# check_binaries
printf "Testing if all binaries are available"
-check_binaries curl rm chown openssl htcp htls htmv htcp htrm htls htls htproxydestroy awk sed openssl tail head sort
+check_binaries curl rm chown openssl htcp htls htmv htcp htrm htls htls htproxydestroy awk sed openssl tail head sort id
if [ $? -gt 0 ]; then
test_failed
else
test_done
fi
+UPROXY="/tmp/x509up_u`id -u`"
if getent passwd www-data >/dev/null; then
HTTPD_USER=www-data
$SYS_RM /var/www/htdocs/.gacl
printf "Plain read... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html`
printf "Return code $code"
if [ "$code" = "403" ]; then
test_done
printf "With gacl... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.html`
printf "Return code $code"
if [ "$code" = "200" ]; then
test_done
printf "Get index (list & read permissions)\n"
printf "Plain read... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' https://$(hostname -f)/`
printf "Return code $code"
if [ "$code" = "403" ]; then
test_done
<gacl>
<entry>
<person>
- <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
+ <dn>`openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'`</dn>
</person>
<allow><read/><list/></allow>
</entry>
EOF
printf "With gacl... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
https://$(hostname -f)/`
printf "Return code $code"
if [ "$code" = "200" ]; then
chown $HTTPD_USER /var/www/htdocs/
printf "Plain write... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
printf "Return code $code"
if [ "$code" = "403" ]; then
test_done
<gacl>
<entry>
<person>
- <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
+ <dn>`openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'`</dn>
</person>
<allow><write/></allow>
</entry>
EOF
printf "With gacl... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
cmp -s /tmp/test.txt /var/www/htdocs/test.txt
printf "Return code $code"
if [ $? -eq 0 -a "$code" = "201" ]; then
printf "Try deletion... "
mv /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' -X DELETE https://$(hostname -f)/test.txt`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' -X DELETE https://$(hostname -f)/test.txt`
printf "Return code $code"
if [ $? -eq 0 -a "$code" = "403" ]; then
test_done
mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl
printf "With gacl... "
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' -X DELETE https://$(hostname -f)/test.txt`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' -X DELETE https://$(hostname -f)/test.txt`
printf "Return code $code"
if [ $? -eq 0 -a "$code" = "200" ]; then
test_done
<gacl>
<entry>
<person>
- <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
+ <dn>`openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'`</dn>
</person>
<allow><read/></allow>
</entry>
printf "Run test.cgi... "
chmod +x /var/www/htdocs/test.cgi
- code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.cgi`
+ code=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n' https://$(hostname -f)/test.cgi`
printf "Return code $code"
if [ "$code" = "200" ]; then
test_done
<gacl>
<entry>
<person>
- <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
+ <dn>`openssl x509 -noout -subject -in ${UPROXY} | sed -e 's/^subject= //'`</dn>
</person>
<allow><read/><write/><list/></allow>
</entry>
date > /tmp/test.txt
printf "Testing htcp... "
- htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
+ htcp --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
if [ $? -eq 0 ]; then
test_done
else
test_failed
fi
printf "Checking by htls... "
- htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
+ htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
if [ $? -eq 0 ]; then
test_done
else
test_failed
fi
printf "Testing htmv... "
- htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
+ htmv --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
if [ $? -eq 0 ]; then
test_done
else
test_failed
fi
printf "htcp, file 2... "
- htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
+ htcp --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
if [ $? -eq 0 ]; then
test_done
else
test_failed
fi
printf "Testing htrm... "
- htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
+ htrm --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
if [ $? -eq 0 ]; then
test_done
else
test_failed
fi
printf "Checking by htls... "
- htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
+ htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
if [ $? -eq 22 ]; then
test_done
else
test_failed
fi
printf "Checking directory contents with htls... "
- htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
+ htls --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
if [ $? -eq 0 ]; then
test_done
else
chown $HTTPD_USER /var/www/proxycache
#delegation
- id=`htproxyput --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi`
+ id=`htproxyput --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates https://$(hostname -f)/gridsite-delegation.cgi`
printf "id: $id"
if [ $? -eq 0 -a -n "$id" ]; then
test_done
test_failed
fi
- expiry=`htproxyunixtime --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
+ expiry=`htproxyunixtime --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
- newid=`htproxyrenew --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
+ newid=`htproxyrenew --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi`
printf "newid: $newid"
if [ $? -eq 0 -a -n "$newid" ]; then
test_done
test_failed
fi
- htproxydestroy --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi
+ htproxydestroy --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --delegation-id $id https://$(hostname -f)/gridsite-delegation.cgi
printf "Test handling of VOMS .lsc files (Regression test for bug #39254 and #82023)\n"
mkdir -p /tmp/vomsdir.$$
mv -f /etc/grid-security/vomsdir/* /tmp/vomsdir.$$/
printf "Trying with empty vomsdir. GRST_CRED_2 should not be present... "
- GRST_CRED_2=`curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2`
+ GRST_CRED_2=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2`
if [ "$GRST_CRED_2" = "" ]; then
test_done
else
mv -f /tmp/vomsdir.$$/* /etc/grid-security/vomsdir/
rm -rf /tmp/vomsdir.$$
- printf "Setting up .lsc file and trying again\n"
-
UTOPIA=`voms-proxy-info -all | grep -A 100 "extension information" | grep "^issuer" | grep "L=Tropic" | grep "O=Utopia" | grep "OU=Relaxation"`
if [ "$UTOPIA" != "" ]; then
printf "Possibly fake VOMS extensions. Regenerating... "
fi;
# voms-proxy-info -all | grep -A 100 "extension information" | sed "s/\$/$NL/"
+ printf "Setting up .lsc file and trying again\n"
+
for vomsfile in /etc/vomses/*
do
if [ -f $vomsfile ]; then
done
exit 0
- GRST_CRED_2=`curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2`
+ GRST_CRED_2=`curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep GRST_CRED_2`
if [ "$GRST_CRED_2" = "" ]; then
print_error "GRST_CRED_2 not returned"
test_done
printf "Getting list of Role attributes from test.cgi... "
- curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-pre.$$.out
+ curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-pre.$$.out
if [ ! -s info-roles.$$.out ]; then
printf "EMPTY!"
voms-proxy-init -noregen > /dev/null 2> /dev/null
test_done
printf "Getting another set of Role attributes from test.cgi... "
- curl --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --capath /etc/grid-security/certificates --cacert /tmp/x509up_u0 --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-post.$$.out
+ curl --cert ${UPROXY} --key ${UPROXY} --capath /etc/grid-security/certificates --cacert ${UPROXY} --silent https://$(hostname -f)/test.cgi|grep -E "^GRST_CRED_AURI_.*Role=" | sed -r 's/^GRST_CRED_AURI_[0-9]+=fqan://' > test-roles-post.$$.out
if [ ! -s test-roles-post.$$.out ]; then
test_failed
print_error "List of role attributes is empty!"
git://scientific.zcu.cz / jra1mw.git / commitdiff