Test that error env vars are properly exported.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

Closes #130

Author: simo5

src/mod_auth_gssapi.c

@@ -69,14 +69,17 @@ char *mag_error(request_rec *req, const char *msg, uint32_t maj, uint32_t min)
 }
 
 enum mag_err_code {
-    MAG_GSS_ERR = 1,
+    MAG_NO_AUTH = 1,
+    MAG_GSS_ERR,
     MAG_INTERNAL,
     MAG_AUTH_NOT_ALLOWED
 };
 
 static const char *mag_err_text(enum mag_err_code err)
 {
     switch (err) {
+    case MAG_NO_AUTH:
+        return "NO AUTH DATA";
     case MAG_GSS_ERR:
         return "GSS ERROR";
     case MAG_INTERNAL:
@@ -948,10 +951,18 @@ static int mag_auth(request_rec *req)
     }
 
     /* We can proceed only if we do have an auth header */
-    if (!auth_header) goto done;
+    if (!auth_header) {
+        mag_post_error(req, cfg, MAG_NO_AUTH, 0, 0,
+                       "Client did not send any authentication headers");
+        goto done;
+    }
 
     auth_header_type = ap_getword_white(req->pool, &auth_header);
-    if (!auth_header_type) goto done;
+    if (!auth_header_type) {
+        mag_post_error(req, cfg, MAG_NO_AUTH, 0, 0,
+                       "Client sent malformed authentication headers");
+        goto done;
+    }
 
     /* We got auth header, sending auth header would mean re-auth */
     send_auth_header = !cfg->negotiate_once;
@@ -1028,6 +1039,8 @@ static int mag_auth(request_rec *req)
         break;
 
     default:
+        mag_post_error(req, cfg, MAG_NO_AUTH, 0, 0,
+                       "Client sent unknown authentication headers");
         goto done;
     }
 

tests/401.html

@@ -0,0 +1 @@
+MAG_ERROR:[<!--#echo var="REDIRECT_MAG_ERROR" -->] MAG_ERROR_TEXT:[<!--#echo var="REDIRECT_MAG_ERROR_TEXT" -->] GSS_ERROR_MAJ:[<!--#echo var="REDIRECT_GSS_ERROR_MAJ" -->] GSS_ERROR_MIN:[<!--#echo var="REDIRECT_GSS_ERROR_MIN" -->]

tests/httpd.conf

@@ -93,6 +93,8 @@ DocumentRoot "${HTTPROOT}/html"
 </Directory>
 <Directory "${HTTPROOT}/html">
     Options Indexes FollowSymLinks
+    Options +Includes
+    AddOutputFilter INCLUDES .html
     AllowOverride None
     Require all granted
 </Directory>
@@ -112,6 +114,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combine
 CustomLog "logs/access_log" combined
 </IfModule>
 
+ErrorDocument 401 /401.html
 ErrorLog "logs/error_log"
 LogLevel debug
 
@@ -193,6 +196,7 @@ CoreDumpDirectory "${HTTPROOT}"
   GssapiBasicAuth On
   GssapiBasicAuthMech krb5
   GssapiConnectionBound On
+  GssapiPublishErrors On
   Require valid-user
 </Location>
 

tests/magtests.py

@@ -239,6 +239,8 @@ def setup_http(testdir, wrapenv):
     with open(config, 'w+') as f:
         f.write(text)
 
+    shutil.copy('tests/401.html', os.path.join(httpdir, 'html'))
+
     httpenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
                'MALLOC_CHECK_': '3',
                'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}

tests/t_basic_k5_fail_second.py

@@ -3,6 +3,7 @@
 
 import os
 import requests
+import sys
 from requests.auth import HTTPBasicAuth
 
 
@@ -22,6 +23,8 @@
     r = s.get(url)
     if r.status_code == 200:
         raise ValueError('Basic Auth: Got Success while expecting Error')
+    if not 'GSS ERROR' in r.text:
+        raise ValueError('Basic Auth: Expected error variable is missing')
 
     url = 'http://%s:%s@%s/basic_auth_krb5/' % (os.environ['MAG_USER_NAME_2'],
                                                 os.environ['MAG_USER_PASSWORD_2'],