testuser
+</Directory>
+
+<Directory "${TESTROOT}/htdocs/cgi">
+	Options ExecCGI
+	SetHandler cgi-script
+</Directory>
+