1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2016-2021 Ond��ej Kuzn��k, Symas Corp. 6## Copyright 1998-2021 The OpenLDAP Foundation. 7## All rights reserved. 8## 9## Redistribution and use in source and binary forms, with or without 10## modification, are permitted only as authorized by the OpenLDAP 11## Public License. 12## 13## A copy of this license is available in the file LICENSE in the 14## top-level directory of the distribution or, alternatively, at 15## <http://www.OpenLDAP.org/license.html>. 16 17echo "running defines.sh" 18. $SRCDIR/scripts/defines.sh 19 20if test $WITH_TLS = no ; then 21 echo "TLS support not available, test skipped" 22 exit 0 23fi 24 25if test $REMOTEAUTH = remoteauthno; then 26 echo "RemoteAuth overlay not available, test skipped" 27 exit 0 28fi 29 30mkdir -p $TESTDIR $DBDIR1 $DBDIR2 $TESTDIR/confdir 31cp -r $DATADIR/tls $TESTDIR 32 33. $CONFFILTER < $DATADIR/remoteauth/default_domain > $TESTDIR/default_domain 34 35. $CONFFILTER $BACKEND < $TLSCONF > $CONF1 36 37$SLAPPASSWD -g -n >$CONFIGPWF 38echo "database config" >>$CONF1 39echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1 40echo "TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt" >>$CONF1 41 42$SLAPD -Tt -n 0 -f $CONF1 -F $TESTDIR/confdir -d $LVL > $LOG1 2>&1 43RC=$? 44if test $RC != 0 ; then 45 echo "slaptest failed ($RC)!" 46 exit $RC 47fi 48 49echo -n "Running slapadd to build slapd database... " 50$SLAPADD -F $TESTDIR/confdir -l $LDIFORDERED 51RC=$? 52if test $RC != 0 ; then 53 echo "slapadd failed ($RC)!" 54 exit $RC 55fi 56 57echo "DB tweaks..." 58$SLAPMODIFY -F $TESTDIR/confdir >>$LOG1 2>&1 <<EOMODS 59dn: $MELLIOTDN 60changetype: modify 61add: o 62o: self 63- 64replace: seeAlso 65seeAlso: $BJORNSDN 66 67dn: $JOHNDDN 68changetype: modify 69replace: seeAlso 70seeAlso: $BJORNSDN 71EOMODS 72RC=$? 73if test $RC != 0 ; then 74 echo "slapmodify failed ($RC)!" 75 test $KILLSERVERS != no && kill -HUP $KILLPIDS 76 exit $RC 77fi 78 79echo "Starting slapd on TCP/IP port $PORT1 for configuration..." 80$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 & 81REMOTEAUTH_PID=$! 82if test $WAIT != 0 ; then 83 echo REMOTEAUTH_PID $REMOTEAUTH_PID 84 read foo 85fi 86KILLPIDS="$REMOTEAUTH_PID" 87 88sleep $SLEEP0 89 90for i in 0 1 2 3 4 5; do 91 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 92 'objectclass=*' > /dev/null 2>&1 93 RC=$? 94 if test $RC = 0 ; then 95 break 96 fi 97 echo "Waiting ${SLEEP1} seconds for slapd to start..." 98 sleep ${SLEEP1} 99done 100 101if [ "$REMOTEAUTH" = remoteauthmod ]; then 102$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF \ 103 >> $TESTOUT 2>&1 <<EOMOD 104dn: cn=module,cn=config 105objectClass: olcModuleList 106cn: module 107olcModulePath: $TESTWD/../servers/slapd/overlays 108olcModuleLoad: remoteauth.la 109EOMOD 110RC=$? 111if test $RC != 0 ; then 112 echo "ldapmodify failed ($RC)!" 113 test $KILLSERVERS != no && kill -HUP $KILLPIDS 114 exit $RC 115fi 116fi 117 118echo "Loading test remoteauth configuration..." 119. $CONFFILTER $BACKEND < $DATADIR/remoteauth/config.ldif | \ 120$LDAPADD -v -D cn=config -H $URI1 -y $CONFIGPWF \ 121 >> $TESTOUT 2>&1 122RC=$? 123if test $RC != 0 ; then 124 echo "ldapadd failed ($RC)!" 125 test $KILLSERVERS != no && kill -HUP $KILLPIDS 126 exit $RC 127fi 128 129echo -n "Preparing second server on $URI2 and $SURIP3... " 130. $CONFFILTER $BACKEND < $TLSCONF | sed -e "s,$DBDIR1,$DBDIR2," > $CONF2 131 132echo -n "loading data... " 133$SLAPADD -f $CONF2 -l $LDIFORDERED 134RC=$? 135if test $RC != 0 ; then 136 echo "slapadd failed ($RC)!" 137 test $KILLSERVERS != no && kill -HUP $KILLPIDS 138 exit $RC 139fi 140 141echo -n "tweaking DB contents... " 142$SLAPMODIFY -f $CONF2 >>$LOG2 2>&1 <<EOMODS 143dn: $BJORNSDN 144changetype: modify 145replace: userPassword 146userPassword: bjorn2 147EOMODS 148RC=$? 149if test $RC != 0 ; then 150 echo "slapmodify failed ($RC)!" 151 test $KILLSERVERS != no && kill -HUP $KILLPIDS 152 exit $RC 153fi 154 155echo "starting up... " 156$SLAPD -f $CONF2 -h "$URI2 $SURIP3" -d $LVL > $LOG2 2>&1 & 157BACKEND_PID=$! 158if test $WAIT != 0 ; then 159 echo BACKEND_PID $BACKEND_PID 160 read foo 161fi 162KILLPIDS="$KILLPIDS $BACKEND_PID" 163 164for i in 0 1 2 3 4 5; do 165 $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ 166 'objectclass=*' > /dev/null 2>&1 167 RC=$? 168 if test $RC = 0 ; then 169 break 170 fi 171 echo "Waiting ${SLEEP1} seconds for slapd to start..." 172 sleep ${SLEEP1} 173done 174 175if test $RC != 0 ; then 176 echo "failed ($RC)!" 177 test $KILLSERVERS != no && kill -HUP $KILLPIDS 178 exit $RC 179fi 180 181. $CONFFILTER $BACKEND < $TLSCONF > $CONF1 182 183echo "TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt" >>$CONF1 184echo "database config" >>$CONF1 185echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1 186 187# We check basic remoteauth operation and generated configuration in these 188# circumstances: 189# 1. configured online through cn=config (what we set up above) 190# 2. the server from 1. restarted (loading from cn=config on startup) 191# 3. configured and started through a slapd.conf 192# 193# All of the above should present the same behaviour and cn=config output 194 195echo "Saving generated config before server restart..." 196echo "# search output from dynamically configured server..." >> $SERVER1OUT 197$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \ 198 -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \ 199 >> $SERVER1OUT 2>&1 200RC=$? 201if test $RC != 0 ; then 202 echo "ldapsearch failed ($RC)!" 203 test $KILLSERVERS != no && kill -HUP $KILLPIDS 204 exit $RC 205fi 206 207echo -n "Checking bind handling... " 208 209$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null 210RC=$? 211if test $RC != 0 ; then 212 echo "ldapwhoami failed ($RC)!" 213 test $KILLSERVERS != no && kill -HUP $KILLPIDS 214 exit $RC 215fi 216echo -n "1 " 217 218$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null 219RC=$? 220if test $RC != 0 ; then 221 echo "ldapwhoami failed ($RC)!" 222 test $KILLSERVERS != no && kill -HUP $KILLPIDS 223 exit $RC 224fi 225echo -n "2 " 226 227$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null 228RC=$? 229if test $RC != 0 ; then 230 echo "ldapwhoami failed ($RC)!" 231 test $KILLSERVERS != no && kill -HUP $KILLPIDS 232 exit $RC 233fi 234echo -n "3 " 235 236echo "ok" 237 238echo "Stopping slapd on TCP/IP port $PORT1..." 239kill -HUP $REMOTEAUTH_PID 240KILLPIDS="$BACKEND_PID" 241sleep $SLEEP0 242echo "Starting slapd on TCP/IP port $PORT1..." 243$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 & 244REMOTEAUTH_PID=$! 245if test $WAIT != 0 ; then 246 echo REMOTEAUTH_PID $REMOTEAUTH_PID 247 read foo 248fi 249KILLPIDS="$KILLPIDS $REMOTEAUTH_PID" 250 251sleep $SLEEP0 252 253for i in 0 1 2 3 4 5; do 254 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 255 'objectclass=*' > /dev/null 2>&1 256 RC=$? 257 if test $RC = 0 ; then 258 break 259 fi 260 echo "Waiting ${SLEEP1} seconds for slapd to start..." 261 sleep ${SLEEP1} 262done 263 264echo "Saving generated config after server restart..." 265echo "# search output from dynamically configured server after restart..." >> $SERVER2OUT 266$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \ 267 -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \ 268 >> $SERVER2OUT 2>&1 269RC=$? 270if test $RC != 0 ; then 271 echo "ldapsearch failed ($RC)!" 272 test $KILLSERVERS != no && kill -HUP $KILLPIDS 273 exit $RC 274fi 275 276echo -n "Checking bind handling... " 277 278$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null 279RC=$? 280if test $RC != 0 ; then 281 echo "ldapwhoami failed ($RC)!" 282 test $KILLSERVERS != no && kill -HUP $KILLPIDS 283 exit $RC 284fi 285echo -n "1 " 286 287$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null 288RC=$? 289if test $RC != 0 ; then 290 echo "ldapwhoami failed ($RC)!" 291 test $KILLSERVERS != no && kill -HUP $KILLPIDS 292 exit $RC 293fi 294echo -n "2 " 295 296$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null 297RC=$? 298if test $RC != 0 ; then 299 echo "ldapwhoami failed ($RC)!" 300 test $KILLSERVERS != no && kill -HUP $KILLPIDS 301 exit $RC 302fi 303echo -n "3 " 304 305echo "ok" 306 307echo "Stopping slapd on TCP/IP port $PORT1..." 308kill -HUP $REMOTEAUTH_PID 309KILLPIDS="$BACKEND_PID" 310sleep $SLEEP0 311 312echo "Testing slapd.conf support..." 313sed -e "s,database\\s*monitor,\\ 314TLSCACertificateFile $TESTDIR/tls/ca/certs/testsuiteCA.crt\\ 315\\ 316#remoteauthmod#moduleload ../servers/slapd/overlays/remoteauth.la\\ 317include $TESTDIR/remoteauth.conf\\ 318\\ 319database monitor," $TLSCONF | . $CONFFILTER $BACKEND >$CONF1 320echo "database config" >>$CONF1 321echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1 322 323. $CONFFILTER $BACKEND < $DATADIR/remoteauth/remoteauth.conf >$TESTDIR/remoteauth.conf 324 325echo "Starting slapd on TCP/IP port $PORT1..." 326$SLAPD -f $CONF1 -h $URI1 -d $LVL >> $LOG1 2>&1 & 327REMOTEAUTH_PID=$! 328if test $WAIT != 0 ; then 329 echo REMOTEAUTH_PID $REMOTEAUTH_PID 330 read foo 331fi 332KILLPIDS="$KILLPIDS $REMOTEAUTH_PID" 333 334sleep $SLEEP0 335 336for i in 0 1 2 3 4 5; do 337 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 338 'objectclass=*' > /dev/null 2>&1 339 RC=$? 340 if test $RC = 0 ; then 341 break 342 fi 343 echo "Waiting ${SLEEP1} seconds for slapd to start..." 344 sleep ${SLEEP1} 345done 346 347echo "Saving generated config from a slapd.conf sourced server..." 348echo "# search output from server running from slapd.conf..." >> $SERVER3OUT 349$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \ 350 -b "olcOverlay={0}remoteauth,olcDatabase={1}$BACKEND,cn=config" \ 351 >> $SERVER3OUT 2>&1 352RC=$? 353if test $RC != 0 ; then 354 echo "ldapsearch failed ($RC)!" 355 test $KILLSERVERS != no && kill -HUP $KILLPIDS 356 exit $RC 357fi 358 359echo -n "Checking bind handling... " 360 361$LDAPWHOAMI -H $URI1 -x -D "$BJORNSDN" -w bjorn >/dev/null 362RC=$? 363if test $RC != 0 ; then 364 echo "ldapwhoami failed ($RC)!" 365 test $KILLSERVERS != no && kill -HUP $KILLPIDS 366 exit $RC 367fi 368echo -n "1 " 369 370$LDAPWHOAMI -H $URI1 -x -D "$JOHNDDN" -w bjorn2 >/dev/null 371RC=$? 372if test $RC != 0 ; then 373 echo "ldapwhoami failed ($RC)!" 374 test $KILLSERVERS != no && kill -HUP $KILLPIDS 375 exit $RC 376fi 377echo -n "2 " 378 379$LDAPWHOAMI -H $URI1 -x -D "$MELLIOTDN" -w bjorn >/dev/null 380RC=$? 381if test $RC != 0 ; then 382 echo "ldapwhoami failed ($RC)!" 383 test $KILLSERVERS != no && kill -HUP $KILLPIDS 384 exit $RC 385fi 386echo -n "3 " 387 388echo "ok" 389 390test $KILLSERVERS != no && kill -HUP $KILLPIDS 391 392# LDIFFILTER doesn't (un)wrap long lines yet, so the result would differ 393#. $CONFFILTER $BACKEND < $DATADIR/remoteauth/config.ldif \ 394# | $LDIFFILTER -s a > $SERVER6FLT 395 396# We've already filtered out the ordering markers, now sort the entries 397echo "Filtering ldapsearch results..." 398$LDIFFILTER -s a < $SERVER1OUT > $SERVER1FLT 399$LDIFFILTER -s a < $SERVER2OUT > $SERVER2FLT 400$LDIFFILTER -s a < $SERVER3OUT > $SERVER3FLT 401echo "Filtering expected entries..." 402 403echo "Comparing filter output..." 404#$CMP $SERVER6FLT $SERVER1FLT > $CMPOUT && \ 405$CMP $SERVER1FLT $SERVER2FLT > $CMPOUT && \ 406$CMP $SERVER2FLT $SERVER3FLT > $CMPOUT 407 408if test $? != 0 ; then 409 echo "Comparison failed" 410 exit 1 411fi 412 413echo ">>>>> Test succeeded" 414 415test $KILLSERVERS != no && wait 416 417exit 0 418