1: #!/usr/bin/env perl
2: BEGIN {
3: # add current source dir to the include-path
4: # we need this for make distcheck
5: (my $srcdir = $0) =~ s,/[^/]+$,/,;
6: unshift @INC, $srcdir;
7: }
8:
9: use strict;
10: use IO::Socket;
11: use Test::More tests => 20;
12: use LightyTest;
13:
14: my $tf = LightyTest->new();
15: my $t;
16:
17: ok($tf->start_proc == 0, "Starting lighttpd") or die();
18:
19: $t->{REQUEST} = ( <<EOF
20: GET /server-status HTTP/1.0
21: EOF
22: );
23: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
24: ok($tf->handle_http($t) == 0, 'Missing Auth-token');
25:
26: $t->{REQUEST} = ( <<EOF
27: GET /server-status HTTP/1.0
28: Authorization: Basic \x80mFuOmphb
29: EOF
30: );
31: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
32: ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
33:
34: $t->{REQUEST} = ( <<EOF
35: GET /server-status HTTP/1.0
36: Authorization: Basic amFuOmphb
37: EOF
38: );
39: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
40: ok($tf->handle_http($t) == 0, 'Basic-Auth: Wrong Auth-token');
41:
42: $t->{REQUEST} = ( <<EOF
43: GET /server-config HTTP/1.0
44: Authorization: Basic amFuOmphbg==
45: EOF
46: );
47: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
48: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
49:
50: $t->{REQUEST} = ( <<EOF
51: GET /server-config HTTP/1.0
52: Host: auth-htpasswd.example.org
53: Authorization: Basic ZGVzOmRlcw==
54: EOF
55: );
56: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
57: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
58:
59: $t->{REQUEST} = ( <<EOF
60: GET /server-config HTTP/1.0
61: Host: auth-htpasswd.example.org
62: Authorization: basic ZGVzOmRlcw==
63: EOF
64: );
65: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
66: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
67:
68: $t->{REQUEST} = ( <<EOF
69: GET /server-config HTTP/1.0
70: Host: auth-htpasswd.example.org
71: Authorization: Basic c2hhOnNoYQ==
72: EOF
73: );
74: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
75: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha)');
76:
77: $t->{REQUEST} = ( <<EOF
78: GET /server-config HTTP/1.0
79: Host: auth-htpasswd.example.org
80: Authorization: Basic c2hhOnNoYg==
81: EOF
82: );
83: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
84: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (sha, wrong password)');
85:
86: $t->{REQUEST} = ( <<EOF
87: GET /server-config HTTP/1.0
88: Host: auth-htpasswd.example.org
89: Authorization: Basic YXByLW1kNTphcHItbWQ1
90: EOF
91: );
92: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
93: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5)');
94:
95: $t->{REQUEST} = ( <<EOF
96: GET /server-config HTTP/1.0
97: Host: auth-htpasswd.example.org
98: Authorization: Basic YXByLW1kNTphcHItbWQ2
99: EOF
100: );
101: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
102: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (apr-md5, wrong password)');
103:
104: SKIP: {
105: skip "no crypt-md5 under cygwin", 1 if $^O eq 'cygwin';
106: skip "no crypt-md5 under darwin", 1 if $^O eq 'darwin';
107: $t->{REQUEST} = ( <<EOF
108: GET /server-config HTTP/1.0
109: Host: auth-htpasswd.example.org
110: Authorization: Basic bWQ1Om1kNQ==
111: EOF
112: );
113: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
114: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (crypt-md5)');
115: }
116:
117: $t->{REQUEST} = ( <<EOF
118: GET /server-config HTTP/1.0
119: Authorization: Basic bWQ1Om1kNA==
120: EOF
121: );
122: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
123: ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
124:
125: ## this should not crash
126: $t->{REQUEST} = ( <<EOF
127: GET /server-status HTTP/1.0
128: User-Agent: Wget/1.9.1
129: Authorization: Digest username="jan", realm="jan", nonce="9a5428ccc05b086a08d918e73b01fc6f",
130: uri="/server-status", response="ea5f7d9a30b8b762f9610ccb87dea74f"
131: EOF
132: );
133: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
134: ok($tf->handle_http($t) == 0, 'Digest-Auth: missing qop, no crash');
135:
136: # (Note: test case is invalid; mismatch between request line and uri="..."
137: # is not what is intended to be tested here, but that is what is invalid)
138: # https://redmine.lighttpd.net/issues/477
139: ## this should not crash
140: $t->{REQUEST} = ( <<EOF
141: GET /server-status HTTP/1.0
142: User-Agent: Wget/1.9.1
143: Authorization: Digest username="jan", realm="jan",
144: nonce="b1d12348b4620437c43dd61c50ae4639",
145: uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001",
146: cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7",
147: response="29B32C2953C763C6D033C8A49983B87E"
148: EOF
149: );
150: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
151: ok($tf->handle_http($t) == 0, 'Digest-Auth: missing nc (noncecount instead), no crash');
152:
153: $t->{REQUEST} = ( <<EOF
154: GET /server-status HTTP/1.0
155: Authorization: Basic =
156: EOF
157: );
158: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
159: ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid Base64');
160:
161: $t->{REQUEST} = ( <<EOF
162: GET /server-status HTTP/1.0
163: Authorization: Digest username="jan", realm="download archiv",
164: nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
165: uri="/server-status", qop=auth, nc=00000001,
166: algorithm="md5-sess", response="049b000fb00ab51dddea6f093a96aa2e"
167: EOF
168: );
169: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
170: ok($tf->handle_http($t) == 0, 'Digest-Auth: md5-sess + missing cnonce');
171:
172: $t->{REQUEST} = ( <<EOF
173: GET /server-status HTTP/1.0
174: Authorization: Digest username="jan", realm="download archiv",
175: nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
176: uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
177: algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
178: EOF
179: );
180: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
181: ok($tf->handle_http($t) == 0, 'Digest-Auth: stale nonce');
182:
183: $t->{REQUEST} = ( <<EOF
184: GET /server-status HTTP/1.0
185: Authorization: Digest username="jan", realm="download archiv",
186: nonce="b3b26457000000003a9b34a3cd56d26e48a52a498ac9765d4b",
187: uri="/server-status", qop=auth, nc=00000001, cnonce="65ee1b37",
188: algorithm="md5", response="049b000fb00ab51dddea6f093a96aa2e"
189: EOF
190: ); # note: trailing whitespace at end of request line above is intentional
191: $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401, 'WWW-Authenticate' => '/, stale=true$/' } ];
192: ok($tf->handle_http($t) == 0, 'Digest-Auth: trailing WS, stale nonce');
193:
194:
195:
196: ok($tf->stop_proc == 0, "Stopping lighttpd");
197:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>