From 93f33052de84e9aeaf19c92291d043dad2665bbd Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Mon, 2 Dec 2019 11:46:49 +0100
Subject: netrc: Restrict auth.conf entries to https by default

This avoids downgrade attacks where an attacker could inject

Location: http://private.example/

and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.

Closes: #945911
---
 test/integration/test-authentication-basic | 42 +++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 9 deletions(-)

(limited to 'test')

diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic
index 211c73e35..5aafaade0 100755
--- a/test/integration/test-authentication-basic
+++ b/test/integration/test-authentication-basic
@@ -65,35 +65,59 @@ runtest() {
 	authfile ''
 	testauthfailure "$1"
 
+	protocol="${1%%://*}"
+
 	# good auth
-	authfile 'machine localhost
+	authfile "machine ${protocol}://localhost
 login star@irc
-password hunter2'
+password hunter2"
 	testauthsuccess "$1"
 
 	# bad auth
-	authfile 'machine localhost
+	authfile "machine ${protocol}://localhost
 login anonymous
-password hunter2'
+password hunter2"
 	testauthfailure "$1"
 
 	# 2 stanzas: unmatching + good auth
-	authfile 'machine debian.org
+	authfile "machine ${protocol}://debian.org
 login debian
 password jessie
 
-machine localhost
+machine ${protocol}://localhost
 login star@irc
-password hunter2'
+password hunter2"
 	testauthsuccess "$1"
 
+	# no protocol specifier
+	authfile "machine localhost
+login star@irc
+password hunter2"
+	if [ "$protocol" = "https" ]; then
+		testauthsuccess "$1"
+	else
+		testauthfailure "$1"
+	fi
+
+	# wrong protocol specifier
+	if [ "$protocol" = "https" ]; then
+		authfile "machine http://localhost
+login star@irc
+password hunter2"
+	else
+		authfile "machine https://localhost
+login star@irc
+password hunter2"
+	fi
+	testauthfailure "$1"
+
 	# delete file, make sure it fails; add auth.conf.d snippet, works again.
 	rm rootdir/etc/apt/auth.conf
 	testauthfailure "$1"
 
-	authfile  'machine localhost
+	authfile  "machine ${protocol}://localhost
 login star@irc
-password hunter2' rootdir/etc/apt/auth.conf.d/myauth.conf
+password hunter2" rootdir/etc/apt/auth.conf.d/myauth.conf
 	testauthsuccess "$1"
 	rm rootdir/etc/apt/auth.conf.d/myauth.conf
 }
-- 
cgit v1.2.3