tests/test-pull-metalink.sh \
tests/test-pull-summary-sigs.sh \
tests/test-pull-resume.sh \
+ tests/test-pull-basicauth.sh \
tests/test-pull-repeated.sh \
tests/test-pull-untrusted.sh \
tests/test-pull-override-url.sh \
}
static char *
-request_get_uri (FetcherRequest *req, guint idx)
+request_get_uri (FetcherRequest *req, SoupURI *baseuri)
{
- SoupURI *baseuri = req->mirrorlist->pdata[idx];
if (!req->filename)
return soup_uri_to_string (baseuri, FALSE);
{ g_autofree char *uristr = soup_uri_to_string (baseuri, FALSE);
g_assert_cmpint (req->idx, <, req->mirrorlist->len);
- { g_autofree char *uri = request_get_uri (req, req->idx);
+ SoupURI *baseuri = req->mirrorlist->pdata[req->idx];
+ { g_autofree char *uri = request_get_uri (req, baseuri);
curl_easy_setopt (req->easy, CURLOPT_URL, uri);
}
if ((self->config_flags & OSTREE_FETCHER_FLAGS_TRANSFER_GZIP) > 0)
curl_easy_setopt (req->easy, CURLOPT_ACCEPT_ENCODING, "");
+ /* If we have e.g. basic auth in the URL string, let's honor that */
+ const char *username = soup_uri_get_user (baseuri);
+ curl_easy_setopt (req->easy, CURLOPT_USERNAME, username);
+ const char *password = soup_uri_get_password (baseuri);
+ curl_easy_setopt (req->easy, CURLOPT_PASSWORD, password);
+
/* We should only speak HTTP; TODO: only enable file if specified */
curl_easy_setopt (req->easy, CURLOPT_PROTOCOLS, (long)(CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FILE));
/* Picked the current version in F25 as of 20170127, since
static gint opt_port = 0;
static gchar **opt_expected_cookies;
static gchar **opt_expected_headers;
+static gboolean opt_require_basic_auth;
static guint emitted_random_500s_count = 0;
static guint emitted_random_408s_count = 0;
{ "port", 'P', 0, G_OPTION_ARG_INT, &opt_port, "Use the specified TCP port", "PORT" },
{ "port-file", 'p', 0, G_OPTION_ARG_FILENAME, &opt_port_file, "Write port number to PATH (- for standard output)", "PATH" },
{ "force-range-requests", 0, 0, G_OPTION_ARG_NONE, &opt_force_ranges, "Force range requests by only serving half of files", NULL },
+ { "require-basic-auth", 0, 0, G_OPTION_ARG_NONE, &opt_require_basic_auth, "Require username foouser, password barpw", NULL },
{ "random-500s", 0, 0, G_OPTION_ARG_INT, &opt_random_500s_percentage, "Generate random HTTP 500 errors approximately for PERCENTAGE requests", "PERCENTAGE" },
{ "random-500s-max", 0, 0, G_OPTION_ARG_INT, &opt_random_500s_max, "Limit HTTP 500 errors to MAX (default 100)", "MAX" },
{ "random-408s", 0, 0, G_OPTION_ARG_INT, &opt_random_408s_percentage, "Generate random HTTP 408 errors approximately for PERCENTAGE requests", "PERCENTAGE" },
soup_message_set_status (msg, SOUP_STATUS_NOT_IMPLEMENTED);
}
+static gboolean
+basic_auth_callback (SoupAuthDomain *auth_domain, SoupMessage *msg,
+ const char *username, const char *password, gpointer data)
+{
+ return g_str_equal (username, "foouser") && g_str_equal (password, "barpw");
+}
+
static void
on_dir_changed (GFileMonitor *mon,
GFile *file,
SOUP_SERVER_SERVER_HEADER, "ostree-httpd ",
NULL);
#endif
+ if (opt_require_basic_auth)
+ {
+ glnx_unref_object SoupAuthDomain *auth_domain =
+ soup_auth_domain_basic_new (SOUP_AUTH_DOMAIN_REALM, "auth-test",
+ SOUP_AUTH_DOMAIN_ADD_PATH, "/",
+ SOUP_AUTH_DOMAIN_BASIC_AUTH_CALLBACK, basic_auth_callback,
+ NULL);
+ soup_server_add_auth_domain (server, auth_domain);
+ }
soup_server_add_handler (server, NULL, httpd_callback, app, NULL);
if (opt_port_file)
--- /dev/null
+#!/bin/bash
+#
+# Copyright (C) 2017 Colin Walters <walters@verbum.org>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+set -euo pipefail
+
+. $(dirname $0)/libtest.sh
+
+setup_fake_remote_repo1 "archive" "" "--require-basic-auth"
+
+echo '1..3'
+
+repopath=${test_tmpdir}/ostree-srv/gnomerepo
+cp -a ${repopath} ${repopath}.orig
+
+cd ${test_tmpdir}
+rm repo -rf
+ostree_repo_init repo
+unauthaddress=$(cat httpd-address)
+badauthaddress=$(echo $unauthaddress | sed -e 's,http://,http://foo:bar@,')
+goodauthaddress=$(echo $unauthaddress | sed -e 's,http://,http://foouser:barpw@,')
+${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin-unauth ${unauthaddress}/ostree/gnomerepo
+${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin-badauth ${badauthaddress}/ostree/gnomerepo
+${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin-goodauth ${goodauthaddress}/ostree/gnomerepo
+
+if ${CMD_PREFIX} ostree --repo=repo pull origin-unauth main 2>err.txt; then
+ fatal "Pulled via unauth"
+fi
+assert_file_has_content err.txt "401"
+echo "ok unauth"
+rm -f err.txt
+if ${CMD_PREFIX} ostree --repo=repo pull origin-badauth main 2>err.txt; then
+ fatal "Pulled via badauth"
+fi
+assert_file_has_content err.txt "401"
+rm -f err.txt
+echo "ok badauth"
+
+${CMD_PREFIX} ostree --repo=repo pull origin-goodauth main
+echo "ok basic auth"
projects / ostree.git / commitdiff