1#! /bin/sh 2## $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2016-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15## 16## ACKNOWLEDGEMENTS: 17## This module was written in 2016 by Ondřej Kuzník for Symas Corp. 18 19case "$BACKEND" in ldif | null) 20 echo "$BACKEND backend does not support access controls, test skipped" 21 exit 0 22esac 23 24echo "running defines.sh" 25. $SRCDIR/scripts/defines.sh 26 27CONF=$ACLCONF 28. ${SCRIPTDIR}/common.sh 29 30echo "Applying test-specific configuration..." 31. $CONFFILTER $BACKEND $MONITORDB < data/test006-config.ldif | \ 32$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ 33 >> $TESTOUT 2>&1 34RC=$? 35if test $RC != 0 ; then 36 echo "ldapmodify failed ($RC)!" 37 test $KILLSERVERS != no && kill -HUP $KILLPIDS 38 exit $RC 39fi 40 41$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ 42 $TESTOUT 2>&1 << EOMODS 43dn: ou=Add & Delete,dc=example,dc=com 44changetype: add 45objectClass: organizationalUnit 46ou: Add & Delete 47 48dn: cn=group,ou=Add & Delete,dc=example,dc=com 49changetype: add 50objectclass: groupOfNames 51member: dc=example,dc=com 52 53dn: sn=Doe,ou=Add & Delete,dc=example,dc=com 54changetype: add 55objectclass: OpenLDAPperson 56cn: John 57uid: jd 58 59dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com 60changetype: add 61objectclass: OpenLDAPperson 62cn: Mark 63uid: me 64EOMODS 65RC=$? 66if test $RC != 0 ; then 67 echo "ldapmodify failed ($RC)!" 68 test $KILLSERVERS != no && kill -HUP $KILLPIDS 69 exit $RC 70fi 71 72echo "Testing search ACL processing..." 73 74echo "# Try to read an entry inside the Alumni Association container. 75# It should give us noSuchObject if we're not bound..." \ 76>> $SEARCHOUT 77# FIXME: temporarily remove the "No such object" message to make 78# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd 79$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 "(objectclass=*)" \ 80 2>&1 | grep -v "No such object" >> $SEARCHOUT 81 82echo >>$SEARCHOUT 83echo "# ... and should return appropriate attributes if we're bound as anyone 84# under Example." \ 85>> $SEARCHOUT 86$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \ 87 -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 88 89$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \ 90 -D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1 91 92echo >>$SEARCHOUT 93echo "# Add & Delete subtree contents as seen by Babs" >> $SEARCHOUT 94$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \ 95 -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 96 97echo >>$SEARCHOUT 98echo "# Add & Delete subtree contents as seen by Bjorn" >> $SEARCHOUT 99$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \ 100 -D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1 101 102echo "Testing modifications..." 103echo "... ACL on the alternative entry" 104$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 105 $TESTOUT 2>&1 << EOMODS 106dn: cn=group,ou=Add & Delete,dc=example,dc=com 107changetype: modify 108add: seealso 109seealso: $BJORNSDN 110EOMODS 111RC=$? 112if test $RC != 0 ; then 113 echo "ldapmodify failed ($RC)!" 114 test $KILLSERVERS != no && kill -HUP $KILLPIDS 115 exit $RC 116fi 117 118$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 119 $TESTOUT 2>&1 << EOMODS 120dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 121changetype: modify 122add: description 123description: added by bjensen (should fail) 124EOMODS 125RC=$? 126case $RC in 12750) 128 ;; 1290) 130 echo "ldapmodify should have failed ($RC)!" 131 test $KILLSERVERS != no && kill -HUP $KILLPIDS 132 exit -1 133 ;; 134*) 135 echo "ldapmodify failed ($RC)!" 136 test $KILLSERVERS != no && kill -HUP $KILLPIDS 137 exit $RC 138 ;; 139esac 140 141$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ 142 $TESTOUT 2>&1 << EOMODS 143dn: cn=group,ou=Add & Delete,dc=example,dc=com 144changetype: modify 145add: seealso 146seealso: $BABSDN 147EOMODS 148RC=$? 149if test $RC != 0 ; then 150 echo "ldapmodify failed ($RC)!" 151 test $KILLSERVERS != no && kill -HUP $KILLPIDS 152 exit $RC 153fi 154 155$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 156 $TESTOUT 2>&1 << EOMODS 157dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com 158changetype: modify 159add: description 160description: added by bjorn (removed later) 161EOMODS 162RC=$? 163if test $RC != 0 ; then 164 echo "ldapmodify failed ($RC)!" 165 test $KILLSERVERS != no && kill -HUP $KILLPIDS 166 exit $RC 167fi 168 169$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 170 $TESTOUT 2>&1 << EOMODS 171dn: cn=Group,ou=Add & Delete,dc=example,dc=com 172changetype: modify 173delete: description 174description: added by bjorn (removed later) 175EOMODS 176RC=$? 177if test $RC != 0 ; then 178 echo "ldapmodify failed ($RC)!" 179 test $KILLSERVERS != no && kill -HUP $KILLPIDS 180 exit $RC 181fi 182 183$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 184 $TESTOUT 2>&1 << EOMODS 185dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com 186changetype: add 187objectClass: inetOrgPerson 188sn: Jensen 189EOMODS 190RC=$? 191if test $RC != 0 ; then 192 echo "ldapmodify failed ($RC)!" 193 test $KILLSERVERS != no && kill -HUP $KILLPIDS 194 exit $RC 195fi 196 197$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 198 $TESTOUT 2>&1 << EOMODS 199dn: cn=Group,ou=Add & Delete,dc=example,dc=com 200changetype: modify 201add: description 202description: another one added by bjorn (should succeed) 203EOMODS 204RC=$? 205if test $RC != 0 ; then 206 echo "ldapmodify failed ($RC)!" 207 test $KILLSERVERS != no && kill -HUP $KILLPIDS 208 exit $RC 209fi 210 211echo "... ACL on the variant entry" 212$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 213 $TESTOUT 2>&1 << EOMODS 214dn: cn=Group,ou=Add & Delete,dc=example,dc=com 215changetype: modify 216add: description 217description: added by bjensen (should fail) 218EOMODS 219RC=$? 220case $RC in 22150) 222 ;; 2230) 224 echo "ldapmodify should have failed ($RC)!" 225 test $KILLSERVERS != no && kill -HUP $KILLPIDS 226 exit -1 227 ;; 228*) 229 echo "ldapmodify failed ($RC)!" 230 test $KILLSERVERS != no && kill -HUP $KILLPIDS 231 exit $RC 232 ;; 233esac 234 235$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ 236 $TESTOUT 2>&1 << EOMODS 237dn: sn=Doe,ou=Add & Delete,dc=example,dc=com 238changetype: modify 239add: description 240description: added by bjorn (will be removed) 241EOMODS 242RC=$? 243if test $RC != 0 ; then 244 echo "ldapmodify failed ($RC)!" 245 test $KILLSERVERS != no && kill -HUP $KILLPIDS 246 exit $RC 247fi 248 249$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ 250 $TESTOUT 2>&1 << EOMODS 251dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com 252changetype: modify 253replace: description 254description: added by bjensen (should fail) 255EOMODS 256RC=$? 257case $RC in 25850) 259 ;; 2600) 261 echo "ldapmodify should have failed ($RC)!" 262 test $KILLSERVERS != no && kill -HUP $KILLPIDS 263 exit -1 264 ;; 265*) 266 echo "ldapmodify failed ($RC)!" 267 test $KILLSERVERS != no && kill -HUP $KILLPIDS 268 exit $RC 269 ;; 270esac 271 272$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ 273 $TESTOUT 2>&1 << EOMODS 274dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com 275changetype: modify 276delete: description 277description: added by bjorn (will be removed) 278- 279add: description 280description: added by jaj (should succeed) 281EOMODS 282RC=$? 283if test $RC != 0 ; then 284 echo "ldapmodify failed ($RC)!" 285 test $KILLSERVERS != no && kill -HUP $KILLPIDS 286 exit $RC 287fi 288 289sleep $SLEEP0 290 291echo >>$SEARCHOUT 292echo "Using ldapsearch to retrieve all the entries..." 293echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT 294$LDAPSEARCH -S "" -b "ou=Add & Delete,dc=example,dc=com" \ 295 -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 296 'objectClass=*' >> $SEARCHOUT 2>&1 297RC=$? 298if test $RC != 0 ; then 299 echo "ldapsearch failed ($RC)!" 300 exit $RC 301fi 302 303test $KILLSERVERS != no && kill -HUP $KILLPIDS 304 305LDIF=data/test006-out.ldif 306 307echo "Filtering ldapsearch results..." 308$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT 309echo "Filtering expected entries..." 310$LDIFFILTER -s e < $LDIF > $LDIFFLT 311echo "Comparing filter output..." 312$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 313 314if test $? != 0 ; then 315 echo "comparison failed - operations did not complete correctly" 316 exit 1 317fi 318 319echo ">>>>> Test succeeded" 320 321test $KILLSERVERS != no && wait 322 323exit 0 324