1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 2016-2021 Ond��ej Kuzn��k, Symas Corp.
6## Copyright 1998-2021 The OpenLDAP Foundation.
7## All rights reserved.
8##
9## Redistribution and use in source and binary forms, with or without
10## modification, are permitted only as authorized by the OpenLDAP
11## Public License.
12##
13## A copy of this license is available in the file LICENSE in the
14## top-level directory of the distribution or, alternatively, at
15## <http://www.OpenLDAP.org/license.html>.
16
17echo "running defines.sh"
18. $SRCDIR/scripts/defines.sh
19
20if test $WITH_TLS = no ; then
21    echo "TLS support not available, test skipped"
22    exit 0
23fi
24
25if test $REMOTEAUTH = remoteauthno; then
26    echo "RemoteAuth overlay not available, test skipped"
27    exit 0
28fi
29
30mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $TESTDIR/confdir
31cp -r $DATADIR/tls $TESTDIR
32
33. $CONFFILTER < $DATADIR/remoteauth/default_domain > $TESTDIR/default_domain
34
35. $CONFFILTER $BACKEND < $TLSCONF > $CONF1
36
37$SLAPPASSWD -g -n >$CONFIGPWF
38echo "database config" >>$CONF1
39echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1
40echo "TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt" >>$CONF1
41
42$SLAPD -Tt -n 0 -f $CONF1 -F $TESTDIR/confdir -d $LVL > $LOG1 2>&1
43RC=$?
44if test $RC != 0 ; then
45    echo "slaptest failed ($RC)!"
46    exit $RC
47fi
48
49echo -n "Running slapadd to build slapd database... "
50$SLAPADD -F $TESTDIR/confdir -l $LDIFORDERED
51RC=$?
52if test $RC != 0 ; then
53    echo "slapadd failed ($RC)!"
54    exit $RC
55fi
56
57echo "DB tweaks..."
58$SLAPMODIFY -F $TESTDIR/confdir >>$LOG1 2>&1 <<EOMODS
59dn: $MELLIOTDN
60changetype: modify
61add: o
62o: self
63-
64replace: seeAlso
65seeAlso: $BJORNSDN
66
67dn: $JOHNDDN
68changetype: modify
69replace: seeAlso
70seeAlso: $BJORNSDN
71EOMODS
72RC=$?
73if test $RC != 0 ; then
74    echo "slapmodify failed ($RC)!"
75    test $KILLSERVERS != no && kill -HUP $KILLPIDS
76    exit $RC
77fi
78
79echo "Starting slapd on TCP/IP port $PORT1 for configuration..."
80$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 &
81REMOTEAUTH_PID=$!
82if test $WAIT != 0 ; then
83    echo REMOTEAUTH_PID $REMOTEAUTH_PID
84    read foo
85fi
86KILLPIDS="$REMOTEAUTH_PID"
87
88sleep $SLEEP0
89
90for i in 0 1 2 3 4 5; do
91    $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
92        'objectclass=*' > /dev/null 2>&1
93    RC=$?
94    if test $RC = 0 ; then
95        break
96    fi
97    echo "Waiting ${SLEEP1} seconds for slapd to start..."
98    sleep ${SLEEP1}
99done
100
101if [ "$REMOTEAUTH" = remoteauthmod ]; then
102$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF \
103    >> $TESTOUT 2>&1 <<EOMOD
104dn: cn=module,cn=config
105objectClass: olcModuleList
106cn: module
107olcModulePath: $TESTWD/../servers/slapd/overlays
108olcModuleLoad: remoteauth.la
109EOMOD
110RC=$?
111if test $RC != 0 ; then
112    echo "ldapmodify failed ($RC)!"
113    test $KILLSERVERS != no && kill -HUP $KILLPIDS
114    exit $RC
115fi
116fi
117
118echo "Loading test remoteauth configuration..."
119. $CONFFILTER $BACKEND < $DATADIR/remoteauth/config.ldif | \
120$LDAPADD -v -D cn=config -H $URI1 -y $CONFIGPWF \
121    >> $TESTOUT 2>&1
122RC=$?
123if test $RC != 0 ; then
124    echo "ldapadd failed ($RC)!"
125    test $KILLSERVERS != no && kill -HUP $KILLPIDS
126    exit $RC
127fi
128
129echo -n "Preparing second server on $URI2 and $SURIP3... "
130. $CONFFILTER $BACKEND < $TLSCONF | sed -e "s,$DBDIR1,$DBDIR2," > $CONF2
131
132echo -n "loading data... "
133$SLAPADD -f $CONF2 -l $LDIFORDERED
134RC=$?
135if test $RC != 0 ; then
136    echo "slapadd failed ($RC)!"
137    test $KILLSERVERS != no && kill -HUP $KILLPIDS
138    exit $RC
139fi
140
141echo -n "tweaking DB contents... "
142$SLAPMODIFY -f $CONF2 >>$LOG2 2>&1 <<EOMODS
143dn: $BJORNSDN
144changetype: modify
145replace: userPassword
146userPassword: bjorn2
147EOMODS
148RC=$?
149if test $RC != 0 ; then
150    echo "slapmodify failed ($RC)!"
151    test $KILLSERVERS != no && kill -HUP $KILLPIDS
152    exit $RC
153fi
154
155echo "starting up... "
156$SLAPD -f $CONF2 -h "$URI2 $SURIP3" -d $LVL > $LOG2 2>&1 &
157BACKEND_PID=$!
158if test $WAIT != 0 ; then
159    echo BACKEND_PID $BACKEND_PID
160    read foo
161fi
162KILLPIDS="$KILLPIDS $BACKEND_PID"
163
164for i in 0 1 2 3 4 5; do
165    $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
166        'objectclass=*' > /dev/null 2>&1
167    RC=$?
168    if test $RC = 0 ; then
169        break
170    fi
171    echo "Waiting ${SLEEP1} seconds for slapd to start..."
172    sleep ${SLEEP1}
173done
174
175if test $RC != 0 ; then
176    echo "failed ($RC)!"
177    test $KILLSERVERS != no && kill -HUP $KILLPIDS
178    exit $RC
179fi
180
181. $CONFFILTER $BACKEND < $TLSCONF > $CONF1
182
183echo "TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt" >>$CONF1
184echo "database config" >>$CONF1
185echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1
186
187# We check basic remoteauth operation and generated configuration in these
188# circumstances:
189# 1. configured online through cn=config (what we set up above)
190# 2. the server from 1. restarted (loading from cn=config on startup)
191# 3. configured and started through a slapd.conf
192#
193# All of the above should present the same behaviour and cn=config output
194
195echo "Saving generated config before server restart..."
196echo "# search output from dynamically configured server..." >> $SERVER1OUT
197$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
198    -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \
199    >> $SERVER1OUT 2>&1
200RC=$?
201if test $RC != 0 ; then
202    echo "ldapsearch failed ($RC)!"
203    test $KILLSERVERS != no && kill -HUP $KILLPIDS
204    exit $RC
205fi
206
207echo -n "Checking bind handling... "
208
209$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null
210RC=$?
211if test $RC != 0 ; then
212    echo "ldapwhoami failed ($RC)!"
213    test $KILLSERVERS != no && kill -HUP $KILLPIDS
214    exit $RC
215fi
216echo -n "1 "
217
218$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null
219RC=$?
220if test $RC != 0 ; then
221    echo "ldapwhoami failed ($RC)!"
222    test $KILLSERVERS != no && kill -HUP $KILLPIDS
223    exit $RC
224fi
225echo -n "2 "
226
227$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null
228RC=$?
229if test $RC != 0 ; then
230    echo "ldapwhoami failed ($RC)!"
231    test $KILLSERVERS != no && kill -HUP $KILLPIDS
232    exit $RC
233fi
234echo -n "3 "
235
236echo "ok"
237
238echo "Stopping slapd on TCP/IP port $PORT1..."
239kill -HUP $REMOTEAUTH_PID
240KILLPIDS="$BACKEND_PID"
241sleep $SLEEP0
242echo "Starting slapd on TCP/IP port $PORT1..."
243$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 &
244REMOTEAUTH_PID=$!
245if test $WAIT != 0 ; then
246    echo REMOTEAUTH_PID $REMOTEAUTH_PID
247    read foo
248fi
249KILLPIDS="$KILLPIDS $REMOTEAUTH_PID"
250
251sleep $SLEEP0
252
253for i in 0 1 2 3 4 5; do
254    $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
255        'objectclass=*' > /dev/null 2>&1
256    RC=$?
257    if test $RC = 0 ; then
258        break
259    fi
260    echo "Waiting ${SLEEP1} seconds for slapd to start..."
261    sleep ${SLEEP1}
262done
263
264echo "Saving generated config after server restart..."
265echo "# search output from dynamically configured server after restart..." >> $SERVER2OUT
266$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
267    -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \
268    >> $SERVER2OUT 2>&1
269RC=$?
270if test $RC != 0 ; then
271    echo "ldapsearch failed ($RC)!"
272    test $KILLSERVERS != no && kill -HUP $KILLPIDS
273    exit $RC
274fi
275
276echo -n "Checking bind handling... "
277
278$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null
279RC=$?
280if test $RC != 0 ; then
281    echo "ldapwhoami failed ($RC)!"
282    test $KILLSERVERS != no && kill -HUP $KILLPIDS
283    exit $RC
284fi
285echo -n "1 "
286
287$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null
288RC=$?
289if test $RC != 0 ; then
290    echo "ldapwhoami failed ($RC)!"
291    test $KILLSERVERS != no && kill -HUP $KILLPIDS
292    exit $RC
293fi
294echo -n "2 "
295
296$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null
297RC=$?
298if test $RC != 0 ; then
299    echo "ldapwhoami failed ($RC)!"
300    test $KILLSERVERS != no && kill -HUP $KILLPIDS
301    exit $RC
302fi
303echo -n "3 "
304
305echo "ok"
306
307echo "Stopping slapd on TCP/IP port $PORT1..."
308kill -HUP $REMOTEAUTH_PID
309KILLPIDS="$BACKEND_PID"
310sleep $SLEEP0
311
312echo "Testing slapd.conf support..."
313sed -e "s,database\\s*monitor,\\
314TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt\\
315\\
316#remoteauthmod#moduleload ../servers/slapd/overlays/remoteauth.la\\
317include $TESTDIR/remoteauth.conf\\
318\\
319database monitor," $TLSCONF | . $CONFFILTER $BACKEND >$CONF1
320echo "database config" >>$CONF1
321echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1
322
323. $CONFFILTER $BACKEND < $DATADIR/remoteauth/remoteauth.conf >$TESTDIR/remoteauth.conf
324
325echo "Starting slapd on TCP/IP port $PORT1..."
326$SLAPD -f $CONF1 -h $URI1 -d $LVL >> $LOG1 2>&1 &
327REMOTEAUTH_PID=$!
328if test $WAIT != 0 ; then
329    echo REMOTEAUTH_PID $REMOTEAUTH_PID
330    read foo
331fi
332KILLPIDS="$KILLPIDS $REMOTEAUTH_PID"
333
334sleep $SLEEP0
335
336for i in 0 1 2 3 4 5; do
337    $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
338        'objectclass=*' > /dev/null 2>&1
339    RC=$?
340    if test $RC = 0 ; then
341        break
342    fi
343    echo "Waiting ${SLEEP1} seconds for slapd to start..."
344    sleep ${SLEEP1}
345done
346
347echo "Saving generated config from a slapd.conf sourced server..."
348echo "# search output from server running from slapd.conf..." >> $SERVER3OUT
349$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
350    -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \
351    >> $SERVER3OUT 2>&1
352RC=$?
353if test $RC != 0 ; then
354    echo "ldapsearch failed ($RC)!"
355    test $KILLSERVERS != no && kill -HUP $KILLPIDS
356    exit $RC
357fi
358
359echo -n "Checking bind handling... "
360
361$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null
362RC=$?
363if test $RC != 0 ; then
364    echo "ldapwhoami failed ($RC)!"
365    test $KILLSERVERS != no && kill -HUP $KILLPIDS
366    exit $RC
367fi
368echo -n "1 "
369
370$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null
371RC=$?
372if test $RC != 0 ; then
373    echo "ldapwhoami failed ($RC)!"
374    test $KILLSERVERS != no && kill -HUP $KILLPIDS
375    exit $RC
376fi
377echo -n "2 "
378
379$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null
380RC=$?
381if test $RC != 0 ; then
382    echo "ldapwhoami failed ($RC)!"
383    test $KILLSERVERS != no && kill -HUP $KILLPIDS
384    exit $RC
385fi
386echo -n "3 "
387
388echo "ok"
389
390test $KILLSERVERS != no && kill -HUP $KILLPIDS
391
392# LDIFFILTER doesn't (un)wrap long lines yet, so the result would differ
393#. $CONFFILTER $BACKEND < $DATADIR/remoteauth/config.ldif \
394#    | $LDIFFILTER -s a > $SERVER6FLT
395
396# We've already filtered out the ordering markers, now sort the entries
397echo "Filtering ldapsearch results..."
398$LDIFFILTER -s a < $SERVER1OUT > $SERVER1FLT
399$LDIFFILTER -s a < $SERVER2OUT > $SERVER2FLT
400$LDIFFILTER -s a < $SERVER3OUT > $SERVER3FLT
401echo "Filtering expected entries..."
402
403echo "Comparing filter output..."
404#$CMP $SERVER6FLT $SERVER1FLT > $CMPOUT && \
405$CMP $SERVER1FLT $SERVER2FLT > $CMPOUT && \
406$CMP $SERVER2FLT $SERVER3FLT > $CMPOUT
407
408if test $? != 0 ; then
409	echo "Comparison failed"
410	exit 1
411fi
412
413echo ">>>>> Test succeeded"
414
415test $KILLSERVERS != no && wait
416
417exit 0
418