Commit 1bfa7dfe authored by Dan Fandrich's avatar Dan Fandrich
Browse files

Added test infrastructure to support basic FTPS tests. This currently 

supports only ftps:// URLs with --ftp-ssl-control specified, which
implicitly encrypts the control channel but not the data channels.  That
allows stunnel to be used with an unmodified ftp server in exactly the
same way that the test https server is set up.
Added test case 400 as a basic FTPS test.
parent 85daec25

tests/README

+14 −10
Original line number Diff line number Diff line
@@ -13,13 +13,17 @@ Requires: 


TCP ports used:



  - 8999 on localhost for HTTP tests

  - 8433 on localhost for HTTPS tests

  - 8921 on localhost for FTP tests

  - 8821 on localhost for FTPS tests (currently disabled)



  The test suite runs simple FTP and HTTP servers on these ports to which

  it makes requests.

  - 8990 on localhost for HTTP tests

  - 8991 on localhost for HTTPS tests

  - 8994 on localhost for HTTP IPv6 tests

  - 8992 on localhost for FTP tests

  - 8995 on localhost for FTP (2) tests

  - 8993 on localhost for FTPS tests

  - 8996 on localhost for FTP IPv6 tests

  - 8997 on localhost for TFTP tests



  The test suite runs simple FTP, HTTP and TFTP servers on these ports to

  which it makes requests.



Run:

  'make test'. This invokes the 'runtests.pl' perl script. Edit the top
@@ -57,12 +61,12 @@ Debug: 
          (gdb) where



Logs:

  All logs are generated in the logs/ subdirctory (it is emptied first

  All logs are generated in the logs/ subdirectory (it is emptied first

  in the runtests.pl script). Use runtests.pl -k to keep the temporary files

  after the test run.



Data:

  All test cases are put in the data/ subdirctory. Each test is stored in the

  All test cases are put in the data/ subdirectory. Each test is stored in the

  file named according to the test number.



  See FILEFORMAT for the description of the test case files.
@@ -85,4 +89,4 @@ TEST CASE NUMBERS 


TODO:



  * Add tests for TELNET, LDAP, DICT...
 
  * Add tests for TELNET, LDAP, DICT, SCP, SFTP...

tests/data/Makefile.am

+1 −1
Original line number Diff line number Diff line
@@ -37,4 +37,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ 
 test274 test275 test524 test525 test276 test277 test526 test527 test528   \

 test530 DISABLED test278 test279 test531 test280 test529 test532 test533  \

 test534 test535 test281 test537 test282 test283 test284 test538 test285   \

 test286 test307 test308 test287
 
 test286 test307 test308 test287 test400

tests/data/test400

0 → 100644
+61 −0
Original line number Diff line number Diff line 
<testcase>

<info>

<keywords>

FTPS

PASV

LIST

</keywords>

</info>

#

# Server-side

<reply>

# When doing LIST, we get the default list output hard-coded in the test

# FTPS server

<datacheck>

total 20

drwxr-xr-x   8 98       98           512 Oct 22 13:06 .

drwxr-xr-x   8 98       98           512 Oct 22 13:06 ..

drwxr-xr-x   2 98       98           512 May  2  1996 .NeXT

-r--r--r--   1 0        1             35 Jul 16  1996 README

lrwxrwxrwx   1 0        1              7 Dec  9  1999 bin -> usr/bin

dr-xr-xr-x   2 0        1            512 Oct  1  1997 dev

drwxrwxrwx   2 98       98           512 May 29 16:04 download.html

dr-xr-xr-x   2 0        1            512 Nov 30  1995 etc

drwxrwxrwx   2 98       1            512 Oct 30 14:33 pub

dr-xr-xr-x   5 0        1            512 Oct  1  1997 usr

</datacheck>

</reply>



#

# Client-side

<client>

<server>

ftps

</server>

 <name>

FTPS dir list PASV unencrypted data

 </name>

 <command>

-k --ftp-ssl-control ftps://%HOSTIP:%FTPSPORT/

</command>

</client>



#

# Verify data after the test has been "shot"

<verify>

<strip>

filter off really nothing

</strip>

<protocol>

USER anonymous

PASS ftp@example.com

PBSZ 0

PROT C

PWD

EPSV

TYPE A

LIST

QUIT

</protocol>

</verify>

</testcase>

tests/httpsserver.pl

+11 −5
Original line number Diff line number Diff line 
#!/usr/bin/env perl

#

# $Id$

# This is the HTTPS server designed for the curl test suite.

# This is the HTTPS and FTPS server designed for the curl test suite.

#

# It is actually just a layer that runs stunnel properly.
@@ -18,14 +18,16 @@ my $stunnel = "stunnel"; 


my $verbose=0; # set to 1 for debugging



my $port = 8433; # just our default, weird enough

my $target_port = 8999; # test http-server port

my $port = 8991;        # just our default, weird enough

my $target_port = 8999; # default test http-server port



my $path = `pwd`;

chomp $path;



my $srcdir=$path;



my $proto='https';



do {

    if($ARGV[0] eq "-v") {

        $verbose=1;
@@ -33,6 +35,10 @@ do { 
    if($ARGV[0] eq "-w") {

        return 0; # return success, means we have stunnel working!

    }

    elsif($ARGV[0] eq "-p") {

        $proto=$ARGV[1];

        shift @ARGV;

    }

    elsif($ARGV[0] eq "-r") {

        $target_port=$ARGV[1];

        shift @ARGV;
@@ -52,7 +58,7 @@ do { 


my $conffile="$path/stunnel.conf";	# stunnel configuration data

my $certfile="$srcdir/stunnel.pem";	# stunnel server certificate

my $pidfile="$path/.https.pid";		# stunnel process pid file

my $pidfile="$path/.$proto.pid";	# stunnel process pid file



open(CONF, ">$conffile") || return 1;

print CONF "
@@ -79,7 +85,7 @@ my $version_ge_4=system("$stunnel -V 2>&1|grep '^stunnel.* on '>/dev/null 2>&1") 
if ($version_ge_4) { $cmd="$stunnel $conffile"; }



if($verbose) {

    print "HTTPS server: $cmd\n";

    print uc($proto)." server: $cmd\n";

}



my $rc = system($cmd);

tests/runtests.pl

+88 −5
Original line number Diff line number Diff line
@@ -480,7 +480,11 @@ sub verifyftp { 
    my ($proto, $ip, $port) = @_;

    my $pid;

    my $time=time();

    my $cmd="$CURL -m$server_response_maxtime --silent -vg \"$proto://$ip:$port/verifiedserver\" 2>log/verifyftp";

    my $extra;

    if($proto eq "ftps") {

    	$extra = "-k --ftp-ssl-control ";

    }

    my $cmd="$CURL -m$server_response_maxtime --silent -vg $extra\"$proto://$ip:$port/verifiedserver\" 2>log/verifyftp";

    # check if this is our server running on this port:

    my @data=`$cmd`;

    logmsg "RUN: $cmd\n" if($verbose);
@@ -518,6 +522,7 @@ sub verifyftp { 
my %protofunc = ('http' => \&verifyhttp,

                 'https' => \&verifyhttp,

                 'ftp' => \&verifyftp,

                 'ftps' => \&verifyftp,

                 'tftp' => \&verifyftp);



sub verifyserver {
@@ -628,7 +633,7 @@ sub runhttpsserver { 
    }



    my $flag=$debugprotocol?"-v ":"";

    my $cmd="$perl $srcdir/httpsserver.pl $flag -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT";

    my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT";



    my ($httpspid, $pid2) = startnew($cmd, $HTTPSPIDFILE);
@@ -721,6 +726,60 @@ sub runftpserver { 
    return ($pid2, $ftppid);

}



#######################################################################

# start the ftps server (or rather, tunnel)

#

sub runftpsserver {

    my ($verbose, $ipv6) = @_;

    my $STATUS;

    my $RUNNING;

    my $ip = $HOSTIP;



    if(!$stunnel) {

        return 0;

    }



    if($ipv6) {

        # not complete yet

        $ip = $HOST6IP;

    }



    my $pid=checkserver($FTPSPIDFILE);



    if($pid > 0) {

        # kill previous stunnel!

        stopserver($pid);

    }



    my $flag=$debugprotocol?"-v ":"";

    my $cmd="$perl $srcdir/httpsserver.pl $flag -p ftps -s \"$stunnel\" -d $srcdir -r $FTPPORT $FTPSPORT";



    my ($ftpspid, $pid2) = startnew($cmd, $FTPSPIDFILE);



    if(!kill(0, $ftpspid)) {

        # it is NOT alive

        logmsg "RUN: failed to start the FTPS server!\n";

        stopservers($verbose);

        return(0,0);

    }



    # Server is up. Verify that we can speak to it.

    if(!verifyserver("ftps", $ip, $FTPSPORT)) {

        logmsg "RUN: FTPS server failed verification\n";

        # failed to talk to it properly. Kill the server and return failure

        stopserver("$ftpspid $pid2");

        return (0,0);

    }



    if($verbose) {

        logmsg "RUN: FTPS server is now running PID $ftpspid\n";

    }



    sleep(1);



    return ($ftpspid, $pid2);

}



#######################################################################

# start the tftp server

#
@@ -1072,7 +1131,7 @@ sub checksystem { 
    logmsg sprintf("* FTP port:       %d\n", $FTPPORT);

    logmsg sprintf("* FTP port 2:     %d\n", $FTP2PORT);

    if($stunnel) {

        #logmsg sprintf("* FTPS port:      %d\n", $FTPSPORT);

        logmsg sprintf("* FTPS port:      %d\n", $FTPSPORT);

        logmsg sprintf("* HTTPS port:     %d\n", $HTTPSPORT);

    }

    if($http_ipv6) {
@@ -1890,8 +1949,32 @@ sub startservers { 
            }

        }

        elsif($what eq "ftps") {

            # we can't run ftps tests at all for the moment

            return "test suite lacks FTPS support";

            if(!$stunnel) {

                # we can't run ftps tests without stunnel

                return "no stunnel";

            }

            if(!$ssl_version) {

                # we can't run ftps tests if libcurl is SSL-less

                return "curl lacks SSL support";

            }



            if(!$run{'ftp'}) {

                ($pid, $pid2) = runftpserver("", $verbose);

                if($pid <= 0) {

                    return "failed starting FTP server";

                }

                printf ("* pid ftp => %d %d\n", $pid, $pid2) if($verbose);

                $run{'ftp'}="$pid $pid2";

            }

            if(!$run{'ftps'}) {

                ($pid, $pid2) = runftpsserver($verbose);

                if($pid <= 0) {

                    return "failed starting FTPS server (stunnel)";

                }

                logmsg sprintf("* pid ftps => %d %d\n", $pid, $pid2)

                    if($verbose);

                $run{'ftps'}="$pid $pid2";

            }

        }

        elsif($what eq "file") {

            # we support it but have no server!