1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19if test $WITH_TLS = no ; then 20 echo "TLS support not available, test skipped" 21 exit 0 22fi 23 24if test $WITH_SASL = no ; then 25 echo "SASL support not available, test skipped" 26 exit 0 27fi 28 29mkdir -p $TESTDIR $DBDIR1 30cp -r $DATADIR/tls $TESTDIR 31 32cd $TESTWD 33 34echo "Running slapadd to build slapd database..." 35. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF1 36$SLAPADD -f $CONF1 -l $LDIFORDERED 37RC=$? 38if test $RC != 0 ; then 39 echo "slapadd failed ($RC)!" 40 exit $RC 41fi 42 43echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT2..." 44$SLAPD -f $CONF1 -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 & 45PID=$! 46if test $WAIT != 0 ; then 47 echo PID $PID 48 read foo 49fi 50KILLPIDS="$PID" 51 52sleep 1 53 54for i in 0 1 2 3 4 5; do 55 $LDAPSEARCH -s base -b "" -H $URI1 \ 56 'objectclass=*' > /dev/null 2>&1 57 RC=$? 58 if test $RC = 0 ; then 59 break 60 fi 61 echo "Waiting 5 seconds for slapd to start..." 62 sleep 5 63done 64 65if test $RC != 0 ; then 66 echo "ldapsearch failed ($RC)!" 67 test $KILLSERVERS != no && kill -HUP $KILLPIDS 68 exit $RC 69fi 70 71echo -n "Using ldapwhoami with SASL/EXTERNAL...." 72$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqcert=hard \ 73 -o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key -ZZ -Y EXTERNAL -H $URIP1 \ 74 > $TESTOUT 2>&1 75RC=$? 76if test $RC != 0 ; then 77 echo "ldapwhoami (startTLS) failed ($RC)!" 78 exit $RC 79else 80 echo "success" 81fi 82 83echo -n "Validating mapped SASL ID..." 84echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out 85$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT 86 87RC=$? 88if test $RC != 0 ; then 89 echo "Comparison failed" 90 test $KILLSERVERS != no && kill -HUP $PID 91 exit $RC 92else 93 echo "success" 94fi 95 96# Exercise channel-bindings code in builds without SASL support 97for cb in "none" "tls-unique" "tls-endpoint" ; do 98 99 echo -n "Using ldapwhoami with SASL/EXTERNAL and SASL_CBINDING (${cb})...." 100 101 $LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \ 102 -o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \ 103 -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \ 104 -o tls_reqcert=hard -o SASL_CBINDING=$cb -ZZ -Y EXTERNAL -H $URIP1 \ 105 > $TESTOUT 2>&1 106 107 RC=$? 108 if test $RC != 0 ; then 109 echo "ldapwhoami failed ($RC)!" 110 test $KILLSERVERS != no && kill -HUP $PID 111 exit $RC 112 else 113 echo "success" 114 fi 115done 116 117 118test $KILLSERVERS != no && kill -HUP $KILLPIDS 119 120if test $RC != 0 ; then 121 echo ">>>>> Test failed" 122else 123 echo ">>>>> Test succeeded" 124 RC=0 125fi 126 127test $KILLSERVERS != no && wait 128 129exit $RC 130