From 9e24b43cb962d7d0035154a546ef281d0a786162 Mon Sep 17 00:00:00 2001 From: Ryan Chu Date: Wed, 28 Feb 2018 16:48:38 +0100 Subject: Docker-based test servers for network-related Qt autotests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The existing network test server has some limitations. Most notably, it is not accessible by every Qt developer. Also, some services don't allow simultaneous access, which causes flaky test results. Instead of centralizing all the services to one physical machine, the idea is to build up several dedicated servers inside separate Docker containers. 1. Create testserver.pri and integrate it into the make check command of Qt Test. 2. Define QT_TEST_SERVER flag for changing test parameters at compile time. Task-number: QTQAINFRA-1686 Change-Id: I0422ddb97eb8c11b4818771454851d19671253b1 Reviewed-by: Jędrzej Nowacki Reviewed-by: Ryan Chu --- tests/testserver/apache2/apache2.sh | 77 ++++++++++++++ tests/testserver/apache2/testdata/dav.conf | 7 ++ tests/testserver/apache2/testdata/deflate.conf | 5 + tests/testserver/apache2/testdata/main.conf | 56 +++++++++++ tests/testserver/apache2/testdata/security.conf | 51 ++++++++++ tests/testserver/apache2/testdata/ssl.conf | 2 + .../apache2/testdata/www/cgi-bin/echo.cgi | 11 ++ .../testdata/www/htdocs/auth-digest/index.html | 1 + .../apache2/testdata/www/htdocs/digest-authfile | 1 + .../apache2/testdata/www/htdocs/fluke.gif | Bin 0 -> 27906 bytes .../apache2/testdata/www/htdocs/index.html | 3 + .../www/htdocs/protected/cgi-bin/md5sum.cgi | 6 ++ .../testdata/www/htdocs/rfcs-auth/index.html | 1 + tests/testserver/common/ssl.sh | 39 +++++++ tests/testserver/common/startup.sh | 52 ++++++++++ .../testdata/ssl/private/qt-test-server-key.pem | 15 +++ .../common/testdata/ssl/qt-test-server-cert.pem | 16 +++ tests/testserver/common/testdata/system/passwords | 12 +++ tests/testserver/danted/danted.sh | 44 ++++++++ .../danted/testdata/danted-authenticating.conf | 19 ++++ tests/testserver/danted/testdata/danted.conf | 19 ++++ tests/testserver/docker-compose.yml | 89 ++++++++++++++++ tests/testserver/ftp-proxy/ftp-proxy.sh | 40 ++++++++ tests/testserver/squid/squid.sh | 46 +++++++++ .../squid/testdata/squid-authenticating-ntlm.conf | 41 ++++++++ tests/testserver/squid/testdata/squid.conf | 46 +++++++++ .../vsftpd/testdata/ftp/pub/file-not-readable.txt | 1 + tests/testserver/vsftpd/testdata/vsftpd.conf | 112 +++++++++++++++++++++ tests/testserver/vsftpd/testdata/vsftpd.user_list | 20 ++++ tests/testserver/vsftpd/vsftpd.sh | 66 ++++++++++++ 30 files changed, 898 insertions(+) create mode 100755 tests/testserver/apache2/apache2.sh create mode 100644 tests/testserver/apache2/testdata/dav.conf create mode 100644 tests/testserver/apache2/testdata/deflate.conf create mode 100644 tests/testserver/apache2/testdata/main.conf create mode 100644 tests/testserver/apache2/testdata/security.conf create mode 100644 tests/testserver/apache2/testdata/ssl.conf create mode 100755 tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi create mode 100644 tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html create mode 100644 tests/testserver/apache2/testdata/www/htdocs/digest-authfile create mode 100644 tests/testserver/apache2/testdata/www/htdocs/fluke.gif create mode 100644 tests/testserver/apache2/testdata/www/htdocs/index.html create mode 100755 tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi create mode 100644 tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html create mode 100755 tests/testserver/common/ssl.sh create mode 100755 tests/testserver/common/startup.sh create mode 100644 tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem create mode 100644 tests/testserver/common/testdata/ssl/qt-test-server-cert.pem create mode 100644 tests/testserver/common/testdata/system/passwords create mode 100755 tests/testserver/danted/danted.sh create mode 100644 tests/testserver/danted/testdata/danted-authenticating.conf create mode 100644 tests/testserver/danted/testdata/danted.conf create mode 100644 tests/testserver/docker-compose.yml create mode 100755 tests/testserver/ftp-proxy/ftp-proxy.sh create mode 100755 tests/testserver/squid/squid.sh create mode 100644 tests/testserver/squid/testdata/squid-authenticating-ntlm.conf create mode 100644 tests/testserver/squid/testdata/squid.conf create mode 100644 tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt create mode 100644 tests/testserver/vsftpd/testdata/vsftpd.conf create mode 100644 tests/testserver/vsftpd/testdata/vsftpd.user_list create mode 100755 tests/testserver/vsftpd/vsftpd.sh (limited to 'tests/testserver') diff --git a/tests/testserver/apache2/apache2.sh b/tests/testserver/apache2/apache2.sh new file mode 100755 index 0000000000..4b0c74e2c4 --- /dev/null +++ b/tests/testserver/apache2/apache2.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package apache2 + +# add users +useradd httptest; echo "httptest:httptest" | chpasswd + +# enable apache2 module +/usr/sbin/a2enmod ssl dav_fs headers deflate auth_digest cgi + +# enable apache2 config +cp $TESTDATA/{main,security,ssl,dav}.conf /etc/apache2/conf-available/ +/usr/sbin/a2enconf main security ssl dav + +# install configurations and test data +cp $TESTDATA/deflate.conf /etc/apache2/mods-available/ +mkdir -p -m 1777 /home/writeables/dav # dav.conf +a2dissite '*' # disable all of the default apache2 sites + +# Populate the web-site: +su $USER -c "cp -r $TESTDATA/www ~/www" + +# tst_QNetworkReply::getFromHttp(success-internal) +su $USER -c "cp rfc3252.txt ~/www/htdocs/"; rm rfc3252.txt + +# tst_QNetworkReply::synchronousRequest_data() +su $USER -c "mkdir -p ~/www/htdocs/deflate/" +su $USER -c "ln -s ~/www/htdocs/rfc3252.txt ~/www/htdocs/deflate/" + +# tst_QNetworkReply::headFromHttp(with-authentication) +su $USER -c "ln -s ~/www/htdocs/rfc3252.txt ~/www/htdocs/rfcs-auth/" + +# Duplicate rfc3252.txt 20 times for bigfile tests: +su $USER -c "seq 20 | xargs -i cat ~/www/htdocs/rfc3252.txt >> ~/www/htdocs/bigfile" + +# tst_QNetworkReply::postToHttp(empty) +su $USER -c "ln -s ~/www/htdocs/protected/cgi-bin/md5sum.cgi ~/www/cgi-bin/" + +# tst_QNetworkReply::lastModifiedHeaderForHttp() expects this time-stamp: +touch -d "2007-05-22 12:04:57 GMT" /home/$USER/www/htdocs/fluke.gif + +# Create 10MB file for use by tst_Q*::downloadBigFile and interruption tests: +su $USER -c "/bin/dd if=/dev/zero of=~/www/htdocs/mediumfile bs=1 count=0 seek=10000000" + +# enable service with installed configurations +service apache2 restart diff --git a/tests/testserver/apache2/testdata/dav.conf b/tests/testserver/apache2/testdata/dav.conf new file mode 100644 index 0000000000..c207c2734b --- /dev/null +++ b/tests/testserver/apache2/testdata/dav.conf @@ -0,0 +1,7 @@ +Alias /dav /home/writeables/dav + + DAV On + order allow,deny + allow from all + Require all granted + diff --git a/tests/testserver/apache2/testdata/deflate.conf b/tests/testserver/apache2/testdata/deflate.conf new file mode 100644 index 0000000000..6a15701d49 --- /dev/null +++ b/tests/testserver/apache2/testdata/deflate.conf @@ -0,0 +1,5 @@ +# The default configuration will turn on DEFLATE for files served up +# from everywhere. +# +# For testing purposes, we want DEFLATE off by default, and on only for +# specific paths (which is set elsewhere). diff --git a/tests/testserver/apache2/testdata/main.conf b/tests/testserver/apache2/testdata/main.conf new file mode 100644 index 0000000000..5cfa544623 --- /dev/null +++ b/tests/testserver/apache2/testdata/main.conf @@ -0,0 +1,56 @@ +ServerName apache2.test-net.qt:80 + +NameVirtualHost *:443 + + + + + +SSLEngine On +CustomLog /var/log/apache2/ssl_access.log combined +ErrorLog /var/log/apache2/ssl_error.log + + +# default ubuntu config turns off SSLv2 because it is deprecated. +# Turn it back on so we can test it. +SSLProtocol all + +DocumentRoot /home/qt-test-server/www/htdocs +ScriptAlias /qtest/cgi-bin/ "/home/qt-test-server/www/cgi-bin/" +ScriptAlias /qtest/protected/cgi-bin/ "/home/qt-test-server/www/htdocs/protected/cgi-bin/" +Alias /qtest "/home/qt-test-server/www/htdocs/" + + + Require all granted + + + + AuthType Basic + AuthName "Restricted Files" + AuthUserFile /home/qt-test-server/passwords + Require user httptest + + + + AuthType Digest + AuthName "Digest testing" + AuthDigestProvider file + AuthUserFile /home/qt-test-server/www/htdocs/digest-authfile + Require user httptest + + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml + Header append Vary User-Agent env=!dont-vary + + + + Options +ExecCGI -Includes + AddHandler cgi-script .cgi .pl + Require all granted + + + + + AllowOverride AuthConfig Options + diff --git a/tests/testserver/apache2/testdata/security.conf b/tests/testserver/apache2/testdata/security.conf new file mode 100644 index 0000000000..30a8ee3765 --- /dev/null +++ b/tests/testserver/apache2/testdata/security.conf @@ -0,0 +1,51 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +#TraceEnable Off +TraceEnable On + diff --git a/tests/testserver/apache2/testdata/ssl.conf b/tests/testserver/apache2/testdata/ssl.conf new file mode 100644 index 0000000000..d6bbaf0da0 --- /dev/null +++ b/tests/testserver/apache2/testdata/ssl.conf @@ -0,0 +1,2 @@ +SSLCertificateFile /home/qt-test-server/ssl-certs/qt-test-server-cert.pem +SSLCertificateKeyFile /home/qt-test-server/ssl-certs/private/qt-test-server-key.pem diff --git a/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi b/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi new file mode 100755 index 0000000000..16315a3db6 --- /dev/null +++ b/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi @@ -0,0 +1,11 @@ +#!/usr/bin/perl + +if ($ENV{'REQUEST_METHOD'} eq "GET") { + $request = $ENV{'QUERY_STRING'}; +} elsif ($ENV{'REQUEST_METHOD'} eq "POST") { + read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not get query\n"; +} + +print "Content-type: text/plain\n\n"; +print $request; + diff --git a/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html b/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html new file mode 100644 index 0000000000..fa96496aa0 --- /dev/null +++ b/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html @@ -0,0 +1 @@ +digest authentication successful diff --git a/tests/testserver/apache2/testdata/www/htdocs/digest-authfile b/tests/testserver/apache2/testdata/www/htdocs/digest-authfile new file mode 100644 index 0000000000..99963901ce --- /dev/null +++ b/tests/testserver/apache2/testdata/www/htdocs/digest-authfile @@ -0,0 +1 @@ +httptest:Digest testing:5f68f4bc3cd2873a3d547558fe7d9782 diff --git a/tests/testserver/apache2/testdata/www/htdocs/fluke.gif b/tests/testserver/apache2/testdata/www/htdocs/fluke.gif new file mode 100644 index 0000000000..6060cbd4d7 Binary files /dev/null and b/tests/testserver/apache2/testdata/www/htdocs/fluke.gif differ diff --git a/tests/testserver/apache2/testdata/www/htdocs/index.html b/tests/testserver/apache2/testdata/www/htdocs/index.html new file mode 100644 index 0000000000..abc1df188d --- /dev/null +++ b/tests/testserver/apache2/testdata/www/htdocs/index.html @@ -0,0 +1,3 @@ +

Welcome to qt-test-server

+fluke +

This is a network test server. It serves as a caching ftp and http proxy, transparent http/socks5 proxy, imap, ftp and http server, and more.

diff --git a/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi b/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi new file mode 100755 index 0000000000..e580462b85 --- /dev/null +++ b/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi @@ -0,0 +1,6 @@ +#!/bin/sh + +echo "Content-type: text/plain"; +echo "Content-length: 33" +echo +md5sum | cut -f 1 -d " " diff --git a/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html b/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html new file mode 100644 index 0000000000..472e6ce55d --- /dev/null +++ b/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html @@ -0,0 +1 @@ +you found the secret diff --git a/tests/testserver/common/ssl.sh b/tests/testserver/common/ssl.sh new file mode 100755 index 0000000000..8a4728ad4d --- /dev/null +++ b/tests/testserver/common/ssl.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package ssl + +# install ssl_certs and test data +su $USER -c "mkdir -p -m 700 ~/ssl-certs/private" +su $USER -c "cp $CONFIG/ssl/qt-test-server-cert.pem ~/ssl-certs/" +su $USER -c "cp $CONFIG/ssl/private/qt-test-server-key.pem ~/ssl-certs/private/" diff --git a/tests/testserver/common/startup.sh b/tests/testserver/common/startup.sh new file mode 100755 index 0000000000..10847d3524 --- /dev/null +++ b/tests/testserver/common/startup.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# export variables +export USER=qt-test-server +export PASS=password +export CONFIG=common/testdata +export TESTDATA=service/testdata + +# add users +useradd -m -s /bin/bash $USER; echo "$USER:$PASS" | chpasswd + +# install configurations and test data +su $USER -c "cp $CONFIG/system/passwords ~/" + +# modules initialization (apache2.sh, ftp-proxy.sh ...) +for RUN_CMD +do $RUN_CMD +done + +# keep-alive in docker detach mode +sleep infinity diff --git a/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem b/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem new file mode 100644 index 0000000000..8b7ce5811a --- /dev/null +++ b/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDNqttv1jTJp/HAvuRBGBniAski5qfVugMunih69F8ad193qRE7 +j37wLsae6zrZEtfBDFHoJFI/I8NCDBHG8hyhQv60wmmDrfdwsRgVzCAoYjDwLBXm +Mxmvw+scwJH3EWiUUPhJNwgy1z5136O8aQAV3s2HD1wCa4LIAX1q8B3ccwIDAQAB +AoGAGiDou+6UykHB3uDhkruDHkmIUBzJmceF+/gv4F8Hbg9YW5VpEQ4L7Guk5C+y +TD2ul2H/TeS/ZjIe7lcmMwYzSLcyeKfaiaV1EhPGjIdvB4ysTN79pfWXQtlpt/Z9 +I/EOoW9XosJ/EOFdpgV0MC9QMTQKMyS0qQLwhBsoAW4DcEECQQDmrWEPNprbEDIH +Sm+KlMH6rdybIvzR3IPlYE6kMjQIWbUmGNxSUT7B/UDh2QeaTT54Rb1Ygnq7gVjC +RHU3wnGxAkEA5D6jI/E/xtQSq0KKVpbOxN1dIo0MVPbO/hI7/pO2DdZIM0O4GL55 +ks83O5ZDTfrVy2Ys/9lqbbq+5FSs+NZ1YwJBANzAXRsO+YDcbdP2Uun+0+fOjEhW +YjV/XyWaVYfil1LKboXn0qhgIbvJXVcEt7bdZwP4UWwracKY1NUMaFSVGvECQQC/ +L3iX8szpT1sT+XjHbytj28jX2C4sPVDFoaB/bltg280+o8rhbyuGvewWDZfzCdlr +tvqalROBNpwPxp3dEkbhAkEAl7N7/7hWbw7Xv69ww7i0jcPduukbtbEY1DTmARhR +rOF5AiztOAe+R94iLzkj63ZU0LcoSAixehp2tdkdtTI4CQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem b/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem new file mode 100644 index 0000000000..dae5641a88 --- /dev/null +++ b/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICiTCCAfICCQCqBnF3SPSY7jANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xFjAUBgNVBAMUDSoudGVzdC1uZXQucXQwHhcNMTgwMzEzMDkyNjQ0WhcN +NDgwMzA1MDkyNjQ0WjCBiDELMAkGA1UEChMCUXQxGTAXBgNVBAsTEENvcmUgQW5k +IE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5vYm9keS5xdC5pbzENMAsGA1UEBxME +T3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UEBhMCTk8xFjAUBgNVBAMUDSoudGVz +dC1uZXQucXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2q22/WNMmn8cC+ +5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7rOtkS18EMUegkUj8jw0IM +EcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzAkfcRaJRQ+Ek3CDLXPnXf +o7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAwNhw +aKznTaMj6JeHP/kEEwMppRkNjmh4ECdQfT9vYNs45UKSAvCa1dn6ZBZKIdhqKCLn +U2qiIS2783IoisRjFtg8x70S13EsBw/yEL/av+Ca1gQHOIFrOuLqwYbslTHrRXRA +RPzHOl3ZP9FD3mPZ8jyzxYs4x5EM0X26FkAR078= +-----END CERTIFICATE----- diff --git a/tests/testserver/common/testdata/system/passwords b/tests/testserver/common/testdata/system/passwords new file mode 100644 index 0000000000..4e911b3f0e --- /dev/null +++ b/tests/testserver/common/testdata/system/passwords @@ -0,0 +1,12 @@ +# user: foo; passwd: bar +foo:bab.5ZXQdbvEo + +# user: qsockstest; passwd: qsockstest +#qsockstest:S7oOqMpoG6aTk + +# user: qsockstest; passwd: password +qsockstest:Cd3Lv2aD0aiBs + +#user httptest password httptest +httptest:v2fwkDMgrRjRA +# added by mgoetz for tst_qnetworkreply ioPostToHttpFromSocket diff --git a/tests/testserver/danted/danted.sh b/tests/testserver/danted/danted.sh new file mode 100755 index 0000000000..bf3d154f33 --- /dev/null +++ b/tests/testserver/danted/danted.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package dante-server + +# add users +useradd -d /dev/null -s /bin/false qsockstest; echo "qsockstest:$PASS" | chpasswd + +# install configurations and test data +cp $TESTDATA/danted{,-authenticating}.conf /etc/ + +# enable service with installed configurations +service danted start +service danted-authenticating start diff --git a/tests/testserver/danted/testdata/danted-authenticating.conf b/tests/testserver/danted/testdata/danted-authenticating.conf new file mode 100644 index 0000000000..ccb4acc801 --- /dev/null +++ b/tests/testserver/danted/testdata/danted-authenticating.conf @@ -0,0 +1,19 @@ +# A sample danted-authenticating.conf +# See: https://www.inet.no/dante/doc/1.4.x/config/ +logoutput: /var/log/sockd-authenticating.log +internal: eth0 port = 1081 +external: eth0 +method: username +user.privileged: root +user.notprivileged: nobody +user.libwrap: nobody + +client pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: error connect disconnect +} + +pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: error connect disconnect +} diff --git a/tests/testserver/danted/testdata/danted.conf b/tests/testserver/danted/testdata/danted.conf new file mode 100644 index 0000000000..bd0e6a8343 --- /dev/null +++ b/tests/testserver/danted/testdata/danted.conf @@ -0,0 +1,19 @@ +# A sample danted.conf +# See: https://www.inet.no/dante/doc/1.4.x/config/ +logoutput: /var/log/sockd.log +internal: eth0 port = 1080 +external: eth0 +method: username none +user.privileged: proxy +user.notprivileged: nobody +user.libwrap: nobody + +client pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: error connect disconnect +} + +pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: error connect disconnect +} diff --git a/tests/testserver/docker-compose.yml b/tests/testserver/docker-compose.yml new file mode 100644 index 0000000000..334818bc9b --- /dev/null +++ b/tests/testserver/docker-compose.yml @@ -0,0 +1,89 @@ +version: '3.4' + +x-domains: + &testdomain + ${TESTSERVER_DOMAIN:-test-net.qt} + +# The tag of images is used by docker compose file to launch the corresponding +# docker containers. The value of tag comes from the provisioning script +# (coin/provisioning/.../testserver/docker_testserver.sh). The script gets SHA-1 +# of each server context as the tag of docker images. If one of the server +# contexts gets changes, please make sure to update this compose file as well. +# You can run command 'docker images' to list all the tag of test server images. +# For example: +# REPOSITORY TAG IMAGE ID +# qt-test-server-apache2 e2a70c8b169c204e762b375885bd3a26cc40ba48 2ad5c8720317 + +services: + apache2: + image: qt-test-server-apache2:e2a70c8b169c204e762b375885bd3a26cc40ba48 + container_name: qt-test-server-apache2 + domainname: *testdomain + hostname: apache2 + volumes: + - ./common:/common:ro + - ./apache2:/service:ro + entrypoint: common/startup.sh + command: [common/ssl.sh, service/apache2.sh] + + squid: + image: qt-test-server-squid:276768104d3bbf097f4f3d9f3dc472a067852094 + container_name: qt-test-server-squid + domainname: *testdomain + hostname: squid + depends_on: + - apache2 + external_links: + - apache2:apache2.test-net.qt + volumes: + - ./common:/common:ro + - ./squid:/service:ro + entrypoint: common/startup.sh + command: service/squid.sh + + vsftpd: + image: qt-test-server-vsftpd:ab7ecdbbace1bce7642a92ce04e9051c7630376c + container_name: qt-test-server-vsftpd + domainname: *testdomain + hostname: vsftpd + depends_on: + - squid + volumes: + - ./common:/common:ro + - ./vsftpd:/service:ro + entrypoint: common/startup.sh + command: service/vsftpd.sh + + ftp-proxy: + image: qt-test-server-ftp-proxy:4c5734fe60eb450cbf8a96165f67cba19851ec12 + container_name: qt-test-server-ftp-proxy + domainname: *testdomain + hostname: ftp-proxy + depends_on: + - vsftpd + external_links: + - vsftpd:vsftpd.test-net.qt + volumes: + - ./common:/common:ro + - ./ftp-proxy:/service:ro + entrypoint: common/startup.sh + command: service/ftp-proxy.sh + + danted: + image: qt-test-server-danted:8404549745b5601ec3d22dc019258b70438864de + container_name: qt-test-server-danted + domainname: *testdomain + hostname: danted + depends_on: + - apache2 + - vsftpd + - ftp-proxy + external_links: + - apache2:apache2.test-net.qt + - vsftpd:vsftpd.test-net.qt + - ftp-proxy:ftp-proxy.test-net.qt + volumes: + - ./common:/common:ro + - ./danted:/service:ro + entrypoint: common/startup.sh + command: service/danted.sh diff --git a/tests/testserver/ftp-proxy/ftp-proxy.sh b/tests/testserver/ftp-proxy/ftp-proxy.sh new file mode 100755 index 0000000000..087a7b7bcc --- /dev/null +++ b/tests/testserver/ftp-proxy/ftp-proxy.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package ftp-proxy + +# install configurations and test data +sed -i 's/# AllowMagicUser\tno/AllowMagicUser\tyes/' /etc/proxy-suite/ftp-proxy.conf + +# enable service with installed configurations +ftp-proxy -d diff --git a/tests/testserver/squid/squid.sh b/tests/testserver/squid/squid.sh new file mode 100755 index 0000000000..8e413f2f14 --- /dev/null +++ b/tests/testserver/squid/squid.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package squid + +# install configurations and test data +cp $TESTDATA/squid{,-authenticating-ntlm}.conf /etc/squid/ +sed -e 's,NAME=squid,NAME=squid-authenticating-ntlm,' \ + -e 's,CONFIG=/etc/squid/squid.conf,CONFIG=/etc/squid/squid-authenticating-ntlm.conf,' \ + -e 's,SQUID_ARGS="-YC -f $CONFIG",SQUID_ARGS="-D -YC -f $CONFIG",' \ + /etc/init.d/squid >/etc/init.d/squid-authenticating-ntlm +chmod +x /etc/init.d/squid-authenticating-ntlm + +# enable service with installed configurations +service squid start +service squid-authenticating-ntlm start diff --git a/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf b/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf new file mode 100644 index 0000000000..55a74498e9 --- /dev/null +++ b/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf @@ -0,0 +1,41 @@ +pid_filename /var/run/squid-authenticating-ntlm.pid +access_log /var/log/squid/access-authenticating-ntlm.log +cache_log /var/log/squid/cache-authenticating-ntlm.log +cache_store_log /var/log/squid/store-authenticating-ntlm.log +http_port 3130 +hierarchy_stoplist cgi-bin ? +acl QUERY urlpath_regex cgi-bin \? +no_cache deny QUERY +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern . 0 20% 4320 +acl port3130 myport 3130 +acl manager proto cache_object +acl localhost src 127.0.0.1/255.255.255.255 +acl to_localhost dst 127.0.0.0/8 +acl SSL_ports port 443 563 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 563 # https, snews +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access allow manager localhost +http_access deny manager +http_access allow localhost + + +# port 3130: ntlm auth +auth_param ntlm program /usr/lib/squid/ntlm_smb_lm_auth --debuglevel=5 --logfile=/var/log/ntlm --log-basename=/var/log/ntlm --helper-protocol=squid-2.5-ntlmssp +auth_param ntlm children 2 +acl ntlm_users proxy_auth REQUIRED +http_access allow port3130 ntlm_users +http_reply_access allow port3130 ntlm_users + +icp_access allow all +coredump_dir /var/cache/squid diff --git a/tests/testserver/squid/testdata/squid.conf b/tests/testserver/squid/testdata/squid.conf new file mode 100644 index 0000000000..da1b13af8c --- /dev/null +++ b/tests/testserver/squid/testdata/squid.conf @@ -0,0 +1,46 @@ +http_port 3128 +http_port 3129 +hierarchy_stoplist cgi-bin ? +acl QUERY urlpath_regex cgi-bin \? +no_cache deny QUERY +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern . 0 20% 4320 +acl port3128 myport 3128 +acl port3129 myport 3129 +acl manager proto cache_object +acl localhost src 127.0.0.1/255.255.255.255 +acl to_localhost dst 127.0.0.0/8 +acl SSL_ports port 443 563 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 563 # https, snews +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access allow manager localhost +http_access deny manager +http_access allow localhost + + +# port 3128: no auth required +http_access allow port3128 +http_reply_access allow port3128 + +# port 3129: basic auth +auth_param basic program /usr/lib/squid/basic_ncsa_auth /home/qt-test-server/passwords +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours +auth_param basic casesensitive off +acl ncsa_users proxy_auth REQUIRED +http_access allow port3129 ncsa_users +http_reply_access allow port3129 ncsa_users + +icp_access allow all +coredump_dir /var/cache/squid diff --git a/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt b/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt new file mode 100644 index 0000000000..235fa4d28b --- /dev/null +++ b/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt @@ -0,0 +1 @@ +If you can read this, you are too close. diff --git a/tests/testserver/vsftpd/testdata/vsftpd.conf b/tests/testserver/vsftpd/testdata/vsftpd.conf new file mode 100644 index 0000000000..6bdb186c9f --- /dev/null +++ b/tests/testserver/vsftpd/testdata/vsftpd.conf @@ -0,0 +1,112 @@ +# Allow anonymous FTP? (Beware - allowed by default if you comment this out). +anonymous_enable=YES +# +# Uncomment this to allow local users to log in. +local_enable=YES +# +# Uncomment this to enable any form of FTP write command. +write_enable=YES +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +local_umask=022 +# +# Uncomment this to allow the anonymous FTP user to upload files. This only +# has an effect if the above global write enable is activated. Also, you will +# obviously need to create a directory writable by the FTP user. +anon_upload_enable=YES +anon_umask=022 +# +# Uncomment this if you want the anonymous FTP user to be able to create +# new directories. +anon_mkdir_write_enable=YES +anon_other_write_enable=YES +anon_world_readable_only=YES +# +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES +# +# Activate logging of uploads/downloads. +xferlog_enable=YES +# +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES +# +# If you want, you can arrange for uploaded anonymous files to be owned by +# a different user. Note! Using "root" for uploaded files is not +# recommended! +#chown_uploads=YES +#chown_username=ftp +#chown_groupname=ftp +# +# You may override where the log file goes if you like. The default is shown +# below. +#xferlog_file=/var/log/vsftpd.log +# +# If you want, you can have your log file in standard ftpd xferlog format +xferlog_std_format=YES +# +# You may change the default value for timing out an idle session. +#idle_session_timeout=600 +# +# You may change the default value for timing out a data connection. +#data_connection_timeout=120 +# +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure +# +# Enable this and the server will recognize asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES +# +# By default the server will pretend to allow ASCII mode but in fact ignore +# the request. Turn on the below options to have the server actually do ASCII +# mangling on files when in ASCII mode. +# Beware that on some FTP servers, ASCII support allows a denial of service +# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd +# predicted this attack and has always been safe, reporting the size of the +# raw file. +# ASCII mangling is a horrible feature of the protocol. +ascii_upload_enable=YES +ascii_download_enable=YES +# +# You may fully customize the login banner string: +#ftpd_banner=Welcome to blah FTP service. +# +# You may specify a file of disallowed anonymous e-mail addresses. Apparently +# useful for combatting certain DoS attacks. +#deny_email_enable=YES +# (default follows) +#banned_email_file=/etc/vsftpd/banned_emails +# +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd/chroot_list +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +ls_recurse_enable=YES + +pam_service_name=vsftpd +userlist_enable=YES +#enable for standalone mode +listen=YES +tcp_wrappers=YES + +# Enabling SFTP +#ssl_enable=YES +#allow_anon_ssl=YES +#force_local_data_ssl=NO +#force_local_logins_ssl=NO +#ssl_tlsv1=YES +#ssl_sslv2=NO +#ssl_sslv3=NO +#rsa_cert_file=/etc/vsftpd/vsftpd.pem diff --git a/tests/testserver/vsftpd/testdata/vsftpd.user_list b/tests/testserver/vsftpd/testdata/vsftpd.user_list new file mode 100644 index 0000000000..d283e3d260 --- /dev/null +++ b/tests/testserver/vsftpd/testdata/vsftpd.user_list @@ -0,0 +1,20 @@ +# vsftpd userlist +# If userlist_deny=NO, only allow users in this file +# If userlist_deny=YES (default), never allow users in this file, and +# do not even prompt for a password. +# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers +# for users that are denied. +root +bin +daemon +adm +lp +sync +shutdown +halt +mail +news +uucp +operator +games +nobody diff --git a/tests/testserver/vsftpd/vsftpd.sh b/tests/testserver/vsftpd/vsftpd.sh new file mode 100755 index 0000000000..1ba1a8c347 --- /dev/null +++ b/tests/testserver/vsftpd/vsftpd.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +############################################################################# +## +## Copyright (C) 2018 The Qt Company Ltd. +## Contact: https://www.qt.io/licensing/ +## +## This file is part of the test suite of the Qt Toolkit. +## +## $QT_BEGIN_LICENSE:GPL$ +## Commercial License Usage +## Licensees holding valid commercial Qt licenses may use this file in +## accordance with the commercial license agreement provided with the +## Software or, alternatively, in accordance with the terms contained in +## a written agreement between you and The Qt Company. For licensing terms +## and conditions see https://www.qt.io/terms-conditions. For further +## information use the contact form at https://www.qt.io/contact-us. +## +## GNU General Public License Usage +## Alternatively, this file may be used under the terms of the GNU +## General Public License version 3 or (at your option) any later version +## approved by the KDE Free Qt Foundation. The licenses are as published by +## the Free Software Foundation and appearing in the file LICENSE.GPL3 +## included in the packaging of this file. Please review the following +## information to ensure the GNU General Public License requirements will +## be met: https://www.gnu.org/licenses/gpl-3.0.html. +## +## $QT_END_LICENSE$ +## +############################################################################# + +set -ex + +# package vsftpd + +# add users +usermod -d "/home/$USER/ftp/" ftp #existing user +useradd -d "/home/$USER/ftp" -s /bin/bash ftptest; echo "ftptest:$PASS" | chpasswd + +# install configurations and test data +cp $TESTDATA/vsftpd.{conf,user_list} /etc/ + +# Resolve error message "vsftpd failed - probably invalid config" during boot +command='start-stop-daemon --start --background -m --oknodo --pidfile /var/run/vsftpd/vsftpd.pid' +command+=' --exec ${DAEMON}' +sed -i "s,$command.*$,$command; sleep 1," /etc/init.d/vsftpd + +# Populate the FTP sites: +su $USER -c "cp -r $TESTDATA/ftp ~/ftp" +ln -s /home/$USER/ftp /var/ftp + +# tst_QNetworkReply::getFromFtp_data() +su $USER -c "mkdir -p ~/ftp/qtest/" +su $USER -c "cp rfc3252.txt ~/ftp/qtest/"; rm rfc3252.txt + +# Duplicate rfc3252.txt 20 times for bigfile tests: +su $USER -c "seq 20 | xargs -i cat ~/ftp/qtest/rfc3252.txt >> ~/ftp/qtest/bigfile" + +# tst_QNetworkReply::getErrors_data(), testdata with special permissions +su $USER -c "chmod 0600 ~/ftp/pub/file-not-readable.txt" + +# Shared FTP folder (sticky bit) +su $USER -c "mkdir -p -m 1777 ~/ftp/qtest/upload" # FTP incoming dir + +# enable service with installed configurations +service vsftpd restart -- cgit v1.2.3