From 93a99dac870584ed4ea78f1c2f262db8b5460962 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 11 Oct 2013 13:21:01 +0200 Subject: webserver: spurious newline after data confuses curl Webserver wrongly sends an additional newline after the data which causes curl to believe that the next request on this socket has no header data and so includes all headers in the data output. Git-Dch: Ignore --- test/interactive-helper/aptwebserver.cc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'test') diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 4dae342dd..6c5634de6 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -137,21 +137,21 @@ bool sendFile(int const client, FileFd &data) /*{{{*/ { if (actual == 0) break; - if (Success == true) - Success &= FileFd::Write(client, buffer, actual); + Success &= FileFd::Write(client, buffer, actual); } - if (Success == true) - Success &= FileFd::Write(client, "\r\n", 2); + if (Success == false) + std::cerr << "SENDFILE: READ/WRITE ERROR to " << client << std::endl; return Success; } /*}}}*/ bool sendData(int const client, std::string const &data) /*{{{*/ { - bool Success = true; - Success &= FileFd::Write(client, data.c_str(), data.size()); - if (Success == true) - Success &= FileFd::Write(client, "\r\n", 2); - return Success; + if (FileFd::Write(client, data.c_str(), data.size()) == false) + { + std::cerr << "SENDDATA: WRITE ERROR to " << client << std::endl; + return false; + } + return true; } /*}}}*/ void sendError(int const client, int const httpcode, std::string const &request,/*{{{*/ -- cgit v1.2.3 From 23af9f40ecc41eb05d82d953cca9ec11eaff657c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 13 Oct 2013 19:23:30 +0200 Subject: tests: enhance https support in the testcases Git-Dch: Ignore --- test/integration/framework | 10 +++++++--- test/integration/test-partial-file-support | 12 +++++++----- 2 files changed, 14 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 20f3487cc..6a2a78c83 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -192,6 +192,7 @@ setupenvironment() { fi echo "DPKG::options:: \"--log=${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log\";" >> aptconfig.conf echo 'quiet::NoUpdate "true";' >> aptconfig.conf + echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https export LC_ALL=C export PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin" configcompression '.' 'gz' #'bz2' 'lzma' 'xz' @@ -799,6 +800,11 @@ rewritesourceslist() { } changetowebserver() { + if [ "$1" != '--no-rewrite' ]; then + rewritesourceslist 'http://localhost:8080/' + else + shift + fi local LOG='/dev/null' if test -x ${BUILDDIRECTORY}/aptwebserver; then cd aptarchive @@ -812,9 +818,6 @@ changetowebserver() { else msgdie 'You have to build aptwerbserver or install a webserver' fi - if [ "$1" != '--no-rewrite' ]; then - rewritesourceslist 'http://localhost:8080/' - fi } changetohttpswebserver() { @@ -826,6 +829,7 @@ changetohttpswebserver() { fi echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid cert = ${TESTDIRECTORY}/apt.pem +output = /dev/null [https] accept = 4433 diff --git a/test/integration/test-partial-file-support b/test/integration/test-partial-file-support index 8d1c51ae0..b176cc15e 100755 --- a/test/integration/test-partial-file-support +++ b/test/integration/test-partial-file-support @@ -18,7 +18,7 @@ testdownloadfile() { rm -f "$DOWNLOG" msgtest "Testing download of file $2 with" "$1" if ! downloadfile "$2" "$3" > "$DOWNLOG"; then - cat "$DOWNLOG" + cat >&2 "$DOWNLOG" msgfail else msgpass @@ -40,21 +40,23 @@ testdownloadfile() { if [ "$EXPECTED" "$4" "$hash" ]; then msgpass else - cat "$DOWNLOG" + cat >&2 "$DOWNLOG" msgfail "expected: $EXPECTED ; got: $hash" fi done } testwebserverlaststatuscode() { - STATUS="$(mktemp)" + local DOWNLOG='download-testfile.log' + rm -f "$DOWNLOG" + local STATUS="$(mktemp)" addtrap "rm $STATUS;" msgtest 'Test last status code from the webserver was' "$1" - downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" >/dev/null + downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" > "$DOWNLOG" if [ "$(cat "$STATUS")" = "$1" ]; then msgpass else - cat download-testfile.log + cat >&2 "$DOWNLOG" msgfail "Status was $(cat "$STATUS")" fi } -- cgit v1.2.3 From eab3a9b2e233d7a142c0fa90bd1ed16a3c0e6cc6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 16 Oct 2013 16:46:55 +0200 Subject: webserver: implement ~user access to ~user/public_html/ pretty much useless for the testcases, but handy to test the webserver itself in 'real world' environments Git-Dch: Ignore --- test/interactive-helper/aptwebserver.cc | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 6c5634de6..4ea1794bb 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -198,7 +198,17 @@ void sendRedirect(int const client, int const httpcode, std::string const &uri,/ addDataHeaders(headers, response); std::string location("Location: "); if (strncmp(uri.c_str(), "http://", 7) != 0) - location.append("http://").append(LookupTag(request, "Host")).append("/").append(uri); + { + location.append("http://").append(LookupTag(request, "Host")).append("/"); + if (strncmp("/home/", uri.c_str(), strlen("/home/")) == 0 && uri.find("/public_html/") != std::string::npos) + { + std::string homeuri = SubstVar(uri, "/home/", "~"); + homeuri = SubstVar(homeuri, "/public_html/", "/"); + location.append(homeuri); + } + else + location.append(uri); + } else location.append(uri); headers.push_back(location); @@ -381,6 +391,20 @@ bool parseFirstLine(int const client, std::string const &request, /*{{{*/ filename.erase(0, 1); if (filename.empty() == true) filename = "."; + // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory + else if (filename[0] == '~') + { + // /home/user is actually not entirely correct, but good enough for now + size_t dashpos = filename.find('/'); + if (dashpos != std::string::npos) + { + std::string home = filename.substr(1, filename.find('/') - 1); + std::string pubhtml = filename.substr(filename.find('/') + 1); + filename = "/home/" + home + "/public_html/" + pubhtml; + } + else + filename = "/home/" + filename.substr(1) + "/public_html/"; + } return true; } /*}}}*/ -- cgit v1.2.3 From 3c16b5fe7950e32a0a13ad7544ed531ace535316 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 16 Oct 2013 18:43:21 +0200 Subject: webserver: add directoryIndex support defaulting to index.html Git-Dch: Ignore --- test/interactive-helper/aptwebserver.cc | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 4ea1794bb..0e04826c5 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -277,7 +277,7 @@ void sendDirectoryListing(int const client, std::string const &dir, /*{{{*/ << "" << std::endl << "

Index of " << dir << "

" << std::endl << "" << std::endl; - if (dir != ".") + if (dir != "./") listing << ""; for (int i = 0; i < counter; ++i) { struct stat fs; @@ -390,7 +390,7 @@ bool parseFirstLine(int const client, std::string const &request, /*{{{*/ // nuke the first character which is a / as we assured above filename.erase(0, 1); if (filename.empty() == true) - filename = "."; + filename = "./"; // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory else if (filename[0] == '~') { @@ -405,6 +405,17 @@ bool parseFirstLine(int const client, std::string const &request, /*{{{*/ else filename = "/home/" + filename.substr(1) + "/public_html/"; } + + // if no filename is given, but a valid directory see if we can use an index or + // have to resort to a autogenerated directory listing later on + if (DirectoryExists(filename) == true) + { + std::string const directoryIndex = _config->Find("aptwebserver::directoryindex"); + if (directoryIndex.empty() == false && directoryIndex == flNotDir(directoryIndex) && + RealFileExists(filename + directoryIndex) == true) + filename += directoryIndex; + } + return true; } /*}}}*/ @@ -543,6 +554,7 @@ int main(int const argc, const char * argv[]) _config->CndSet("aptwebserver::response-header::Server", "APT webserver"); _config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes"); + _config->CndSet("aptwebserver::directoryindex", "index.html"); std::vector messages; int client; @@ -693,7 +705,7 @@ int main(int const argc, const char * argv[]) } else if (DirectoryExists(filename) == true) { - if (filename == "." || filename[filename.length()-1] == '/') + if (filename[filename.length()-1] == '/') sendDirectoryListing(client, filename, *m, sendContent); else sendRedirect(client, 301, filename.append("/"), *m, sendContent); -- cgit v1.2.3 From d23bda42456bd092751deb24d8295c27a15721e8 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 16 Oct 2013 22:43:01 +0200 Subject: webserver: strip parameters from filename Again, not (currently) used by the tests itself, but in interactive usage of the webserver itself. Git-Dch: Ignore --- test/interactive-helper/aptwebserver.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 0e04826c5..94f63bb39 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -308,7 +308,7 @@ void sendDirectoryListing(int const client, std::string const &dir, /*{{{*/ } /*}}}*/ bool parseFirstLine(int const client, std::string const &request, /*{{{*/ - std::string &filename, bool &sendContent, + std::string &filename, std::string ¶ms, bool &sendContent, bool &closeConnection) { if (strncmp(request.c_str(), "HEAD ", 5) == 0) @@ -375,6 +375,14 @@ bool parseFirstLine(int const client, std::string const &request, /*{{{*/ sendError(client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that"); return false; } + + size_t paramspos = filename.find('?'); + if (paramspos != std::string::npos) + { + params = filename.substr(paramspos + 1); + filename.erase(paramspos); + } + filename = DeQuoteString(filename); // this is not a secure server, but at least prevent the obvious … -- cgit v1.2.3 From 575fe03ee310c740bfa2950aa55b3358e8a60eee Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 16 Oct 2013 22:45:37 +0200 Subject: webserver: use pthreads to handle multiple clients Clients like browsers prefer to open many connections and keep them open for a while, so that pages with lot of subelements would take a while to load (if at all), by using threads as all servers do some way or another we can resolve this. libapt is not intended to be pthread-safe and stuff like the storage of the last return code doesn't make too much sense if multiple clients interact with us, but it is good enough for now and an other interesting (mis)use of libapt in general. Git-Dch: Ignore --- test/interactive-helper/aptwebserver.cc | 362 ++++++++++++++++++-------------- test/interactive-helper/makefile | 2 +- 2 files changed, 201 insertions(+), 163 deletions(-) (limited to 'test') diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 94f63bb39..7d3589c9d 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -112,7 +112,7 @@ bool sendHead(int const client, int const httpcode, std::list &head date.append(TimeRFC1123(time(NULL))); headers.push_back(date); - std::clog << ">>> RESPONSE >>>" << std::endl; + std::clog << ">>> RESPONSE to " << client << " >>>" << std::endl; bool Success = true; for (std::list::const_iterator h = headers.begin(); Success == true && h != headers.end(); ++h) @@ -470,6 +470,173 @@ bool handleOnTheFlyReconfiguration(int const client, std::string const &request, return false; } /*}}}*/ +void * handleClient(void * voidclient) /*{{{*/ +{ + int client = *((int*)(voidclient)); + std::clog << "ACCEPT client " << client << std::endl; + std::vector messages; + while (ReadMessages(client, messages)) + { + bool closeConnection = false; + for (std::vector::const_iterator m = messages.begin(); + m != messages.end() && closeConnection == false; ++m) { + std::clog << ">>> REQUEST from " << client << " >>>" << std::endl << *m + << std::endl << "<<<<<<<<<<<<<<<<" << std::endl; + std::list headers; + std::string filename; + std::string params; + bool sendContent = true; + if (parseFirstLine(client, *m, filename, params, sendContent, closeConnection) == false) + continue; + + // special webserver command request + if (filename.length() > 1 && filename[0] == '_') + { + std::vector parts = VectorizeString(filename, '/'); + if (parts[0] == "_config") + { + handleOnTheFlyReconfiguration(client, *m, parts); + continue; + } + } + + // string replacements in the requested filename + ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace"); + if (Replaces != NULL) + { + std::string redirect = "/" + filename; + for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next) + redirect = SubstVar(redirect, I->Tag, I->Value); + redirect.erase(0,1); + if (redirect != filename) + { + sendRedirect(client, 301, redirect, *m, sendContent); + continue; + } + } + + ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite"); + if (Overwrite != NULL) + { + for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next) + { + regex_t *pattern = new regex_t; + int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB); + if (res != 0) + { + char error[300]; + regerror(res, pattern, error, sizeof(error)); + sendError(client, 500, *m, sendContent, error); + continue; + } + if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0) + { + filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", filename); + if (filename[0] == '/') + filename.erase(0,1); + regfree(pattern); + break; + } + regfree(pattern); + } + } + + // deal with the request + if (RealFileExists(filename) == true) + { + FileFd data(filename, FileFd::ReadOnly); + std::string condition = LookupTag(*m, "If-Modified-Since", ""); + if (condition.empty() == false) + { + time_t cache; + if (RFC1123StrToTime(condition.c_str(), cache) == true && + cache >= data.ModificationTime()) + { + sendHead(client, 304, headers); + continue; + } + } + + if (_config->FindB("aptwebserver::support::range", true) == true) + condition = LookupTag(*m, "Range", ""); + else + condition.clear(); + if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0) + { + time_t cache; + std::string ifrange; + if (_config->FindB("aptwebserver::support::if-range", true) == true) + ifrange = LookupTag(*m, "If-Range", ""); + bool validrange = (ifrange.empty() == true || + (RFC1123StrToTime(ifrange.c_str(), cache) == true && + cache <= data.ModificationTime())); + + // FIXME: support multiple byte-ranges (APT clients do not do this) + if (condition.find(',') == std::string::npos) + { + size_t start = 6; + unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10); + // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this) + size_t dash = condition.find('-') + 1; + unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10); + unsigned long long filesize = data.FileSize(); + if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) && + validrange == true) + { + if (filesize > filestart) + { + data.Skip(filestart); + std::ostringstream contentlength; + contentlength << "Content-Length: " << (filesize - filestart); + headers.push_back(contentlength.str()); + std::ostringstream contentrange; + contentrange << "Content-Range: bytes " << filestart << "-" + << filesize - 1 << "/" << filesize; + headers.push_back(contentrange.str()); + sendHead(client, 206, headers); + if (sendContent == true) + sendFile(client, data); + continue; + } + else + { + headers.push_back("Content-Length: 0"); + std::ostringstream contentrange; + contentrange << "Content-Range: bytes */" << filesize; + headers.push_back(contentrange.str()); + sendHead(client, 416, headers); + continue; + } + } + } + } + + addFileHeaders(headers, data); + sendHead(client, 200, headers); + if (sendContent == true) + sendFile(client, data); + } + else if (DirectoryExists(filename) == true) + { + if (filename[filename.length()-1] == '/') + sendDirectoryListing(client, filename, *m, sendContent); + else + sendRedirect(client, 301, filename.append("/"), *m, sendContent); + } + else + sendError(client, 404, *m, sendContent); + } + _error->DumpErrors(std::cerr); + messages.clear(); + if (closeConnection == true) + break; + } + close(client); + std::clog << "CLOSE client " << client << std::endl; + return NULL; +} + /*}}}*/ + int main(int const argc, const char * argv[]) { CommandLine::Args Args[] = { @@ -490,6 +657,9 @@ int main(int const argc, const char * argv[]) // create socket, bind and listen to it {{{ // ignore SIGPIPE, this can happen on write() if the socket closes connection signal(SIGPIPE, SIG_IGN); + // we don't care for our slaves, so ignore their death + signal(SIGCHLD, SIG_IGN); + int sock = socket(AF_INET6, SOCK_STREAM, 0); if(sock < 0) { @@ -557,179 +727,47 @@ int main(int const argc, const char * argv[]) std::clog << "Serving ANY file on port: " << port << std::endl; - listen(sock, 1); + int const slaves = _config->FindB("aptwebserver::slaves", SOMAXCONN); + listen(sock, slaves); /*}}}*/ _config->CndSet("aptwebserver::response-header::Server", "APT webserver"); _config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes"); _config->CndSet("aptwebserver::directoryindex", "index.html"); - std::vector messages; - int client; - while ((client = accept(sock, NULL, NULL)) != -1) - { - std::clog << "ACCEPT client " << client - << " on socket " << sock << std::endl; + std::list accepted_clients; - while (ReadMessages(client, messages)) + while (true) + { + int client = accept(sock, NULL, NULL); + if (client == -1) { - bool closeConnection = false; - for (std::vector::const_iterator m = messages.begin(); - m != messages.end() && closeConnection == false; ++m) { - std::clog << ">>> REQUEST >>>>" << std::endl << *m - << std::endl << "<<<<<<<<<<<<<<<<" << std::endl; - std::list headers; - std::string filename; - bool sendContent = true; - if (parseFirstLine(client, *m, filename, sendContent, closeConnection) == false) - continue; - - // special webserver command request - if (filename.length() > 1 && filename[0] == '_') - { - std::vector parts = VectorizeString(filename, '/'); - if (parts[0] == "_config") - { - handleOnTheFlyReconfiguration(client, *m, parts); - continue; - } - } - - // string replacements in the requested filename - ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace"); - if (Replaces != NULL) - { - std::string redirect = "/" + filename; - for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next) - redirect = SubstVar(redirect, I->Tag, I->Value); - redirect.erase(0,1); - if (redirect != filename) - { - sendRedirect(client, 301, redirect, *m, sendContent); - continue; - } - } - - ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite"); - if (Overwrite != NULL) - { - for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next) - { - regex_t *pattern = new regex_t; - int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB); - if (res != 0) - { - char error[300]; - regerror(res, pattern, error, sizeof(error)); - sendError(client, 500, *m, sendContent, error); - continue; - } - if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0) - { - filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", filename); - if (filename[0] == '/') - filename.erase(0,1); - regfree(pattern); - break; - } - regfree(pattern); - } - } - - // deal with the request - if (RealFileExists(filename) == true) - { - FileFd data(filename, FileFd::ReadOnly); - std::string condition = LookupTag(*m, "If-Modified-Since", ""); - if (condition.empty() == false) - { - time_t cache; - if (RFC1123StrToTime(condition.c_str(), cache) == true && - cache >= data.ModificationTime()) - { - sendHead(client, 304, headers); - continue; - } - } - - if (_config->FindB("aptwebserver::support::range", true) == true) - condition = LookupTag(*m, "Range", ""); - else - condition.clear(); - if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0) - { - time_t cache; - std::string ifrange; - if (_config->FindB("aptwebserver::support::if-range", true) == true) - ifrange = LookupTag(*m, "If-Range", ""); - bool validrange = (ifrange.empty() == true || - (RFC1123StrToTime(ifrange.c_str(), cache) == true && - cache <= data.ModificationTime())); - - // FIXME: support multiple byte-ranges (APT clients do not do this) - if (condition.find(',') == std::string::npos) - { - size_t start = 6; - unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10); - // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this) - size_t dash = condition.find('-') + 1; - unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10); - unsigned long long filesize = data.FileSize(); - if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) && - validrange == true) - { - if (filesize > filestart) - { - data.Skip(filestart); - std::ostringstream contentlength; - contentlength << "Content-Length: " << (filesize - filestart); - headers.push_back(contentlength.str()); - std::ostringstream contentrange; - contentrange << "Content-Range: bytes " << filestart << "-" - << filesize - 1 << "/" << filesize; - headers.push_back(contentrange.str()); - sendHead(client, 206, headers); - if (sendContent == true) - sendFile(client, data); - continue; - } - else - { - headers.push_back("Content-Length: 0"); - std::ostringstream contentrange; - contentrange << "Content-Range: bytes */" << filesize; - headers.push_back(contentrange.str()); - sendHead(client, 416, headers); - continue; - } - } - } - } + if (errno == EINTR) + continue; + _error->Errno("accept", "Couldn't accept client on socket %d", sock); + _error->DumpErrors(std::cerr); + return 6; + } - addFileHeaders(headers, data); - sendHead(client, 200, headers); - if (sendContent == true) - sendFile(client, data); - } - else if (DirectoryExists(filename) == true) - { - if (filename[filename.length()-1] == '/') - sendDirectoryListing(client, filename, *m, sendContent); - else - sendRedirect(client, 301, filename.append("/"), *m, sendContent); - } - else - sendError(client, 404, *m, sendContent); - } + pthread_attr_t attr; + if (pthread_attr_init(&attr) != 0 || pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED) != 0) + { + _error->Errno("pthread_attr", "Couldn't set detach attribute for a fresh thread to handle client %d on socket %d", client, sock); _error->DumpErrors(std::cerr); - messages.clear(); - if (closeConnection == true) - break; + close(client); + continue; } - std::clog << "CLOSE client " << client - << " on socket " << sock << std::endl; - close(client); + pthread_t tid; + // thats rather dirty, but we need to store the client socket somewhere safe + accepted_clients.push_front(client); + if (pthread_create(&tid, &attr, &handleClient, &(*accepted_clients.begin())) != 0) + { + _error->Errno("pthread_create", "Couldn't create a fresh thread to handle client %d on socket %d", client, sock); + _error->DumpErrors(std::cerr); + close(client); + continue; + } } pidfile.Close(); diff --git a/test/interactive-helper/makefile b/test/interactive-helper/makefile index f43df97e3..8dc014b98 100644 --- a/test/interactive-helper/makefile +++ b/test/interactive-helper/makefile @@ -41,7 +41,7 @@ include $(PROGRAM_H) # Program for testing udevcdrom PROGRAM=aptwebserver -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg -lpthread LIB_MAKES = apt-pkg/makefile SOURCE = aptwebserver.cc include $(PROGRAM_H) -- cgit v1.2.3 From 8523b22fbcc6ca2ad004a9133559212908b768ed Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 23 Oct 2013 12:26:44 +0200 Subject: tests: rm pkgcache.bin in 719263 test As testcases are running really fast it can happen that files which are changed in reality are considered unchanged as the modify time isn't changed. What we could do is disable those caches by default, but some tests actually depend on those and deriving too much from the default by default (pun intended) is not a good idea for tests after all. Git-Dch: Ignore --- test/integration/test-bug-719263-print-uris-removes-authentication | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/integration/test-bug-719263-print-uris-removes-authentication b/test/integration/test-bug-719263-print-uris-removes-authentication index 1c1a27ceb..5e674db0b 100755 --- a/test/integration/test-bug-719263-print-uris-removes-authentication +++ b/test/integration/test-bug-719263-print-uris-removes-authentication @@ -25,6 +25,7 @@ Inst unrelated [1] (2 unstable [all]) Conf unrelated (2 unstable [all])' aptget install unrelated -s testsuccess aptget install unrelated -y testdpkginstalled unrelated + rm -rf rootdir/var/cache/apt/*.bin cp -a rootdir/var/lib/dpkg/status-backup-noact rootdir/var/lib/dpkg/status } -- cgit v1.2.3 From f2c0ec8bdb00b44de240190dae39fa255b6c85de Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 23 Oct 2013 16:32:48 +0200 Subject: tests: add a webserverconfig method to abstract config The URI to use to set a config option is a bit arcane to write/remember and checking if the setting was successful doubly so. Git-Dch: Ignore --- test/integration/framework | 16 ++++++++++++++++ test/integration/test-partial-file-support | 6 ++---- test/integration/test-releasefile-verification | 2 +- test/interactive-helper/aptwebserver.cc | 2 +- 4 files changed, 20 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 6a2a78c83..89b5bb0e4 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -792,6 +792,22 @@ signreleasefiles() { msgdone "info" } +webserverconfig() { + msgtest "Set webserver config option '${1}' to" "$2" + downloadfile "http://localhost:8080/_config/set/${1}/${2}" '/dev/null' >/dev/null + local DOWNLOG='download-testfile.log' + rm -f "$DOWNLOG" + local STATUS="$(mktemp)" + addtrap "rm $STATUS;" + downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" > "$DOWNLOG" + if [ "$(cat "$STATUS")" = '200' ]; then + msgpass + else + cat >&2 "$DOWNLOG" + msgfail "Statuscode was $(cat "$STATUS")" + fi +} + rewritesourceslist() { local APTARCHIVE="file://$(readlink -f "${TMPWORKINGDIRECTORY}/aptarchive")" for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do diff --git a/test/integration/test-partial-file-support b/test/integration/test-partial-file-support index b176cc15e..382789e68 100755 --- a/test/integration/test-partial-file-support +++ b/test/integration/test-partial-file-support @@ -66,8 +66,7 @@ TESTFILE='aptarchive/testfile' cp -a ${TESTDIR}/framework $TESTFILE testrun() { - downloadfile "$1/_config/set/aptwebserver::support::range/true" '/dev/null' >/dev/null - testwebserverlaststatuscode '200' + webserverconfig 'aptwebserver::support::range' 'true' copysource $TESTFILE 0 ./testfile testdownloadfile 'no data' "${1}/testfile" './testfile' '=' @@ -94,8 +93,7 @@ testrun() { testdownloadfile 'old data' "${1}/testfile" './testfile' '=' testwebserverlaststatuscode '200' - downloadfile "$1/_config/set/aptwebserver::support::range/false" '/dev/null' >/dev/null - testwebserverlaststatuscode '200' + webserverconfig 'aptwebserver::support::range' 'false' copysource $TESTFILE 20 ./testfile testdownloadfile 'no server support' "${1}/testfile" './testfile' '=' diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 9d34a521a..e558b83e8 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -11,7 +11,7 @@ buildaptarchive setupflataptarchive changetowebserver -downloadfile "http://localhost:8080/_config/set/aptwebserver::support::range/false" '/dev/null' >/dev/null +webserverconfig 'aptwebserver::support::range' 'false' prepare() { local DATE="${2:-now}" diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc index 7d3589c9d..b7663a76a 100644 --- a/test/interactive-helper/aptwebserver.cc +++ b/test/interactive-helper/aptwebserver.cc @@ -546,7 +546,7 @@ void * handleClient(void * voidclient) /*{{{*/ { FileFd data(filename, FileFd::ReadOnly); std::string condition = LookupTag(*m, "If-Modified-Since", ""); - if (condition.empty() == false) + if (_config->FindB("aptwebserver::support::modified-since", true) == true && condition.empty() == false) { time_t cache; if (RFC1123StrToTime(condition.c_str(), cache) == true && -- cgit v1.2.3 From f87338d2da95ba7d55a1a67b4506717e94d49bca Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 30 Nov 2013 23:07:20 +0100 Subject: cherry-pick ubuntus (disabled) net-update fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the net-update command a special keyring can be downloaded and imported into apt, which must be signed by a master key. Its is currently disabled because of security problems with it – and the only known user before that was Ubuntu. --- .../integration/exploid-keyring-with-dupe-keys.pub | Bin 0 -> 3986 bytes .../exploid-keyring-with-dupe-subkeys.pub | Bin 0 -> 2016 bytes test/integration/test-apt-key-net-update | 95 +++++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 test/integration/exploid-keyring-with-dupe-keys.pub create mode 100644 test/integration/exploid-keyring-with-dupe-subkeys.pub create mode 100755 test/integration/test-apt-key-net-update (limited to 'test') diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub new file mode 100644 index 000000000..642952a40 Binary files /dev/null and b/test/integration/exploid-keyring-with-dupe-keys.pub differ diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub new file mode 100644 index 000000000..02d4e6ee8 Binary files /dev/null and b/test/integration/exploid-keyring-with-dupe-subkeys.pub differ diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update new file mode 100755 index 000000000..d5205836f --- /dev/null +++ b/test/integration/test-apt-key-net-update @@ -0,0 +1,95 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# mock +requires_root() { + return 0 +} + +# extract net_update() and import it +func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key ) +eval "$func" + +mkdir -p ./etc/apt +TRUSTEDFILE=./etc/apt/trusted.gpg +mkdir -p ./var/lib/apt/keyrings +TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg +GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" +GPG="$GPG_CMD --keyring $TRUSTEDFILE" +MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg + + +msgtest "add_keys_with_verify_against_master_keyring" +if [ ! -e $MASTER_KEYRING ]; then + echo -n "No $MASTER_KEYRING found" + msgskip + exit 0 +fi + +# test bad keyring and ensure its not added (LP: #857472) +ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + +# test another possible attack vector using subkeys (LP: #1013128) +msgtest "add_keys_with_verify_against_master_keyring with subkey attack" +ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + +# test good keyring and ensure we get no errors +ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgpass +else + msgfail +fi + +testequal './etc/apt/trusted.gpg +--------------------- +pub 1024D/437D05B5 2004-09-12 +uid Ubuntu Archive Automatic Signing Key +sub 2048g/79164387 2004-09-12 + +pub 1024D/FBB75451 2004-12-30 +uid Ubuntu CD Image Automatic Signing Key + +pub 4096R/C0B21F32 2012-05-11 +uid Ubuntu Archive Automatic Signing Key (2012) + +pub 4096R/EFE21092 2012-05-11 +uid Ubuntu CD Image Automatic Signing Key (2012) +' $GPG --list-keys + -- cgit v1.2.3
#NameSizeLast-Modified
dParent Directory--