1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16PCACHETTL=${PCACHETTL-"1m"}
17PCACHENTTL=${PCACHENTTL-"1m"}
18PCACHESTTL=${PCACHESTTL-"1m"}
19PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"}
20PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"}
21PCACHETTR=${PCACHETTR-"2"}
22PCACHEBTTR=${PCACHEBTTR-"5"}
23
24. $SRCDIR/scripts/defines.sh
25
26LVL=0x100
27
28if test $PROXYCACHE = pcacheno; then 
29	echo "Proxy cache overlay not available, test skipped"
30	exit 0
31fi 
32
33if test $BACKLDAP = "ldapno" ; then 
34	echo "LDAP backend not available, test skipped"
35	exit 0
36fi 
37
38if test $BACKEND = ldif ; then
39	# The (mail=example.com*) queries hit a sizelimit, so which
40	# entry is returned depends on the ordering in the backend.
41	echo "Test does not support $BACKEND backend, test skipped"
42	exit 0
43fi
44
45mkdir -p $TESTDIR $DBDIR1 $DBDIR2
46
47# Test proxy caching:
48# - start provider
49# - start proxy cache
50# - populate provider 
51# - perform a first search
52# - verify cacheability
53# - perform a second search with the same filter and same user 
54# - verify answerability and cacheability of the bind
55# - perform a third search with the same user but a different filter
56# - verify cacheability of the bind and the non-answerability of the result 
57
58echo "Starting provider slapd on TCP/IP port $PORT1..."
59. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1
60$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
61PID=$!
62if test $WAIT != 0 ; then
63	echo PID $PID
64	read foo
65fi
66KILLPIDS="$PID"
67
68sleep 1
69
70echo "Using ldapsearch to check that provider slapd is running..."
71for i in 0 1 2 3 4 5; do
72	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
73		-D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
74	RC=$?
75	if test $RC = 0 ; then
76		break
77	fi
78	echo "Waiting 5 seconds for slapd to start..."
79	sleep 5
80done
81
82if test $RC != 0 ; then
83	echo "ldapsearch failed ($RC)!"
84	test $KILLSERVERS != no && kill -HUP $KILLPIDS
85	exit $RC
86fi
87
88echo "Using ldapadd to populate the provider directory..."
89$LDAPADD -x -D "$MANAGERDN" -H $URI1 -w $PASSWD < \
90	$LDIFORDERED > /dev/null 2>&1
91RC=$?
92if test $RC != 0 ; then
93	echo "ldapadd failed ($RC)!"
94	test $KILLSERVERS != no && kill -HUP $KILLPIDS
95	exit $RC
96fi
97
98echo "Starting proxy cache on TCP/IP port $PORT2..."
99. $CONFFILTER < $PROXYAUTHZCONF | sed \
100	-e "s/@TTL@/${PCACHETTL}/"			\
101	-e "s/@NTTL@/${PCACHENTTL}/"		\
102	-e "s/@STTL@/${PCACHENTTL}/"		\
103	-e "s/@TTR@/${PCACHETTR}/"			\
104	-e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/"	\
105	-e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/"			\
106	-e "s/@BTTR@/${PCACHEBTTR}/"			\
107	> $CONF2
108
109$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 &
110CACHEPID=$!
111if test $WAIT != 0 ; then
112	echo CACHEPID $CACHEPID
113	read foo
114fi
115KILLPIDS="$KILLPIDS $CACHEPID"
116
117sleep 1
118
119echo "Using ldapsearch to check that proxy slapd is running..."
120for i in 0 1 2 3 4 5; do
121	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
122		-D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
123	RC=$?
124	if test $RC = 0 ; then
125		break
126	fi
127	echo "Waiting 5 seconds for slapd to start..."
128	sleep 5
129done
130
131if test $RC != 0 ; then
132	echo "ldapsearch failed ($RC)!"
133	test $KILLSERVERS != no && kill -HUP $KILLPIDS
134	exit $RC
135fi
136
137cat /dev/null > $SEARCHOUT
138
139echo "Making queries on the proxy cache..." 
140CNT=0
141
142
143CNT=`expr $CNT + 1`
144USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
145UPASSWD="jaj"
146echo "Query $CNT: $USERDN"
147echo "# Query $CNT: $USERDN" >> $SEARCHOUT
148
149$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
150	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
151RC=$?
152
153if test $RC != 0 ; then
154	echo "ldapsearch failed ($RC)!"
155	test $KILLSERVERS != no && kill -HUP $KILLPIDS
156	exit $RC
157fi
158
159# Check that the bind is cached
160grep "CACHING BIND for $USERDN" $LOG2 > /dev/null
161
162RC=$?
163if test $RC != 0 ; then
164	echo "Refresh failed"
165	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
166	exit 1
167fi
168
169CNT=`expr $CNT + 1`
170USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
171UPASSWD="jaj"
172echo "Query $CNT: (Bind should be cached)"
173echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
174
175$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
176	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
177
178RC=$?
179if test $RC != 0 ; then
180	echo "ldapsearch failed ($RC)!"
181	test $KILLSERVERS != no && kill -HUP $KILLPIDS
182	exit $RC
183fi
184
185grep "CACHED BIND for $USERDN" $LOG2 > /dev/null
186RC=$?
187if test $RC != 0 ; then
188	echo "Refresh failed"
189	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
190	exit 1
191fi
192
193CNT=`expr $CNT + 1`
194USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
195
196echo "Query $CNT: (Bind should be cached)"
197echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
198$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
199	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
200
201RC=$?
202if test $RC != 0 ; then
203	echo "ldapsearch failed ($RC)!"
204	test $KILLSERVERS != no && kill -HUP $KILLPIDS
205	exit $RC
206fi
207
208RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
209if test $RC != 2 ; then
210	echo "Bind wasn't answered from cache"
211	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
212	exit 1
213fi
214
215echo "=== New search on (sn=jo*)"
216cat /dev/null > $SEARCHOUT
217echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
218$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
219	-D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT
220
221RC=$?
222if test $RC != 0 ; then
223	echo "ldapsearch failed ($RC)!"
224	test $KILLSERVERS != no && kill -HUP $KILLPIDS
225	exit $RC
226fi
227
228RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
229if test $RC != 3 ; then
230	echo "Bind wasn't answered from cache"
231	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
232	exit 1
233fi
234
235RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l`
236if test $RC != 3 ; then
237	echo "Search wasn't searched on remote peer"
238	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
239	exit 1
240fi
241
242RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l`
243if test $RC != 1 ; then
244	echo "Search wasn't retrieved on remote peer"
245	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
246	exit 1
247fi
248
249echo "Test succeeded"
250
251test $KILLSERVERS != no && kill -HUP $KILLPIDS
252
253test $KILLSERVERS != no && wait
254
255exit 0
256