mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
469 lines
12 KiB
Bash
Executable File
469 lines
12 KiB
Bash
Executable File
#! /bin/sh
|
|
# $OpenLDAP$
|
|
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
##
|
|
## Copyright 1998-2017 The OpenLDAP Foundation.
|
|
## All rights reserved.
|
|
##
|
|
## Redistribution and use in source and binary forms, with or without
|
|
## modification, are permitted only as authorized by the OpenLDAP
|
|
## Public License.
|
|
##
|
|
## A copy of this license is available in the file LICENSE in the
|
|
## top-level directory of the distribution or, alternatively, at
|
|
## <http://www.OpenLDAP.org/license.html>.
|
|
|
|
echo "running defines.sh"
|
|
. $SRCDIR/scripts/defines.sh
|
|
|
|
mkdir -p $TESTDIR $DBDIR1
|
|
|
|
echo "Running slapadd to build slapd database..."
|
|
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
|
|
$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "slapadd failed ($RC)!"
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Starting slapd on TCP/IP port $PORT..."
|
|
. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
|
|
$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
|
|
PID=$!
|
|
if test $WAIT != 0 ; then
|
|
echo PID $PID
|
|
read foo
|
|
fi
|
|
KILLPIDS="$PID"
|
|
|
|
sleep 1
|
|
|
|
echo "Using ldapsearch to check that slapd is running..."
|
|
for i in 0 1 2 3 4 5; do
|
|
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
|
|
'objectclass=*' > /dev/null 2>&1
|
|
RC=$?
|
|
if test $RC = 0 ; then
|
|
break
|
|
fi
|
|
echo "Waiting 5 seconds for slapd to start..."
|
|
sleep 5
|
|
done
|
|
|
|
echo "Testing ldapwhoami as anonymous..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Testing ldapwhoami as ${MANAGERDN}..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
|
|
-e \!authzid=""
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
|
|
-e \!authzid="dn:$BABSDN"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
|
|
-e \!authzid="u:uham"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
# authzFrom: someone else => bjorn
|
|
echo "Testing authzFrom..."
|
|
|
|
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjensen
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
|
|
BINDPW=melliot
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
|
|
BINDPW=jen
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=jjones
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=noone
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
|
|
BINDPW=dots
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
|
|
BINDPW=jaj
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
|
|
BINDPW=ITD
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Should Fail,dc=example,dc=com"
|
|
BINDPW=fail
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
case $RC in
|
|
1)
|
|
;;
|
|
0)
|
|
echo "ldapwhoami should have failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
;;
|
|
*)
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
;;
|
|
esac
|
|
|
|
BINDDN="cn=Must Fail,dc=example,dc=com"
|
|
BINDPW=fail
|
|
AUTHZID="u:bjorn"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
case $RC in
|
|
1)
|
|
;;
|
|
0)
|
|
echo "ldapwhoami should have failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
;;
|
|
*)
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
;;
|
|
esac
|
|
|
|
# authzTo: bjorn => someone else
|
|
echo "Testing authzTo..."
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:bjensen"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:melliot"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:jdoe"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:jjones"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:noone"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:dots"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:jaj"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:group/itd staff"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="u:fail"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
case $RC in
|
|
1)
|
|
;;
|
|
0)
|
|
echo "ldapwhoami should have failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
;;
|
|
*)
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
;;
|
|
esac
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
case $RC in
|
|
1)
|
|
;;
|
|
0)
|
|
echo "ldapwhoami should have failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit -1
|
|
;;
|
|
*)
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
;;
|
|
esac
|
|
|
|
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
|
|
BINDPW=bjorn
|
|
AUTHZID="dn:cn=don't!"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 1 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit 1
|
|
fi
|
|
|
|
BINDDN="dc=example,dc=com"
|
|
BINDPW=example
|
|
AUTHZID="dn:"
|
|
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
|
|
$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
|
|
-e \!authzid="$AUTHZID"
|
|
|
|
RC=$?
|
|
if test $RC != 0 ; then
|
|
echo "ldapwhoami failed ($RC)!"
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
exit $RC
|
|
fi
|
|
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS
|
|
|
|
echo ">>>>> Test succeeded"
|
|
|
|
test $KILLSERVERS != no && wait
|
|
|
|
exit 0
|
|
|
|
## Note to developers: when SLAPD_DEBUG=-1 the command
|
|
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
|
|
## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
|
|
## to indicate that the authzFrom and authzTo rules applied in the right order.
|