1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $WITH_SASL = "yes" ; then 20 if test $USE_SASL = "no" ; then 21 echo "Not asked to test SASL, skipping test, set SLAPD_USE_SASL to enable..." 22 exit 0 23 fi 24 if test $USE_SASL = "yes" ; then 25 MECH="DIGEST-MD5" 26 else 27 MECH="$USE_SASL" 28 fi 29 echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" 30else 31 echo "SASL support not available, test skipped" 32 exit 0 33fi 34 35mkdir -p $TESTDIR $DBDIR1 $DBDIR2 36cp -r $DATADIR/tls $TESTDIR 37 38cd $TESTWD 39 40$SLAPPASSWD -g -n >$CONFIGPWF 41echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >$TESTDIR/configpw.conf 42 43echo "Running slapadd to build slapd database..." 44. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF2 45echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF2 46$SLAPADD -f $CONF2 -l $LDIFORDERED 47RC=$? 48if test $RC != 0 ; then 49 echo "slapadd failed ($RC)!" 50 exit $RC 51fi 52 53echo "Starting a slapd on TCP/IP port $PORT2..." 54$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & 55PID=$! 56if test $WAIT != 0 ; then 57 echo PID $PID 58 read foo 59fi 60PID2="$PID" 61KILLPIDS="$PID" 62 63for i in 0 1 2 3 4 5; do 64 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 65 '(objectclass=*)' > /dev/null 2>&1 66 RC=$? 67 if test $RC = 0 ; then 68 break 69 fi 70 echo "Waiting $SLEEP1 seconds for slapd to start..." 71 sleep $SLEEP1 72done 73if test $RC != 0 ; then 74 echo "ldapsearch failed ($RC)!" 75 test $KILLSERVERS != no && kill -HUP $KILLPIDS 76 exit $RC 77fi 78 79echo "Running slapadd to build slapd database..." 80. $CONFFILTER $BACKEND < $CONFTWO > $CONF3 81echo 'authz-regexp "^uid=([^,]*),.+" ldap:///dc=example,dc=com??sub?(|(cn=$1)(uid=$1))' >>$CONF3 82$SLAPADD -f $CONF3 -l $LDIFORDERED 83RC=$? 84if test $RC != 0 ; then 85 echo "slapadd failed ($RC)!" 86 test $KILLSERVERS != no && kill -HUP $KILLPIDS 87 exit $RC 88fi 89 90echo "Running slapindex to index slapd database..." 91$SLAPINDEX -f $CONF3 92RC=$? 93if test $RC != 0 ; then 94 echo "warning: slapindex failed ($RC)" 95 echo " assuming no indexing support" 96fi 97 98echo "Starting second slapd on TCP/IP port $PORT3..." 99$SLAPD -f $CONF3 -h $URI3 -d $LVL > $LOG3 2>&1 & 100PID=$! 101if test $WAIT != 0 ; then 102 echo PID $PID 103 read foo 104fi 105PID2="$PID" 106KILLPIDS="$KILLPIDS $PID" 107 108sleep $SLEEP0 109 110echo "Testing slapd searching..." 111for i in 0 1 2 3 4 5; do 112 $LDAPSEARCH -s base -b "$MONITOR" -H $URI3 \ 113 '(objectclass=*)' > /dev/null 2>&1 114 RC=$? 115 if test $RC = 0 ; then 116 break 117 fi 118 echo "Waiting $SLEEP1 seconds for slapd to start..." 119 sleep $SLEEP1 120done 121if test $RC != 0 ; then 122 echo "ldapsearch failed ($RC)!" 123 test $KILLSERVERS != no && kill -HUP $KILLPIDS 124 exit $RC 125fi 126 127echo "Starting lloadd on TCP/IP port $PORT1..." 128. $CONFFILTER $BACKEND < $LLOADDSASLCONF > $CONF1.lloadd 129if test $AC_lloadd = lloaddyes; then 130 $LLOADD -f $CONF1.lloadd -h $URI1 -d $LVL > $LOG1 2>&1 & 131else 132 . $CONFFILTER $BACKEND < $SLAPDLLOADCONF > $CONF1.slapd 133 $SLAPD -f $CONF1.slapd -h $URI6 -d $LVL > $LOG1 2>&1 & 134fi 135PID=$! 136if test $WAIT != 0 ; then 137 echo PID $PID 138 read foo 139fi 140KILLPIDS="$KILLPIDS $PID" 141 142echo "Testing lloadd searching..." 143for i in 0 1 2 3 4 5; do 144 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 145 '(objectclass=*)' > /dev/null 2>&1 146 RC=$? 147 if test $RC = 0 ; then 148 break 149 fi 150 echo "Waiting $SLEEP1 seconds for lloadd to start..." 151 sleep $SLEEP1 152done 153 154if test $RC != 0 ; then 155 echo "ldapsearch failed ($RC)!" 156 test $KILLSERVERS != no && kill -HUP $KILLPIDS 157 exit $RC 158fi 159 160echo "Checking whether $MECH is supported..." 161$LDAPSEARCH -s base -b "" -H $URI1 \ 162 'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1 163RC=$? 164if test $RC != 0 ; then 165 echo "ldapsearch failed ($RC)!" 166 test $KILLSERVERS != no && kill -HUP $KILLPIDS 167 exit $RC 168fi 169 170grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT 171RC=$? 172if test $RC != 0 ; then 173 echo "SASL mechanism $MECH is not available, test skipped" 174 test $KILLSERVERS != no && kill -HUP $KILLPIDS 175 exit 0 176fi 177 178AUTHZID="u:bjorn" 179echo "Testing lloadd's identity can assert any authzid..." 180$LDAPWHOAMI -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 181 -e\!"authzid=$AUTHZID" > $TESTOUT 2>&1 182RC=$? 183if test $RC != 0 ; then 184 echo "ldapwhoami failed ($RC)!" 185 test $KILLSERVERS != no && kill -HUP $KILLPIDS 186 exit $RC 187fi 188 189AUTHZID="u:bjorn" 190echo "Testing a different identity cannot do the same thing..." 191$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w bjensen \ 192 -e\!"authzid=$AUTHZID" >> $TESTOUT 2>/dev/null 193RC=$? 194if test $RC != 1 ; then 195 echo "ldapwhoami failed ($RC)!" 196 test $KILLSERVERS != no && kill -HUP $KILLPIDS 197 exit $RC 198fi 199 200echo "Validating WhoAmI? results..." 201echo 'dn:cn=bjorn jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/whoami.out 202echo 'Result: Protocol error (2) 203Additional info: proxy authorization control specified multiple times' >> $TESTDIR/whoami.out 204$CMP $TESTDIR/whoami.out $TESTOUT > $CMPOUT 205 206RC=$? 207if test $RC != 0 ; then 208 echo "Comparison failed" 209 test $KILLSERVERS != no && kill -HUP $KILLPIDS 210 exit $RC 211else 212 echo "Success" 213fi 214 215 216ID="jaj" 217echo "Testing ldapsearch as $ID for \"$BASEDN\" with SASL bind and identity assertion..." 218$LDAPSASLSEARCH -H $URI1 -b "$BASEDN" \ 219 -Q -Y $MECH -O maxbufsize=0 -U "$ID" -w jaj > $SEARCHOUT 2>&1 220 221RC=$? 222if test $RC != 0 ; then 223 echo "ldapsearch failed ($RC)!" 224 test $KILLSERVERS != no && kill -HUP $KILLPIDS 225 exit $RC 226fi 227 228echo "Filtering ldapsearch results..." 229$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT 230echo "Filtering original ldif used to create database..." 231$LDIFFILTER -s e < $LDIF > $LDIFFLT 232echo "Comparing filter output..." 233$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 234 235if test $? != 0 ; then 236 echo "comparison failed - search with SASL bind and identity assertion didn't succeed" 237 test $KILLSERVERS != no && kill -HUP $KILLPIDS 238 exit 1 239fi 240 241test $KILLSERVERS != no && kill -HUP $KILLPIDS 242 243if test $RC != 0 ; then 244 echo ">>>>> Test failed" 245else 246 echo ">>>>> Test succeeded" 247 RC=0 248fi 249 250test $KILLSERVERS != no && wait 251 252exit $RC 253