]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | set -e | |
3 | ||
4 | TESTDIR="$(readlink -f "$(dirname "$0")")" | |
5 | . "$TESTDIR/framework" | |
6 | ||
7 | setupenvironment | |
8 | ||
9 | # We don't do a real proxy here, we just look how the implementation | |
10 | # reacts to certain responses from a "proxy" provided by socat | |
11 | # Checks HTTP, but requesting https instead will check HTTPS (curl) which | |
12 | # uses different error messages through – also: https://github.com/curl/curl/issues/944 | |
13 | ||
14 | # FIXME: Not run automatically as it uses a hardcoded port (5555) | |
15 | ||
16 | msgtest 'Check that everything is installed' 'socat' | |
17 | if dpkg-checkbuilddeps -d 'socat' /dev/null >/dev/null 2>&1; then | |
18 | msgpass | |
19 | else | |
20 | msgskip "$(command dpkg -l socat)" | |
21 | exit | |
22 | fi | |
23 | ||
24 | runclient() { | |
25 | # this doesn't need to be an actually reachable webserver for this test | |
26 | # in fact, its better if it isn't. | |
27 | rm -f index.html | |
28 | apthelper download-file "http://${2:-localhost:2903}/" index.html \ | |
29 | -o Acquire::http::Proxy="socks5h://${1}localhost:5555" \ | |
30 | -o Acquire::http::Timeout=2 -o Debug::Acquire::http=1 > client.output 2>&1 || true | |
31 | } | |
32 | runserver() { | |
33 | socat -x tcp-listen:5555,reuseaddr \ | |
34 | system:"echo -n '$*' | xxd -r -p; echo 'HTTP/1.1 200 OK'; echo 'Content-Length: 5'; echo 'Connection: close'; echo; echo 'HTML'" \ | |
35 | > server.output 2>&1 & | |
36 | } | |
37 | PROXY="socks5h://localhost:5555" | |
38 | ||
39 | msgmsg 'SOCKS does not run' | |
40 | runclient | |
41 | testsuccess grep 'Could not connect to localhost:5555' client.output | |
42 | ||
43 | msgmsg 'SOCKS greets back with wrong version' | |
44 | runserver '04 00' | |
45 | runclient | |
46 | testsuccess grep 'greets back with wrong version: 4' client.output | |
47 | ||
48 | msgmsg 'SOCKS tries GSSAPI auth we have not advertised' | |
49 | runserver '05 01' | |
50 | runclient | |
51 | testsuccess grep 'greets back having not found a common authorization method: 1' client.output | |
52 | ||
53 | msgmsg 'SOCKS tries user&pass auth we have not advertised' | |
54 | runserver '05 02' | |
55 | runclient | |
56 | testsuccess grep 'pass auth, but we had not offered it' client.output | |
57 | ||
58 | msgmsg 'SOCKS user:pass wrong version' | |
59 | runserver '05 02' '05 00' | |
60 | runclient 'user:pass@' | |
61 | testsuccess grep 'auth status response with wrong version: 5' client.output | |
62 | ||
63 | msgmsg 'SOCKS user:pass wrong auth' | |
64 | runserver '05 02' '01 01' | |
65 | runclient 'user:pass@' | |
66 | testsuccess grep 'reported authorization failure: username or password incorrect? (1)' client.output | |
67 | ||
68 | msgmsg 'SOCKS user:pass request not granted no hostname' | |
69 | runserver '05 02' '01 00' '05 01 00 03 00 1f 90' | |
70 | runclient 'user:pass@' | |
71 | testsuccess grep 'could not connect to localhost (:8080) due to: general SOCKS server failure (1)' client.output | |
72 | ||
73 | msgmsg 'SOCKS user:pass request not granted with hostname' | |
74 | runserver '05 02' '01 00' '05 01 00 03 09 68 6f 73 74 6c 6f 63 61 6c 1f 90' | |
75 | runclient 'user:pass@' | |
76 | testsuccess grep 'could not connect to localhost (hostlocal:8080) due to: general SOCKS server failure (1)' client.output | |
77 | ||
78 | msgmsg 'SOCKS user:pass request not granted ipv4' | |
79 | runserver '05 02' '01 00' '05 04 00 01 ac 10 fe 01 1f 90' | |
80 | runclient 'user:pass@' | |
81 | testsuccess grep 'could not connect to localhost (172.16.254.1:8080) due to: Host unreachable (4)' client.output | |
82 | ||
83 | msgmsg 'SOCKS user:pass request not granted ipv6' | |
84 | runserver '05 02' '01 00' '05 12 00 04 20 01 0d b8 ac 10 fe 00 00 00 00 00 00 00 00 00 1f 90' | |
85 | runclient 'user:pass@' | |
86 | testsuccess grep 'could not connect to localhost (\[2001:0DB8:AC10:FE00:0000:0000:0000:0000\]:8080) due to: Unknown error (18)' client.output | |
87 | ||
88 | msgmsg 'SOCKS user:pass request granted ipv4' | |
89 | runserver '05 02' '01 00' '05 00 00 01 ac 10 fe 01 1f 90' | |
90 | runclient 'user:pass@' | |
91 | testequal "http: SOCKS proxy $PROXY connection established to localhost (172.16.254.1:8080)" head -n 1 client.output | |
92 | testfileequal index.html 'HTML' | |
93 | ||
94 | msgmsg 'SOCKS user:pass request granted ipv6' | |
95 | runserver '05 02' '01 00' '05 00 00 04 20 01 0d b8 ac 10 fe 00 00 00 00 00 00 00 00 00 1f 90' | |
96 | runclient 'user:pass@' | |
97 | testequal "http: SOCKS proxy $PROXY connection established to localhost ([2001:0DB8:AC10:FE00:0000:0000:0000:0000]:8080)" head -n 1 client.output | |
98 | testfileequal index.html 'HTML' | |
99 | ||
100 | msgmsg 'SOCKS no auth no hostname' | |
101 | runserver '05 00 05 00 00 03 00 1f 90' | |
102 | runclient | |
103 | testequal "http: SOCKS proxy $PROXY connection established to localhost (:8080)" head -n 1 client.output | |
104 | testfileequal index.html 'HTML' | |
105 | ||
106 | msgmsg 'SOCKS no auth with hostname' | |
107 | runserver '05 00 05 00 00 03 09 68 6f 73 74 6c 6f 63 61 6c 1f 90' | |
108 | runclient | |
109 | testequal "http: SOCKS proxy $PROXY connection established to localhost (hostlocal:8080)" head -n 1 client.output | |
110 | testfileequal index.html 'HTML' | |
111 | ||
112 | msgmsg 'SOCKS user-only request granted ipv4' | |
113 | runserver '05 02' '01 00' '05 00 00 01 ac 10 fe 01 1f 90' | |
114 | runclient 'apt@' | |
115 | testequal "http: SOCKS proxy $PROXY connection established to localhost (172.16.254.1:8080)" head -n 1 client.output | |
116 | testfileequal index.html 'HTML' | |
117 | ||
118 | msgmsg 'tor: SOCKS user:pass request not granted' | |
119 | runserver '05 02' '01 00' '05 04 00 01 00 00 00 00 00 00' | |
120 | runclient 'user:pass@' | |
121 | testsuccess grep 'could not connect to localhost (0.0.0.0:0) due to: Host unreachable (4)' client.output | |
122 | ||
123 | msgmsg 'tor: SOCKS user:pass request tll expired' | |
124 | runserver '05 02' '01 00' '05 06 00 01 00 00 00 00 00 00' | |
125 | runclient 'user:pass@' | |
126 | testsuccess grep 'could not connect to localhost (0.0.0.0:0) due to: TTL expired (6)' client.output | |
127 | ||
128 | msgmsg 'tor: SOCKS user:pass request service unreachable' | |
129 | runserver '05 02' '01 00' '05 06 00 01 00 00 00 00 00 00' | |
130 | runclient 'user:pass@' 'vwakviie2ienjx6t.onion' | |
131 | testsuccess grep 'could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)' client.output | |
132 | ||
133 | msgmsg 'tor: SOCKS user:pass request not granted onion' | |
134 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
135 | runclient 'user:pass@' 'vwakviie2ienjx6t.onion' | |
136 | testsuccess grep 'could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: general SOCKS server failure (1)' client.output | |
137 | ||
138 | msgmsg 'tor: SOCKS user:pass request not granted subdomain' | |
139 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
140 | runclient 'user:pass@' 'ftp.vwakviie2ienjx6t.onion' | |
141 | testsuccess grep 'could not connect to ftp.vwakviie2ienjx6t.onion (0.0.0.0:0) due to: general SOCKS server failure (1)' client.output | |
142 | ||
143 | msgmsg 'tor: SOCKS user:pass request not granted too short' | |
144 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
145 | runclient 'user:pass@' 'wakviie2ienjx6t.onion' | |
146 | testsuccess grep 'could not connect to wakviie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be 16 characters long (1)' client.output | |
147 | ||
148 | msgmsg 'tor: SOCKS user:pass request not granted too long' | |
149 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
150 | runclient 'user:pass@' 'vwakviie2ienjx6t2.onion' | |
151 | testsuccess grep 'could not connect to vwakviie2ienjx6t2.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be 16 characters long (1)' client.output | |
152 | ||
153 | msgmsg 'tor: SOCKS user:pass request not granted too short subdomain' | |
154 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
155 | runclient 'user:pass@' 'a.akviie2ienjx6t.onion' | |
156 | testsuccess grep 'could not connect to a.akviie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be 16 characters long (1)' client.output | |
157 | ||
158 | msgmsg 'tor: SOCKS user:pass request not granted too short subdomains' | |
159 | runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00' | |
160 | runclient 'user:pass@' 'a.a.viie2ienjx6t.onion' | |
161 | testsuccess grep 'could not connect to a.a.viie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be 16 characters long (1)' client.output |