...
 
Commits (5)
courier-authlib (0.69.0-2) unstable; urgency=medium
[ Andreas Henriksson ]
* Pass PS=/bin/ps to configure
- fixes redproducible build on merged-usr vs non-merged
Closes: #915226.
[ Markus Wanner ]
* Correct CI test pam, drop postgres-simple and postgres-complex
for now.
* Update symbols file to cover even more optional symbols.
* Bump Standards-Version to 4.3.0: no changes required.
-- Markus Wanner <markus@bluegap.ch> Sat, 02 Feb 2019 23:17:27 +0100
courier-authlib (0.69.0-1) unstable; urgency=medium
[ Ondřej Nový ]
......
......@@ -2,7 +2,7 @@ Source: courier-authlib
Section: mail
Priority: optional
Maintainer: Markus Wanner <markus@bluegap.ch>
Standards-Version: 4.0.0
Standards-Version: 4.3.0
Build-Depends: debhelper (>= 11),
dh-autoreconf,
pkg-kde-tools,
......
......@@ -135,6 +135,10 @@ libcourierauthcommon.so.0 courier-authlib #MINVER#
authsasl_frombase64@Base 0.63.0
authsasl_tobase64@Base 0.63.0
courier_auth_ldap_escape@Base 0.63.0
# _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSG_PSt13_Rb_tree_nodeIS8_E
(optional|c++)"std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_insert_node(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >*)"@Base 0.69.0
# _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE17_M_emplace_uniqueIJS6_IS5_S5_EEEES6_ISt17_Rb_tree_iteratorIS8_EbEDpOT_
(optional|c++)"std::pair<std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, bool> std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >::_M_emplace_unique<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&&)"@Base 0.69.0
libcourierauthsasl.so.0 courier-authlib #MINVER#
* Build-Depends-Package: courier-authlib-dev
auth_sasl@Base 0.63.0
......
......@@ -62,7 +62,7 @@ COMMON_CONFOPTS=--with-authdaemonvar=/run/courier/authdaemon \
--with-locking-method=fcntl \
override_dh_auto_configure:
dh_auto_configure -- $(COMMON_CONFOPTS)
dh_auto_configure -- PS=/bin/ps $(COMMON_CONFOPTS)
override_dh_install:
pod2man --center='Debian GNU/Linux Documentation' \
......
......@@ -22,14 +22,16 @@ has_postgres_client() {
which psql > /dev/null 2>&1
}
authenumerate_as_courier() {
su -c "/usr/sbin/authenumerate" -s /bin/sh courier
}
authtest_as_courier() {
test_authentication() {
user=$1
password=$2
su -c "/usr/sbin/authtest $user $password" -s /bin/sh courier
TEST_OUTPUT="$AUTOPKGTEST_ARTIFACTS/testauth-$1.out"
echo "testing: '$user' with password '$password'"
/usr/sbin/authtest $user $password > $TEST_OUTPUT
}
authenumerate_as_courier() {
su -c "/usr/sbin/authenumerate" -s /bin/sh courier
}
# emits a random (512bit, hex encoded) password on stdout
......@@ -43,97 +45,102 @@ postgres_superuser_exec() {
}
create_test_users() {
echo "create test users..."
PASSWORD_ALICE=$(gen_random_password)
PASSWORD_BOB=$(gen_random_password)
PASSWORD_CAROL=$(gen_random_password)
useradd --shell /bin/false --password $PASSWORD_ALICE alice
useradd --shell /bin/false --password $PASSWORD_BOB bob
useradd --shell /bin/false --password $PASSWORD_CAROL carol
ALICE_UID=$(id -u alice)
ALICE_GID=$(id -g alice)
BOB_UID=$(id -u bob)
BOB_GID=$(id -g bob)
CAROL_UID=$(id -u carol)
CAROL_GID=$(id -g carol)
echo "== creating test users..."
for USER in $TEST_USERS; do
gen_random_password > $USER.password
useradd --shell /bin/false --password $(cat $USER.password) $USER
done
}
backup_config_files() {
echo "backup config files..."
echo "== backup config files..."
for f in $CONFIG_FILES; do
if [ -f $f ]; then
cp ${f} ${f}.autopkgtest.bak
fi
if [ -f $f ]; then
cp ${f} ${f}.autopkgtest.bak
fi
done
}
restore_config_files() {
echo "restore config files..."
echo "== restore config files..."
for f in $CONFIG_FILES; do
if [ -f ${f}.autopkgtest.bak ]; then
mv ${f}.autopkgtest.bak ${f}
fi
done
}
start_authdaemon() {
echo "== starting authdameon..."
service courier-authdaemon start
}
start_postgresql() {
echo "== starting postgresql..."
service postgresql start
}
# helper methods for dumping test status
dump_file_if_exists() {
if [ -f $1 ]; then
echo "===== BEGIN $1 ====="
cat $1
echo "===== END $1 ====="
fi
}
dump_config_files() {
for f in $CONFIG_FILES; do
if [ -f ${f}.autopkgtest.bak ]; then
mv ${f}.autopkgtest.bak ${f}
fi
if [ -f ${f}.autopkgtest.bak ]; then
dump_file_if_exists $f
fi
done
for f in `ls $AUTOPKGTEST_ARTIFACTS/`; do
dump_file_if_exists $AUTOPKGTEST_ARTIFACTS/$f
done
}
# cleanup after running tests
finish() {
echo "finish..."
# restore config files, then restart the authdaemon, so it
# disconnects from the database. Otherwise authdaemon blocks the
# database deletion.
restore_config_files
service courier-authdaemon restart
echo "== dump..."
# dump and then restore the config files
dump_config_files
# cleanup Postgres databases
if has_postgres_client; then
postgres_superuser_exec <<EOSQL
DROP DATABASE IF EXISTS test;
DROP ROLE IF EXISTS courier;
EOSQL
fi
echo "== finish..."
# drop test users
if user_exists alice; then
echo "dropping user alice"
echo "== dropping user alice"
userdel alice
fi
if user_exists bob; then
echo "dropping user bob"
echo "== dropping user bob"
userdel bob
fi
if user_exists carol; then
echo "dropping user carol"
userdel carol
echo "== dropping user carol"
userdel carol
fi
}
trap finish EXIT
dump_file_if_exists() {
if [ -f $1 ]; then
echo "===== BEGIN $1 ====="
cat $1
echo "===== END $1 ====="
# restore config files, then restart the authdaemon, so it
# disconnects from the database. Otherwise authdaemon blocks the
# database deletion.
restore_config_files
# cleanup Postgres databases
if has_postgres_client; then
postgres_superuser_exec <<EOSQL
DROP DATABASE IF EXISTS courier_authdaemon_test;
DROP ROLE IF EXISTS courier;
EOSQL
fi
}
dump_config_files() {
for f in $CONFIG_FILES; do
if [ -f ${f}.autopkgtest.bak ]; then
dump_file_if_exists $f
fi
for NAME in courier-authdaemon postgresql; do
if [ -x /etc/init.d/$NAME ]; then
echo "== stopping service $NAME..."
service $NAME stop || /bin/true
fi
done
}
dump_environment() {
echo "dump..."
# dump and then restore the config files
dump_config_files
# cleanup as well, especially after an error
finish
}
trap dump_environment INT QUIT ABRT PIPE TERM
trap finish EXIT INT QUIT ABRT PIPE TERM
Tests: pam
Restrictions: needs-root
Depends: courier-authdaemon, bsdmainutils
Tests: postgres-simple, postgres-custom
Restrictions: needs-root
Depends: courier-authdaemon, bsdmainutils, postgresql, postgresql-client
......@@ -3,53 +3,39 @@
# autopkgtest check: test two local users via PAM authentication.
# Author: Markus Wanner <markus@bluegap.ch>
set -e
set -eu
. debian/tests/common.sh
backup_config_files
create_test_users
export LANG=C
unset LANGUAGE LC_ALL LC_CTYPE
test_enumeration() {
ENUM_OUTPUT="$AUTOPKGTEST_ARTIFACTS/authenumerate.out"
# test authenumerate
authenumerate_as_courier > $ENUM_OUTPUT
(
authenumerate_as_courier > $ENUM_OUTPUT 2> $AUTOPKGTEST_ARTIFACTS/authenumerate.err
)
echo $? > $AUTOPKGTEST_ARTIFACTS/authenumerate.exitcode
# the three test users should appear in the output of authenumerate
grep "alice" $ENUM_OUTPUT
grep "bob" $ENUM_OUTPUT
grep "carol" $ENUM_OUTPUT
}
test_authentication() {
TEST_OUTPUT="$AUTOPKGTEST_ARTIFACTS/testauth-$1.out"
authtest_as_courier $@ > $TEST_OUTPUT
}
test_set_password() {
TEST_OUTPUT="$AUTOPKGTEST_ARTIFACTS/set-password-$1.out"
user=$1
password=$2
echo "testing: '$user' with password '$password'"
authtest_as_courier $user $password > $TEST_OUTPUT
grep "Authenticated: $user" $TEST_OUTPUT
echo -n "checking for alice: "
grep "alice" $ENUM_OUTPUT > /dev/null && echo "ok" || echo "FAILED"
echo -n "checking for bob: "
grep "bob" $ENUM_OUTPUT > /dev/null && echo "ok" || echo "FAILED"
echo -n "checking for carol: "
grep "carol" $ENUM_OUTPUT > /dev/null && echo "ok" || echo "FAILED"
}
echo "check enumeration..."
test_enumeration
# Actual tests start here
echo "check authentication..."
test_authentication alice $PASSWORD_ALICE
test_authentication bob $PASSWORD_BOB
test_authentication carol $PASSWORD_CAROL
backup_config_files
create_test_users
echo "check setting password..."
NEW_PASSWORD_ALICE=$(gen_random_password)
test_set_password alice $PASSWORD_ALICE $NEW_PASSWORD_ALICE
start_authdaemon
# old password should not be valid, anymore
authtest_as_courier alice $PASSWORD_ALICE 2>&1 \
| grep "Authentication FAILED"
echo "== check enumeration..."
test_enumeration
exit 0
echo "== test completed"
#!/bin/sh
# autopkgtest check: test authentication via PostgreSQL using custom queries
# Author: Markus Wanner <markus@bluegap.ch>
set -eu
. debian/tests/common.sh
backup_config_files
PASSWORD_DATABASE=$(gen_random_password)
PASSWORD_ALICE=$(gen_random_password)
PASSWORD_BOB=$(gen_random_password)
PASSWORD_CAROL=$(gen_random_password)
# setup the database
echo "create test database..."
postgres_superuser_exec <<EOSQL
CREATE ROLE courier
PASSWORD '${PASSWORD_DATABASE}'
INHERIT LOGIN;
CREATE DATABASE test
ENCODING 'utf-8';
\connect test;
CREATE TABLE domains (
id SERIAL PRIMARY KEY,
name TEXT NOT NULL
);
CREATE UNIQUE INDEX domains_name_idx
ON domains(lower(name));
CREATE TABLE users (
localpart TEXT PRIMARY KEY,
password_hash TEXT NOT NULL,
domain_id INT NOT NULL REFERENCES domains(id)
);
INSERT INTO domains (name)
VALUES ('example.com'),
('test.org');
INSERT INTO users (localpart, password_hash, domain_id)
VALUES ('alice', '${PASSWORD_ALICE}', 1),
('bob', '${PASSWORD_BOB}', 1),
('carol', '${PASSWORD_CAROL}', 2);
GRANT SELECT ON domains, users TO courier;
EOSQL
# configure courier authdaemon
cat > /etc/courier/authpgsqlrc << EOF
PGSQL_CONNECTION host=localhost user=courier \
password='${PASSWORD_DATABASE}'
PGSQL_DATABASE test
PGSQL_SELECT_CLAUSE SELECT \
users.username, \
'{SHA3}' || users.password_hash, \
NULL AS clearpw, \
999 AS uid, -- hard-coded \
999 AS gid, -- hard-coded \
'/virtual/' || domains.name || '/' \
|| users.localpart AS home \
'', \
NULL AS quota \
'', \
FROM users \
INNER JOIN domains \
ON domains.id = users.domain_id \
WHERE users.username = '\$(local_part)' \
AND lower(domains.name) = lower('\$(domain)');
EOF
cat > /etc/courier/authdaemonrc << EOF
authmodulelist="authpgsql"
daemons=5
authdaemonvar=/run/courier/authdaemon
EOF
echo "restarting courier-authdaemon"
service courier-authdaemon restart
echo "===== authenumerate ====="
authenumerate_as_courier || /bin/true
echo "===== authtest ====="
authtest_as_courier alice@example.com
authtest_as_courier bob@example.com
authtest_as_courier carol@test.org
#!/bin/sh
# autopkgtest check: test authentication via PostgreSQL - simple
#
# Uses queries assembled by authdaemon itself, configuring only table
# and column names.
#
# Author: Markus Wanner <markus@bluegap.ch>
set -eu
. debian/tests/common.sh
backup_config_files
create_test_users
PASSWORD_DATABASE=$(gen_random_password)
# setup the database
echo "create test database..."
postgres_superuser_exec <<EOSQL
CREATE ROLE courier
PASSWORD '${PASSWORD_DATABASE}'
INHERIT LOGIN;
CREATE DATABASE test
ENCODING 'utf-8';
\connect test
CREATE TABLE users (
username TEXT PRIMARY KEY,
password_hash TEXT NOT NULL,
uid INT NOT NULL,
gid INT NOT NULL,
home TEXT NOT NULL
);
INSERT INTO users (username, password_hash, uid, gid, home)
VALUES ('alice', '${PASSWORD_ALICE}',
${ALICE_UID}, ${ALICE_GID}, '/home/alice'),
('bob', '${PASSWORD_BOB}',
${BOB_UID}, ${BOB_GID}, '/home/bob'),
('carol', '${PASSWORD_CAROL}',
${CAROL_UID}, ${CAROL_GID}, '/home/carol');
GRANT SELECT ON users TO courier;
EOSQL
# configure courier authdaemon
cat > /etc/courier/authpgsqlrc << EOF
PGSQL_CONNECTION host=localhost user=courier \
password='${PASSWORD_DATABASE}';
PGSQL_DATABASE test
PGSQL_USER_TABLE users
PGSQL_CRYPT_FIELD password_hash
PGSQL_ID_FIELD username
PGSQL_UID_FIELD uid
PGSQL_GID_FIELD gid
PGSQL_HOME_FIELD home
EOF
cat > /etc/courier/authdaemonrc << EOF
authmodulelist="authpgsql"
daemons=5
authdaemonvar=/run/courier/authdaemon
EOF
echo "restarting courier-authdaemon"
service courier-authdaemon restart
echo "===== authenumerate ====="
authenumerate_as_courier || /bin/true
echo "===== authtest ====="
authtest_as_courier alice
authtest_as_courier bob
authtest_as_courier carol