1#! /bin/sh 2# OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.23.2.7 2010/04/19 19:14:33 quanah Exp 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2010 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19mkdir -p $TESTDIR $DBDIR1 20 21echo "Running slapadd to build slapd database..." 22. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF 23$SLAPADD -f $ADDCONF -l $LDIFWHOAMI 24RC=$? 25if test $RC != 0 ; then 26 echo "slapadd failed ($RC)!" 27 exit $RC 28fi 29 30echo "Starting slapd on TCP/IP port $PORT..." 31. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1 32$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 33PID=$! 34if test $WAIT != 0 ; then 35 echo PID $PID 36 read foo 37fi 38KILLPIDS="$PID" 39 40sleep 1 41 42echo "Using ldapsearch to check that slapd is running..." 43for i in 0 1 2 3 4 5; do 44 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 45 'objectclass=*' > /dev/null 2>&1 46 RC=$? 47 if test $RC = 0 ; then 48 break 49 fi 50 echo "Waiting 5 seconds for slapd to start..." 51 sleep 5 52done 53 54echo "Testing ldapwhoami as anonymous..." 55$LDAPWHOAMI -h $LOCALHOST -p $PORT1 56 57RC=$? 58if test $RC != 0 ; then 59 echo "ldapwhoami failed ($RC)!" 60 test $KILLSERVERS != no && kill -HUP $KILLPIDS 61 exit $RC 62fi 63 64echo "Testing ldapwhoami as ${MANAGERDN}..." 65$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD 66 67RC=$? 68if test $RC != 0 ; then 69 echo "ldapwhoami failed ($RC)!" 70 test $KILLSERVERS != no && kill -HUP $KILLPIDS 71 exit $RC 72fi 73 74echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..." 75$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ 76 -e \!authzid="" 77 78RC=$? 79if test $RC != 0 ; then 80 echo "ldapwhoami failed ($RC)!" 81 test $KILLSERVERS != no && kill -HUP $KILLPIDS 82 exit $RC 83fi 84 85echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..." 86$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ 87 -e \!authzid="dn:$BABSDN" 88 89RC=$? 90if test $RC != 0 ; then 91 echo "ldapwhoami failed ($RC)!" 92 test $KILLSERVERS != no && kill -HUP $KILLPIDS 93 exit $RC 94fi 95 96echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..." 97$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ 98 -e \!authzid="u:uham" 99 100RC=$? 101if test $RC != 0 ; then 102 echo "ldapwhoami failed ($RC)!" 103 test $KILLSERVERS != no && kill -HUP $KILLPIDS 104 exit $RC 105fi 106 107# authzFrom: someone else => bjorn 108echo "Testing authzFrom..." 109 110BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 111BINDPW=bjensen 112AUTHZID="u:bjorn" 113echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." 114$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 115 -e \!authzid="$AUTHZID" 116 117RC=$? 118if test $RC != 0 ; then 119 echo "ldapwhoami failed ($RC)!" 120 test $KILLSERVERS != no && kill -HUP $KILLPIDS 121 exit $RC 122fi 123 124BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" 125BINDPW=melliot 126AUTHZID="u:bjorn" 127echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." 128$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 129 -e \!authzid="$AUTHZID" 130 131RC=$? 132if test $RC != 0 ; then 133 echo "ldapwhoami failed ($RC)!" 134 test $KILLSERVERS != no && kill -HUP $KILLPIDS 135 exit $RC 136fi 137 138BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com" 139BINDPW=jen 140AUTHZID="u:bjorn" 141echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." 142$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 143 -e \!authzid="$AUTHZID" 144 145RC=$? 146if test $RC != 0 ; then 147 echo "ldapwhoami failed ($RC)!" 148 test $KILLSERVERS != no && kill -HUP $KILLPIDS 149 exit $RC 150fi 151 152BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com" 153BINDPW=jjones 154AUTHZID="u:bjorn" 155echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." 156$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 157 -e \!authzid="$AUTHZID" 158 159RC=$? 160if test $RC != 0 ; then 161 echo "ldapwhoami failed ($RC)!" 162 test $KILLSERVERS != no && kill -HUP $KILLPIDS 163 exit $RC 164fi 165 166BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com" 167BINDPW=noone 168AUTHZID="u:bjorn" 169echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." 170$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 171 -e \!authzid="$AUTHZID" 172 173RC=$? 174if test $RC != 0 ; then 175 echo "ldapwhoami failed ($RC)!" 176 test $KILLSERVERS != no && kill -HUP $KILLPIDS 177 exit $RC 178fi 179 180BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com" 181BINDPW=dots 182AUTHZID="u:bjorn" 183echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." 184$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 185 -e \!authzid="$AUTHZID" 186 187RC=$? 188if test $RC != 0 ; then 189 echo "ldapwhoami failed ($RC)!" 190 test $KILLSERVERS != no && kill -HUP $KILLPIDS 191 exit $RC 192fi 193 194BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" 195BINDPW=jaj 196AUTHZID="u:bjorn" 197echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." 198$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 199 -e \!authzid="$AUTHZID" 200 201RC=$? 202if test $RC != 0 ; then 203 echo "ldapwhoami failed ($RC)!" 204 test $KILLSERVERS != no && kill -HUP $KILLPIDS 205 exit $RC 206fi 207 208BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com" 209BINDPW=ITD 210AUTHZID="u:bjorn" 211echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." 212$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 213 -e \!authzid="$AUTHZID" 214 215RC=$? 216if test $RC != 0 ; then 217 echo "ldapwhoami failed ($RC)!" 218 test $KILLSERVERS != no && kill -HUP $KILLPIDS 219 exit $RC 220fi 221 222BINDDN="cn=Should Fail,dc=example,dc=com" 223BINDPW=fail 224AUTHZID="u:bjorn" 225echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." 226$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 227 -e \!authzid="$AUTHZID" 228 229RC=$? 230case $RC in 2311) 232 ;; 2330) 234 echo "ldapwhoami should have failed ($RC)!" 235 test $KILLSERVERS != no && kill -HUP $KILLPIDS 236 exit -1 237 ;; 238*) 239 echo "ldapwhoami failed ($RC)!" 240 test $KILLSERVERS != no && kill -HUP $KILLPIDS 241 exit $RC 242 ;; 243esac 244 245BINDDN="cn=Must Fail,dc=example,dc=com" 246BINDPW=fail 247AUTHZID="u:bjorn" 248echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." 249$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 250 -e \!authzid="$AUTHZID" 251 252RC=$? 253case $RC in 2541) 255 ;; 2560) 257 echo "ldapwhoami should have failed ($RC)!" 258 test $KILLSERVERS != no && kill -HUP $KILLPIDS 259 exit -1 260 ;; 261*) 262 echo "ldapwhoami failed ($RC)!" 263 test $KILLSERVERS != no && kill -HUP $KILLPIDS 264 exit $RC 265 ;; 266esac 267 268# authzTo: bjorn => someone else 269echo "Testing authzTo..." 270 271BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 272BINDPW=bjorn 273AUTHZID="u:bjensen" 274echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." 275$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 276 -e \!authzid="$AUTHZID" 277 278RC=$? 279if test $RC != 0 ; then 280 echo "ldapwhoami failed ($RC)!" 281 test $KILLSERVERS != no && kill -HUP $KILLPIDS 282 exit $RC 283fi 284 285BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 286BINDPW=bjorn 287AUTHZID="u:melliot" 288echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." 289$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 290 -e \!authzid="$AUTHZID" 291 292RC=$? 293if test $RC != 0 ; then 294 echo "ldapwhoami failed ($RC)!" 295 test $KILLSERVERS != no && kill -HUP $KILLPIDS 296 exit $RC 297fi 298 299BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 300BINDPW=bjorn 301AUTHZID="u:jdoe" 302echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." 303$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 304 -e \!authzid="$AUTHZID" 305 306RC=$? 307if test $RC != 0 ; then 308 echo "ldapwhoami failed ($RC)!" 309 test $KILLSERVERS != no && kill -HUP $KILLPIDS 310 exit $RC 311fi 312 313BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 314BINDPW=bjorn 315AUTHZID="u:jjones" 316echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." 317$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 318 -e \!authzid="$AUTHZID" 319 320RC=$? 321if test $RC != 0 ; then 322 echo "ldapwhoami failed ($RC)!" 323 test $KILLSERVERS != no && kill -HUP $KILLPIDS 324 exit $RC 325fi 326 327BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 328BINDPW=bjorn 329AUTHZID="u:noone" 330echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." 331$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 332 -e \!authzid="$AUTHZID" 333 334RC=$? 335if test $RC != 0 ; then 336 echo "ldapwhoami failed ($RC)!" 337 test $KILLSERVERS != no && kill -HUP $KILLPIDS 338 exit $RC 339fi 340 341BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 342BINDPW=bjorn 343AUTHZID="u:dots" 344echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." 345$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 346 -e \!authzid="$AUTHZID" 347 348RC=$? 349if test $RC != 0 ; then 350 echo "ldapwhoami failed ($RC)!" 351 test $KILLSERVERS != no && kill -HUP $KILLPIDS 352 exit $RC 353fi 354 355BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 356BINDPW=bjorn 357AUTHZID="u:jaj" 358echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." 359$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 360 -e \!authzid="$AUTHZID" 361 362RC=$? 363if test $RC != 0 ; then 364 echo "ldapwhoami failed ($RC)!" 365 test $KILLSERVERS != no && kill -HUP $KILLPIDS 366 exit $RC 367fi 368 369BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 370BINDPW=bjorn 371AUTHZID="u:group/itd staff" 372echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." 373$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 374 -e \!authzid="$AUTHZID" 375 376RC=$? 377if test $RC != 0 ; then 378 echo "ldapwhoami failed ($RC)!" 379 test $KILLSERVERS != no && kill -HUP $KILLPIDS 380 exit $RC 381fi 382 383BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 384BINDPW=bjorn 385AUTHZID="u:fail" 386echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." 387$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 388 -e \!authzid="$AUTHZID" 389 390RC=$? 391case $RC in 3921) 393 ;; 3940) 395 echo "ldapwhoami should have failed ($RC)!" 396 test $KILLSERVERS != no && kill -HUP $KILLPIDS 397 exit -1 398 ;; 399*) 400 echo "ldapwhoami failed ($RC)!" 401 test $KILLSERVERS != no && kill -HUP $KILLPIDS 402 exit $RC 403 ;; 404esac 405 406BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 407BINDPW=bjorn 408AUTHZID="dn:cn=Should Fail,dc=example,dc=com" 409echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." 410$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 411 -e \!authzid="$AUTHZID" 412 413RC=$? 414case $RC in 4151) 416 ;; 4170) 418 echo "ldapwhoami should have failed ($RC)!" 419 test $KILLSERVERS != no && kill -HUP $KILLPIDS 420 exit -1 421 ;; 422*) 423 echo "ldapwhoami failed ($RC)!" 424 test $KILLSERVERS != no && kill -HUP $KILLPIDS 425 exit $RC 426 ;; 427esac 428 429BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" 430BINDPW=bjorn 431AUTHZID="dn:cn=don't!" 432echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." 433$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 434 -e \!authzid="$AUTHZID" 435 436RC=$? 437if test $RC != 1 ; then 438 echo "ldapwhoami failed ($RC)!" 439 test $KILLSERVERS != no && kill -HUP $KILLPIDS 440 exit 1 441fi 442 443BINDDN="dc=example,dc=com" 444BINDPW=example 445AUTHZID="dn:" 446echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..." 447$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ 448 -e \!authzid="$AUTHZID" 449 450RC=$? 451if test $RC != 0 ; then 452 echo "ldapwhoami failed ($RC)!" 453 test $KILLSERVERS != no && kill -HUP $KILLPIDS 454 exit $RC 455fi 456 457test $KILLSERVERS != no && kill -HUP $KILLPIDS 458 459echo ">>>>> Test succeeded" 460 461test $KILLSERVERS != no && wait 462 463exit 0 464 465## Note to developers: when SLAPD_DEBUG=-1 the command 466## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log 467## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1 468## to indicate that the authzFrom and authzTo rules applied in the right order. 469