1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2011 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19echo "### This test requires the LDAP backend and the rwm overlay."
20echo "### If available, and explicitly requested, it can use SASL bind;"
21echo "### note that SASL must be properly set up, and the requested"
22echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
23echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
24
25if test $BACKLDAP = "ldapno" ; then 
26	echo "LDAP backend not available, test skipped"
27	exit 0
28fi 
29
30if test $RWM = "rwmno" ; then 
31	echo "Rewrite/remap overlay not available, test skipped"
32	exit 0
33fi 
34
35if test $THREADS = "threadsno" ; then
36	echo "Need threads support, test skipped"
37	exit 0
38fi 
39
40if test $WITH_SASL = "yes" ; then
41	if test $USE_SASL != "no" ; then
42		if test $USE_SASL = "yes" ; then
43			MECH="DIGEST-MD5"
44		else
45			MECH="$USE_SASL"
46		fi
47		echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
48	else
49		echo "Using proxyAuthz with simple authc..."
50	fi
51else
52	echo "SASL not available; using proxyAuthz with simple authc..."
53fi
54
55mkdir -p $TESTDIR $DBDIR1 $DBDIR2
56
57echo "Running slapadd to build slapd database..."
58. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $ADDCONF
59$SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1
60RC=$?
61if test $RC != 0 ; then
62	echo "slapadd -n 1 failed ($RC)!"
63	exit $RC
64fi
65$SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2
66RC=$?
67if test $RC != 0 ; then
68	echo "slapadd -n 2 failed ($RC)!"
69	exit $RC
70fi
71
72echo "Starting slapd on TCP/IP port $PORT..."
73. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $CONF1
74$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
75PID=$!
76if test $WAIT != 0 ; then
77    echo PID $PID
78    read foo
79fi
80KILLPIDS="$PID"
81
82sleep 1
83
84echo "Using ldapsearch to check that slapd is running..."
85for i in 0 1 2 3 4 5; do
86	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
87		'objectclass=*' > /dev/null 2>&1
88	RC=$?
89	if test $RC = 0 ; then
90		break
91	fi
92	echo "Waiting 5 seconds for slapd to start..."
93	sleep 5
94done
95
96echo "Testing ldapwhoami as proxy US..."
97$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy
98RC=$?
99if test $RC != 0 ; then
100	echo "ldapwhoami failed ($RC)!"
101	test $KILLSERVERS != no && kill -HUP $KILLPIDS
102	exit $RC
103fi
104
105AUTHZID="u:it/jaj"
106echo "Testing ldapwhoami as proxy US, $AUTHZID..."
107$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
108RC=$?
109if test $RC != 0 && test $BACKEND != null ; then
110	echo "ldapwhoami failed ($RC)!"
111	test $KILLSERVERS != no && kill -HUP $KILLPIDS
112	exit $RC
113fi
114
115AUTHZID="u:bjorn"
116echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
117$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
118RC=$?
119if test $RC != 1 ; then
120	echo "ldapwhoami should have failed ($RC)!"
121	test $KILLSERVERS != no && kill -HUP $KILLPIDS
122	exit 1
123fi
124
125AUTHZID="u:bjensen"
126echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
127$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
128RC=$?
129if test $RC != 1 ; then
130	echo "ldapwhoami should have failed ($RC)!"
131	test $KILLSERVERS != no && kill -HUP $KILLPIDS
132	exit 1
133fi
134
135echo "Testing ldapwhoami as proxy IT..."
136$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy
137RC=$?
138if test $RC != 0 ; then
139	echo "ldapwhoami failed ($RC)!"
140	test $KILLSERVERS != no && kill -HUP $KILLPIDS
141	exit $RC
142fi
143
144AUTHZID="u:it/jaj"
145echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
146$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
147RC=$?
148if test $RC != 1 ; then
149	echo "ldapwhoami should have failed ($RC)!"
150	test $KILLSERVERS != no && kill -HUP $KILLPIDS
151	exit 1
152fi
153
154AUTHZID="u:bjorn"
155echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
156$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
157RC=$?
158if test $RC != 1 ; then
159	echo "ldapwhoami should have failed ($RC)!"
160	test $KILLSERVERS != no && kill -HUP $KILLPIDS
161	exit 1
162fi
163
164AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
165echo "Testing ldapwhoami as proxy IT, $AUTHZID..."
166$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
167RC=$?
168if test $RC != 0 && test $BACKEND != null ; then
169	echo "ldapwhoami failed ($RC)!"
170	test $KILLSERVERS != no && kill -HUP $KILLPIDS
171	exit $RC
172fi
173
174AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US"
175echo "Testing ldapwhoami as bjorn, $AUTHZID..."
176$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
177RC=$?
178if test $RC != 0 ; then
179	echo "ldapwhoami failed ($RC)!"
180	test $KILLSERVERS != no && kill -HUP $KILLPIDS
181	exit $RC
182fi
183
184AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT"
185echo "Testing ldapwhoami as bjorn, $AUTHZID..."
186$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID"
187RC=$?
188if test $RC != 0 ; then
189	echo "ldapwhoami failed ($RC)!"
190	test $KILLSERVERS != no && kill -HUP $KILLPIDS
191	exit $RC
192fi
193
194ID="uid=jaj,ou=People,dc=example,dc=it"
195BASE="o=Example,c=US"
196echo "Testing ldapsearch as $ID for \"$BASE\"..."
197$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
198	-D "$ID" -w jaj > $SEARCHOUT 2>&1
199
200RC=$?
201if test $RC != 0 && test $BACKEND != null ; then
202	echo "ldapsearch failed ($RC)!"
203	test $KILLSERVERS != no && kill -HUP $KILLPIDS
204	exit $RC
205fi
206
207echo "Filtering ldapsearch results..."
208$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT
209echo "Filtering original ldif used to create database..."
210$LDIFFILTER -s ldif=e < $IDASSERTOUT > $LDIFFLT
211echo "Comparing filter output..."
212$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
213
214if test $? != 0 ; then
215	echo "comparison failed - search with identity assertion didn't succeed"
216	test $KILLSERVERS != no && kill -HUP $KILLPIDS
217	exit 1
218fi
219
220if test $USE_SASL != "no" ; then
221	ID="it/jaj"
222	BASE="o=Example,c=US"
223	echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
224	$LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
225		-Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1
226
227	RC=$?
228	if test $RC != 0 ; then
229		echo "ldapsearch failed ($RC)!"
230		test $KILLSERVERS != no && kill -HUP $KILLPIDS
231		exit $RC
232	fi
233
234	echo "Filtering ldapsearch results..."
235	$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
236	echo "Filtering original ldif used to create database..."
237	$LDIFFILTER < $IDASSERTOUT > $LDIFFLT
238	echo "Comparing filter output..."
239	$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
240	
241	if test $? != 0 ; then
242		echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
243		test $KILLSERVERS != no && kill -HUP $KILLPIDS
244		exit 1
245	fi
246fi
247
248test $KILLSERVERS != no && kill -HUP $KILLPIDS
249
250echo ">>>>> Test succeeded"
251
252test $KILLSERVERS != no && wait
253
254exit 0
255