1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $WITH_SASL = "yes" ; then
20    if test $USE_SASL = "no" ; then
21        echo "Not asked to test SASL, skipping test, set SLAPD_USE_SASL to enable..."
22        exit 0
23    fi
24    if test $USE_SASL = "yes" ; then
25        MECH="DIGEST-MD5"
26    else
27        MECH="$USE_SASL"
28    fi
29    echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
30else
31    echo "SASL support not available, test skipped"
32    exit 0
33fi
34
35mkdir -p $TESTDIR $DBDIR1 $DBDIR2
36cp -r $DATADIR/tls $TESTDIR
37
38cd $TESTWD
39
40$SLAPPASSWD -g -n >$CONFIGPWF
41echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf
42
43echo "Running slapadd to build slapd database..."
44. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2
45echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF2
46$SLAPADD -f $CONF2 -l $LDIFORDERED
47RC=$?
48if test $RC != 0 ; then
49    echo "slapadd failed ($RC)!"
50    exit $RC
51fi
52
53echo "Starting a slapd on TCP/IP port $PORT2..."
54$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
55PID=$!
56if test $WAIT != 0 ; then
57    echo PID $PID
58    read foo
59fi
60PID2="$PID"
61KILLPIDS="$PID"
62
63for i in 0 1 2 3 4 5; do
64    $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
65        '(objectclass=*)' > /dev/null 2>&1
66    RC=$?
67    if test $RC = 0 ; then
68        break
69    fi
70    echo "Waiting $SLEEP1 seconds for slapd to start..."
71    sleep $SLEEP1
72done
73if test $RC != 0 ; then
74    echo "ldapsearch failed ($RC)!"
75    test $KILLSERVERS != no && kill -HUP $KILLPIDS
76    exit $RC
77fi
78
79echo "Running slapadd to build slapd database..."
80. $CONFFILTER $BACKEND < $CONFTWO > $CONF3
81echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF3
82$SLAPADD -f $CONF3 -l $LDIFORDERED
83RC=$?
84if test $RC != 0 ; then
85    echo "slapadd failed ($RC)!"
86    test $KILLSERVERS != no && kill -HUP $KILLPIDS
87    exit $RC
88fi
89
90echo "Running slapindex to index slapd database..."
91$SLAPINDEX -f $CONF3
92RC=$?
93if test $RC != 0 ; then
94    echo "warning: slapindex failed ($RC)"
95    echo "  assuming no indexing support"
96fi
97
98echo "Starting second slapd on TCP/IP port $PORT3..."
99$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 &
100PID=$!
101if test $WAIT != 0 ; then
102    echo PID $PID
103    read foo
104fi
105PID2="$PID"
106KILLPIDS="$KILLPIDS $PID"
107
108sleep $SLEEP0
109
110echo "Testing slapd searching..."
111for i in 0 1 2 3 4 5; do
112    $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \
113        '(objectclass=*)' > /dev/null 2>&1
114    RC=$?
115    if test $RC = 0 ; then
116        break
117    fi
118    echo "Waiting $SLEEP1 seconds for slapd to start..."
119    sleep $SLEEP1
120done
121if test $RC != 0 ; then
122    echo "ldapsearch failed ($RC)!"
123    test $KILLSERVERS != no && kill -HUP $KILLPIDS
124    exit $RC
125fi
126
127echo "Starting lloadd on TCP/IP port $PORT1..."
128. $CONFFILTER $BACKEND < $LLOADDSASLCONF > $CONF1.lloadd
129if test $AC_lloadd = lloaddyes; then
130    $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 &
131else
132    . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd
133    $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 &
134fi
135PID=$!
136if test $WAIT != 0 ; then
137    echo PID $PID
138    read foo
139fi
140KILLPIDS="$KILLPIDS $PID"
141
142echo "Testing lloadd searching..."
143for i in 0 1 2 3 4 5; do
144    $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
145        '(objectclass=*)' > /dev/null 2>&1
146    RC=$?
147    if test $RC = 0 ; then
148        break
149    fi
150    echo "Waiting $SLEEP1 seconds for lloadd to start..."
151    sleep $SLEEP1
152done
153
154if test $RC != 0 ; then
155    echo "ldapsearch failed ($RC)!"
156    test $KILLSERVERS != no && kill -HUP $KILLPIDS
157    exit $RC
158fi
159
160echo "Checking whether $MECH is supported..."
161$LDAPSEARCH -s base -b "" -H $URI1 \
162    'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1
163RC=$?
164if test $RC != 0 ; then
165    echo "ldapsearch failed ($RC)!"
166    test $KILLSERVERS != no && kill -HUP $KILLPIDS
167    exit $RC
168fi
169
170grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT
171RC=$?
172if test $RC != 0 ; then
173    echo "SASL mechanism $MECH is not available, test skipped"
174    test $KILLSERVERS != no && kill -HUP $KILLPIDS
175    exit 0
176fi
177
178AUTHZID="u:bjorn"
179echo "Testing lloadd's identity can assert any authzid..."
180$LDAPWHOAMI -D "$MANAGERDN" -H $URI1 -w $PASSWD \
181    -e\!"authzid=$AUTHZID" > $TESTOUT 2>&1
182RC=$?
183if test $RC != 0 ; then
184    echo "ldapwhoami failed ($RC)!"
185    test $KILLSERVERS != no && kill -HUP $KILLPIDS
186    exit $RC
187fi
188
189AUTHZID="u:bjorn"
190echo "Testing a different identity cannot do the same thing..."
191$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w bjensen \
192    -e\!"authzid=$AUTHZID" >> $TESTOUT 2>/dev/null
193RC=$?
194if test $RC != 1 ; then
195    echo "ldapwhoami failed ($RC)!"
196    test $KILLSERVERS != no && kill -HUP $KILLPIDS
197    exit $RC
198fi
199
200echo "Validating WhoAmI? results..."
201echo 'dn:cn=bjorn jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/whoami.out
202echo 'Result: Protocol error (2)
203Additional info: proxy authorization control specified multiple times' >> $TESTDIR/whoami.out
204$CMP $TESTDIR/whoami.out $TESTOUT > $CMPOUT
205
206RC=$?
207if test $RC != 0 ; then
208    echo "Comparison failed"
209    test $KILLSERVERS != no && kill -HUP $KILLPIDS
210    exit $RC
211else
212    echo "Success"
213fi
214
215
216ID="jaj"
217echo "Testing ldapsearch as $ID for \"$BASEDN\" with SASL bind and identity assertion..."
218$LDAPSASLSEARCH -H $URI1 -b "$BASEDN" \
219    -Q -Y $MECH -O maxbufsize=0 -U "$ID" -w jaj > $SEARCHOUT 2>&1
220
221RC=$?
222if test $RC != 0 ; then
223    echo "ldapsearch failed ($RC)!"
224    test $KILLSERVERS != no && kill -HUP $KILLPIDS
225    exit $RC
226fi
227
228echo "Filtering ldapsearch results..."
229$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
230echo "Filtering original ldif used to create database..."
231$LDIFFILTER -s e < $LDIF > $LDIFFLT
232echo "Comparing filter output..."
233$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
234
235if test $? != 0 ; then
236    echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
237    test $KILLSERVERS != no && kill -HUP $KILLPIDS
238    exit 1
239fi
240
241test $KILLSERVERS != no && kill -HUP $KILLPIDS
242
243if test $RC != 0 ; then
244    echo ">>>>> Test failed"
245else
246    echo ">>>>> Test succeeded"
247    RC=0
248fi
249
250test $KILLSERVERS != no && wait
251
252exit $RC
253