1#! /bin/sh
2# OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.23.2.7 2010/04/19 19:14:33 quanah Exp
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2010 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19mkdir -p $TESTDIR $DBDIR1
20
21echo "Running slapadd to build slapd database..."
22. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF
23$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
24RC=$?
25if test $RC != 0 ; then
26	echo "slapadd failed ($RC)!"
27	exit $RC
28fi
29
30echo "Starting slapd on TCP/IP port $PORT..."
31. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1
32$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
33PID=$!
34if test $WAIT != 0 ; then
35    echo PID $PID
36    read foo
37fi
38KILLPIDS="$PID"
39
40sleep 1
41
42echo "Using ldapsearch to check that slapd is running..."
43for i in 0 1 2 3 4 5; do
44	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
45		'objectclass=*' > /dev/null 2>&1
46	RC=$?
47	if test $RC = 0 ; then
48		break
49	fi
50	echo "Waiting 5 seconds for slapd to start..."
51	sleep 5
52done
53
54echo "Testing ldapwhoami as anonymous..."
55$LDAPWHOAMI -h $LOCALHOST -p $PORT1
56
57RC=$?
58if test $RC != 0 ; then
59	echo "ldapwhoami failed ($RC)!"
60	test $KILLSERVERS != no && kill -HUP $KILLPIDS
61	exit $RC
62fi
63
64echo "Testing ldapwhoami as ${MANAGERDN}..."
65$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD
66
67RC=$?
68if test $RC != 0 ; then
69	echo "ldapwhoami failed ($RC)!"
70	test $KILLSERVERS != no && kill -HUP $KILLPIDS
71	exit $RC
72fi
73
74echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
75$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
76	-e \!authzid=""
77
78RC=$?
79if test $RC != 0 ; then
80	echo "ldapwhoami failed ($RC)!"
81	test $KILLSERVERS != no && kill -HUP $KILLPIDS
82	exit $RC
83fi
84
85echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
86$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
87	-e \!authzid="dn:$BABSDN"
88
89RC=$?
90if test $RC != 0 ; then
91	echo "ldapwhoami failed ($RC)!"
92	test $KILLSERVERS != no && kill -HUP $KILLPIDS
93	exit $RC
94fi
95
96echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
97$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
98	-e \!authzid="u:uham"
99
100RC=$?
101if test $RC != 0 ; then
102	echo "ldapwhoami failed ($RC)!"
103	test $KILLSERVERS != no && kill -HUP $KILLPIDS
104	exit $RC
105fi
106
107# authzFrom: someone else => bjorn
108echo "Testing authzFrom..."
109
110BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
111BINDPW=bjensen
112AUTHZID="u:bjorn"
113echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
114$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
115	-e \!authzid="$AUTHZID"
116
117RC=$?
118if test $RC != 0 ; then
119	echo "ldapwhoami failed ($RC)!"
120	test $KILLSERVERS != no && kill -HUP $KILLPIDS
121	exit $RC
122fi
123
124BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
125BINDPW=melliot
126AUTHZID="u:bjorn"
127echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
128$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
129	-e \!authzid="$AUTHZID"
130
131RC=$?
132if test $RC != 0 ; then
133	echo "ldapwhoami failed ($RC)!"
134	test $KILLSERVERS != no && kill -HUP $KILLPIDS
135	exit $RC
136fi
137
138BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
139BINDPW=jen
140AUTHZID="u:bjorn"
141echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
142$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
143	-e \!authzid="$AUTHZID"
144
145RC=$?
146if test $RC != 0 ; then
147	echo "ldapwhoami failed ($RC)!"
148	test $KILLSERVERS != no && kill -HUP $KILLPIDS
149	exit $RC
150fi
151
152BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
153BINDPW=jjones
154AUTHZID="u:bjorn"
155echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
156$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
157	-e \!authzid="$AUTHZID"
158
159RC=$?
160if test $RC != 0 ; then
161	echo "ldapwhoami failed ($RC)!"
162	test $KILLSERVERS != no && kill -HUP $KILLPIDS
163	exit $RC
164fi
165
166BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
167BINDPW=noone
168AUTHZID="u:bjorn"
169echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
170$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
171	-e \!authzid="$AUTHZID"
172
173RC=$?
174if test $RC != 0 ; then
175	echo "ldapwhoami failed ($RC)!"
176	test $KILLSERVERS != no && kill -HUP $KILLPIDS
177	exit $RC
178fi
179
180BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
181BINDPW=dots
182AUTHZID="u:bjorn"
183echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
184$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
185	-e \!authzid="$AUTHZID"
186
187RC=$?
188if test $RC != 0 ; then
189	echo "ldapwhoami failed ($RC)!"
190	test $KILLSERVERS != no && kill -HUP $KILLPIDS
191	exit $RC
192fi
193
194BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
195BINDPW=jaj
196AUTHZID="u:bjorn"
197echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
198$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
199	-e \!authzid="$AUTHZID"
200
201RC=$?
202if test $RC != 0 ; then
203	echo "ldapwhoami failed ($RC)!"
204	test $KILLSERVERS != no && kill -HUP $KILLPIDS
205	exit $RC
206fi
207
208BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
209BINDPW=ITD
210AUTHZID="u:bjorn"
211echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
212$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
213	-e \!authzid="$AUTHZID"
214
215RC=$?
216if test $RC != 0 ; then
217	echo "ldapwhoami failed ($RC)!"
218	test $KILLSERVERS != no && kill -HUP $KILLPIDS
219	exit $RC
220fi
221
222BINDDN="cn=Should Fail,dc=example,dc=com"
223BINDPW=fail
224AUTHZID="u:bjorn"
225echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
226$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
227	-e \!authzid="$AUTHZID"
228
229RC=$?
230case $RC in
2311)
232	;;
2330)
234	echo "ldapwhoami should have failed ($RC)!"
235	test $KILLSERVERS != no && kill -HUP $KILLPIDS
236	exit -1
237	;;
238*)
239	echo "ldapwhoami failed ($RC)!"
240	test $KILLSERVERS != no && kill -HUP $KILLPIDS
241	exit $RC
242	;;
243esac
244
245BINDDN="cn=Must Fail,dc=example,dc=com"
246BINDPW=fail
247AUTHZID="u:bjorn"
248echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
249$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
250	-e \!authzid="$AUTHZID"
251
252RC=$?
253case $RC in
2541)
255	;;
2560)
257	echo "ldapwhoami should have failed ($RC)!"
258	test $KILLSERVERS != no && kill -HUP $KILLPIDS
259	exit -1
260	;;
261*)
262	echo "ldapwhoami failed ($RC)!"
263	test $KILLSERVERS != no && kill -HUP $KILLPIDS
264	exit $RC
265	;;
266esac
267
268# authzTo: bjorn => someone else
269echo "Testing authzTo..."
270
271BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
272BINDPW=bjorn
273AUTHZID="u:bjensen"
274echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
275$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
276	-e \!authzid="$AUTHZID"
277
278RC=$?
279if test $RC != 0 ; then
280	echo "ldapwhoami failed ($RC)!"
281	test $KILLSERVERS != no && kill -HUP $KILLPIDS
282	exit $RC
283fi
284
285BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
286BINDPW=bjorn
287AUTHZID="u:melliot"
288echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
289$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
290	-e \!authzid="$AUTHZID"
291
292RC=$?
293if test $RC != 0 ; then
294	echo "ldapwhoami failed ($RC)!"
295	test $KILLSERVERS != no && kill -HUP $KILLPIDS
296	exit $RC
297fi
298
299BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
300BINDPW=bjorn
301AUTHZID="u:jdoe"
302echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
303$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
304	-e \!authzid="$AUTHZID"
305
306RC=$?
307if test $RC != 0 ; then
308	echo "ldapwhoami failed ($RC)!"
309	test $KILLSERVERS != no && kill -HUP $KILLPIDS
310	exit $RC
311fi
312
313BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
314BINDPW=bjorn
315AUTHZID="u:jjones"
316echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
317$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
318	-e \!authzid="$AUTHZID"
319
320RC=$?
321if test $RC != 0 ; then
322	echo "ldapwhoami failed ($RC)!"
323	test $KILLSERVERS != no && kill -HUP $KILLPIDS
324	exit $RC
325fi
326
327BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
328BINDPW=bjorn
329AUTHZID="u:noone"
330echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
331$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
332	-e \!authzid="$AUTHZID"
333
334RC=$?
335if test $RC != 0 ; then
336	echo "ldapwhoami failed ($RC)!"
337	test $KILLSERVERS != no && kill -HUP $KILLPIDS
338	exit $RC
339fi
340
341BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
342BINDPW=bjorn
343AUTHZID="u:dots"
344echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
345$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
346	-e \!authzid="$AUTHZID"
347
348RC=$?
349if test $RC != 0 ; then
350	echo "ldapwhoami failed ($RC)!"
351	test $KILLSERVERS != no && kill -HUP $KILLPIDS
352	exit $RC
353fi
354
355BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
356BINDPW=bjorn
357AUTHZID="u:jaj"
358echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
359$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
360	-e \!authzid="$AUTHZID"
361
362RC=$?
363if test $RC != 0 ; then
364	echo "ldapwhoami failed ($RC)!"
365	test $KILLSERVERS != no && kill -HUP $KILLPIDS
366	exit $RC
367fi
368
369BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
370BINDPW=bjorn
371AUTHZID="u:group/itd staff"
372echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
373$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
374	-e \!authzid="$AUTHZID"
375
376RC=$?
377if test $RC != 0 ; then
378	echo "ldapwhoami failed ($RC)!"
379	test $KILLSERVERS != no && kill -HUP $KILLPIDS
380	exit $RC
381fi
382
383BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
384BINDPW=bjorn
385AUTHZID="u:fail"
386echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
387$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
388	-e \!authzid="$AUTHZID"
389
390RC=$?
391case $RC in
3921)
393	;;
3940)
395	echo "ldapwhoami should have failed ($RC)!"
396	test $KILLSERVERS != no && kill -HUP $KILLPIDS
397	exit -1
398	;;
399*)
400	echo "ldapwhoami failed ($RC)!"
401	test $KILLSERVERS != no && kill -HUP $KILLPIDS
402	exit $RC
403	;;
404esac
405
406BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
407BINDPW=bjorn
408AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
409echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
410$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
411	-e \!authzid="$AUTHZID"
412
413RC=$?
414case $RC in
4151)
416	;;
4170)
418	echo "ldapwhoami should have failed ($RC)!"
419	test $KILLSERVERS != no && kill -HUP $KILLPIDS
420	exit -1
421	;;
422*)
423	echo "ldapwhoami failed ($RC)!"
424	test $KILLSERVERS != no && kill -HUP $KILLPIDS
425	exit $RC
426	;;
427esac
428
429BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
430BINDPW=bjorn
431AUTHZID="dn:cn=don't!"
432echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
433$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
434	-e \!authzid="$AUTHZID"
435
436RC=$?
437if test $RC != 1 ; then
438	echo "ldapwhoami failed ($RC)!"
439	test $KILLSERVERS != no && kill -HUP $KILLPIDS
440	exit 1
441fi
442
443BINDDN="dc=example,dc=com"
444BINDPW=example
445AUTHZID="dn:"
446echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
447$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \
448	-e \!authzid="$AUTHZID"
449
450RC=$?
451if test $RC != 0 ; then
452	echo "ldapwhoami failed ($RC)!"
453	test $KILLSERVERS != no && kill -HUP $KILLPIDS
454	exit $RC
455fi
456
457test $KILLSERVERS != no && kill -HUP $KILLPIDS
458
459echo ">>>>> Test succeeded"
460
461test $KILLSERVERS != no && wait
462
463exit 0
464
465## Note to developers: when SLAPD_DEBUG=-1 the command
466## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
467## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
468## to indicate that the authzFrom and authzTo rules applied in the right order.
469