#! /bin/sh # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2020 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## . echo "running defines.sh" . $SRCDIR/scripts/defines.sh if test $WITH_SASL = no; then echo "SASL authentication not available, test skipped" exit 0 fi CONFDIR=$TESTDIR/slapd.d MECH=DIGEST-MD5 mkdir -p $TESTDIR $CONFDIR $DBDIR1 $SLAPPASSWD -g -n >$CONFIGPWF echo "Starting slapd on TCP/IP port $PORT1... $PWD" . $CONFFILTER $BACKEND $MONITORDB < $DYNAMICCONF > $CONFLDIF $SLAPADD -F $CONFDIR -n 0 -l $CONFLDIF cd $TESTDIR $SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$PID" cd $TESTWD sleep 1 echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "" -H $URI1 \ 'objectclass=*' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Checking whether $MECH is supported..." $LDAPSEARCH -s base -b "" -H $URI1 \ 'objectClass=*' supportedSASLMechanisms > $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi grep "supportedSASLMechanisms: $MECH" $SEARCHOUT > $TESTOUT RC=$? if test $RC != 0 ; then echo "SASL mechanism $MECH is not available, test skipped" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit 0 fi echo "Adding schema and database..." $LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 include: file://$ABS_SCHEMADIR/core.ldif include: file://$ABS_SCHEMADIR/cosine.ldif include: file://$ABS_SCHEMADIR/inetorgperson.ldif include: file://$ABS_SCHEMADIR/openldap.ldif include: file://$ABS_SCHEMADIR/nis.ldif EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for schema config ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi if [ "$BACKENDTYPE" = mod ]; then $LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND olcModuleLoad: back_$BACKEND.la EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for backend config ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi fi $LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcDbDirectory: $DBDIR1 olcRootDN: $MANAGERDN olcRootPW: $PASSWD EOF RC=$? if test $RC != 0 ; then echo "ldapadd failed for database config ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi if test $INDEXDB = indexdb ; then $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: olcDatabase={1}$BACKEND,cn=config changetype: modify add: olcDbIndex olcDbIndex: objectClass,entryUUID,entryCSN eq olcDbIndex: cn,uid pres,eq,sub EOF RC=$? if test $RC != 0 ; then echo "ldapmodify failed for index config ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi fi echo "Using ldapadd to populate the database..." $LDAPADD -H $URI1 -D "$MANAGERDN" -w $PASSWD < $LDIFORDERED >>$TESTOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapadd failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Adding olcAuthzRegexp rule for static mapping..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthzRegexp olcAuthzRegexp: uid=manager,cn=[^,]+,cn=auth $MANAGERDN EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Adding olcAuthzRegexp rule to search by uid..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthzRegexp olcAuthzRegexp: uid=([^,]+),cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=\$1) EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Inserting olcAuthzRegexp rule before the last..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthzRegexp olcAuthzRegexp: {1}uid=babs,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjensen) EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Deleting the first olcAuthzRegexp rule..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthzRegexp olcAuthzRegexp: {0} EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 49; then echo "ldapwhoami unexpected result ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Updating an olcAuthzRegexp rule in place..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthzRegexp olcAuthzRegexp: {0} - add: olcAuthzRegexp olcAuthzRegexp: {0}uid=biff,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjorn) EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 49; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=biff echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjorn RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Deleting all olcAuthzRegexp rules..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthzRegexp EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 49; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Initializing olcAuthIDRewrite engine..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteEngine ON olcAuthIDRewrite: rewriteContext authid EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Adding olcAuthIDRewrite rule for static mapping..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteRule uid=manager,cn=[^,]+,cn=auth $MANAGERDN : EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Adding olcAuthIDRewrite rule to search by uid..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteRule uid=([^,]+),cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=\$1) : EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Inserting olcAuthIDRewrite rule before the last..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: {3}rewriteRule uid=babs,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjensen) : EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Deleting the first olcAuthIDRewrite rule..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite olcAuthIDRewrite: {2} EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=Manager echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD RC=$? if test $RC != 49; then echo "ldapwhoami unexpected result ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Updating an olcAuthIDRewrite rule in place..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite olcAuthIDRewrite: {2} - add: olcAuthIDRewrite olcAuthIDRewrite: {2}rewriteRule uid=biff,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjorn) : EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=babs echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen RC=$? if test $RC != 49; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=biff echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjorn RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 0; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo echo "Deleting all olcAuthIDRewrite rules..." $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite EOF RC=$? if test $RC != 0; then echo "ldapmodify failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi ID=bjensen echo "Testing ldapwhoami as $ID (should fail)..." $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID RC=$? if test $RC != 49; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" test $KILLSERVERS != no && wait exit 0