1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $WITH_TLS = no ; then
20        echo "TLS support not available, test skipped"
21        exit 0
22fi
23
24if test $WITH_SASL = no ; then
25	echo "SASL support not available, test skipped"
26	exit 0
27fi
28
29mkdir -p $TESTDIR $DBDIR1
30cp -r $DATADIR/tls $TESTDIR
31
32cd $TESTWD
33
34echo "Running slapadd to build slapd database..."
35. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF1
36$SLAPADD -f $CONF1 -l $LDIFORDERED
37RC=$?
38if test $RC != 0 ; then
39        echo "slapadd failed ($RC)!"
40        exit $RC
41fi
42
43echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT2..."
44$SLAPD -f $CONF1 -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 &
45PID=$!
46if test $WAIT != 0 ; then
47    echo PID $PID
48    read foo
49fi
50KILLPIDS="$PID"
51
52sleep 1
53
54for i in 0 1 2 3 4 5; do
55	$LDAPSEARCH -s base -b "" -H $URI1 \
56		'objectclass=*' > /dev/null 2>&1
57        RC=$?
58        if test $RC = 0 ; then
59                break
60        fi
61        echo "Waiting 5 seconds for slapd to start..."
62        sleep 5
63done
64
65if test $RC != 0 ; then
66	echo "ldapsearch failed ($RC)!"
67	test $KILLSERVERS != no && kill -HUP $KILLPIDS
68	exit $RC
69fi
70
71echo -n "Using ldapwhoami with SASL/EXTERNAL...."
72$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqcert=hard \
73	-o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key -ZZ -Y EXTERNAL -H $URIP1 \
74	> $TESTOUT 2>&1
75RC=$?
76if test $RC != 0 ; then
77	echo "ldapwhoami (startTLS) failed ($RC)!"
78	exit $RC
79else
80	echo "success"
81fi
82
83echo -n "Validating mapped SASL ID..."
84echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out
85$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
86
87RC=$?
88if test $RC != 0 ; then
89	echo "Comparison failed"
90	test $KILLSERVERS != no && kill -HUP $PID
91	exit $RC
92else
93	echo "success"
94fi
95
96# Exercise channel-bindings code in builds without SASL support
97for cb in "none" "tls-unique" "tls-endpoint" ; do
98
99	echo -n "Using ldapwhoami with SASL/EXTERNAL and SASL_CBINDING (${cb})...."
100
101	$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt     \
102	-o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt           \
103	-o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key          \
104	-o tls_reqcert=hard -o SASL_CBINDING=$cb -ZZ -Y EXTERNAL -H $URIP1      \
105	> $TESTOUT 2>&1
106
107	RC=$?
108	if test $RC != 0 ; then
109		echo "ldapwhoami failed ($RC)!"
110		test $KILLSERVERS != no && kill -HUP $PID
111		exit $RC
112	else
113		echo "success"
114	fi
115done
116
117
118test $KILLSERVERS != no && kill -HUP $KILLPIDS
119
120if test $RC != 0 ; then
121	echo ">>>>> Test failed"
122else
123	echo ">>>>> Test succeeded"
124	RC=0
125fi
126
127test $KILLSERVERS != no && wait
128
129exit $RC
130