Commit ab32b14d authored by godog's avatar godog

Merge branch 'apache24'

parents 66f6744f cb308bf6
......@@ -5,7 +5,7 @@ AC_LANG(C++)
AM_INIT_AUTOMAKE([dist-bzip2 foreign])
AC_CONFIG_HEADERS(src/sso/config.h)
AC_CONFIG_MACRO_DIR([m4])
AC_DISABLE_SHARED
dnl AC_DISABLE_SHARED
dnl Program checks.
AC_PROG_CC
......@@ -39,27 +39,12 @@ dnl Checks for apxs.
if test "$build_mod_sso" != "no" ; then
AX_WITH_APXS()
APACHE_CFLAGS="-I`${APXS} -q INCLUDEDIR`"
AC_ARG_WITH(apr_config,
AC_HELP_STRING([[--with-apr-config=FILE]],
[Path to apr-config program]),
[ apr_config="$withval" ],
[AC_PATH_PROGS(apr_config,
[apr-config apr-0-config apr-1-config],
[no],
[$PATH:/usr/sbin/:/usr/local/apache2/bin]
)]
)
if test "$apr_config" != "no" ; then
AC_MSG_CHECKING('APR includes')
APACHE_CFLAGS="$APACHE_CFLAGS -I`${apr_config} --includedir`"
AC_MSG_RESULT($APACHE_CFLAGS)
AC_MSG_CHECKING('APR libs')
APR_LIBS="`${apr_config} --link-libtool --libs`"
AC_MSG_RESULT($APR_LIBS)
fi
AC_SUBST(APACHE_CFLAGS)
APACHE_LIBEXEC_DIR="`${APXS} -q LIBEXECDIR`"
AC_SUBST(APACHE_LIBEXEC_DIR)
PKG_CHECK_MODULES(APR, [apr-1, apr-util-1])
AC_SUBST(APR_CFLAGS)
AC_SUBST(APR_LIBS)
fi
AM_CONDITIONAL(ENABLE_MOD_SSO, [ test "$build_mod_sso" != "no" ])
......
......@@ -4,7 +4,8 @@ Priority: extra
Maintainer: Autistici/Inventati <debian@autistici.org>
Build-Depends: debhelper (>= 5), apache2-prefork-dev | apache2-threaded-dev,
autoconf, automake, libtool, python-dev, python-support, swig,
libpam-dev, python-setuptools
libpam-dev, python-setuptools, python-flup, pkg-config, libz-dev,
python-werkzeug, python-mox, python-flask, python-nose, apache2-bin | apache2
Standards-Version: 3.7.2
Package: ai-sso
......
......@@ -8,7 +8,7 @@ noinst_DATA = mod_sso.la
SSO_LIBS = $(top_builddir)/src/sso/libsso.la
libmod_sso_la_SOURCES = mod_sso.c mod_sso.h sso_utils.c
libmod_sso_la_CPPFLAGS = $(APACHE_CFLAGS) $(AM_CPPFLAGS)
libmod_sso_la_CPPFLAGS = $(APACHE_CFLAGS) $(APR_CFLAGS) $(AM_CPPFLAGS)
libmod_sso_la_LDFLAGS = -module
libmod_sso_la_LIBADD = $(SSO_LIBS)
......
This diff is collapsed.
......@@ -26,6 +26,10 @@
#include "ap_config.h"
#include "apr_strings.h"
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(sso);
#endif
/* overwrite package vars set by apache */
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
......
public.key
*_unittest
*.log
*.trs
......@@ -6,7 +6,7 @@ check_PROGRAMS = \
EXTRA_DIST = httpd_integration_test.py
TESTS = $(check_PROGRAMS)
AM_CPPFLAGS += $(APACHE_CFLAGS) $(GTEST_CPPFLAGS)
AM_CPPFLAGS += $(APACHE_CFLAGS) $(APR_CFLAGS) $(GTEST_CPPFLAGS)
AM_LDFLAGS += $(GTEST_LDFLAGS)
LDADD = $(builddir)/../libmod_sso.la $(GTEST_LIBS) $(APR_LIBS) -laprutil-1
......
......@@ -17,6 +17,9 @@ for exe in (APACHE_BIN, APXS_BIN):
if not os.path.exists(exe):
raise Exception('%s not found, this test cannot run' % exe)
# Use 2.4 ocnfiguration.
APACHE_CONFIG = 'test-httpd-2.4.conf'
devnull = open(os.devnull)
......@@ -27,10 +30,12 @@ def _start_httpd(public_key):
env['TESTROOT'] = os.getcwd()
env['MODULEDIR'] = subprocess.check_output(
[APXS_BIN, '-q', 'LIBEXECDIR'], stderr=devnull).strip()
cmd = [APACHE_BIN, "-f", os.path.join(os.getcwd(), "test-httpd.conf"), "-X"]
cmd = [APACHE_BIN, "-f", os.path.join(os.getcwd(), APACHE_CONFIG), "-X"]
if os.getenv('STRACE'):
cmd = ['strace', '-s', '256', '-f'] + cmd
if os.getenv('VALGRIND'):
cmd = ['valgrind'] + cmd
httpd = subprocess.Popen(cmd, env=env)
print 'httpd pid:', httpd.pid
......@@ -136,12 +141,17 @@ class HttpdIntegrationTest(unittest.TestCase):
def mkcookie(tkt):
return "SSO_test=%s" % tkt
# Set to a non-empty string when testing the SSOGroups directive
# (normally only the requested groups are generated).
#extra_groups = "&g=group1,group2,group3"
extra_groups = ''
# Tests have a name so that we can recognize failures.
checks = [
("index -> redirect",
{"url": "/index.html",
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html"}),
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html" + extra_groups}),
("index with cookie -> ok",
{"url": "/index.html",
"cookie": mkcookie(self._ticket()),
......@@ -151,12 +161,12 @@ class HttpdIntegrationTest(unittest.TestCase):
{"url": "/index.html",
"cookie": mkcookie('blahblah' * 8),
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html"}),
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Findex.html" + extra_groups}),
("protected-user -> redirect",
{"url": "/protected-user/index.html",
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-user%2Findex.html"}),
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-user%2Findex.html" + extra_groups}),
("protected-user with cookie -> ok",
{"url": "/protected-user/index.html",
"cookie": mkcookie(self._ticket()),
......@@ -170,28 +180,32 @@ class HttpdIntegrationTest(unittest.TestCase):
("protected-group -> redirect",
{"url": "/protected-group/index.html",
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html&g=group1"}),
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html" + (extra_groups if extra_groups else "&g=group1")}),
("protected-group with cookie -> ok",
{"url": "/protected-group/index.html",
"cookie": mkcookie(self._ticket()),
"status": 200,
"body": "ok"}),
#("protected-group with cookie wrong group -> unauthorized",
# {"url": "/protected-group/index.html",
# "cookie": mkcookie(self._ticket(group="group2")),
# "status": 401}),
("protected-group with cookie wrong group -> redirect",
{"url": "/protected-group/index.html",
"cookie": mkcookie(self._ticket(group="group2")),
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html&g=group1"}),
"location": "https://login.example.com/?s=service.example.com%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-group%2Findex.html" + (extra_groups if extra_groups else "&g=group1")}),
("other-service -> redirect",
{"url": "/other-service/index.html",
"status": 302,
"http_host": "testhost.example.com",
"location": "https://login.example.com/?s=testhost.example.com%2Fother-service%2F&d=https%3A%2F%2Ftesthost.example.com%2Fother-service%2Findex.html"}),
"location": "https://login.example.com/?s=testhost.example.com%2Fother-service%2F&d=https%3A%2F%2Ftesthost.example.com%2Fother-service%2Findex.html" + extra_groups}),
("protected-htaccess -> redirect",
{"url": "/protected-htaccess/index.html",
"status": 302,
"location": "https://login.example.com/?s=service.example.com%2Fprotected-htaccess%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-htaccess%2Findex.html"}),
"location": "https://login.example.com/?s=service.example.com%2Fprotected-htaccess%2F&d=https%3A%2F%2Fservice.example.com%2Fprotected-htaccess%2Findex.html" + extra_groups}),
("protected-htaccess with cookie -> ok",
{"url": "/protected-htaccess/index.html",
"cookie": mkcookie(self._ticket(service="service.example.com/protected-htaccess/")),
......@@ -204,6 +218,7 @@ class HttpdIntegrationTest(unittest.TestCase):
]
for name, check in checks:
for i in xrange(10):
print 'CHECKING %s (%d of 10)' % (name, i), check
status, body, location = _query(check["url"],
host=check.get("http_host"),
cookie=check.get("cookie"))
......
LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
LoadModule auth_basic_module ${MODULEDIR}/mod_auth_basic.so
LoadModule authn_core_module ${MODULEDIR}/mod_authn_core.so
LoadModule authz_core_module ${MODULEDIR}/mod_authz_core.so
LoadModule authz_user_module ${MODULEDIR}/mod_authz_user.so
LoadModule sso_module ${TESTROOT}/../.libs/mod_sso.so
LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
Listen 127.0.0.1:33000
ServerName test
PidFile ${TESTROOT}/test-httpd.pid
ErrorLog /dev/fd/2
LogLevel debug
SSOLoginServer login.example.com
SSODomain example.com
SSOPublicKeyFile ${TESTROOT}/public.key
#SSOGroups group1,group2,group3
DocumentRoot ${TESTROOT}/htdocs
<Directory "${TESTROOT}/htdocs">
AuthType SSO
AuthName test
SSOService service.example.com/
require valid-user
AllowOverride All
</Directory>
<Location "/other-service">
SSOService /other-service/
</Location>
<Directory "${TESTROOT}/htdocs/protected-group">
require group group1
</Directory>
<Directory "${TESTROOT}/htdocs/protected-user">
require user testuser
</Directory>
<Directory "${TESTROOT}/htdocs/cgi">
Options ExecCGI
SetHandler cgi-script
</Directory>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment