1#! /bin/sh 2# OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.12.2.6 2010/04/19 19:14:34 quanah Exp 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2010 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19echo "### This test requires the LDAP backend and the rwm overlay." 20echo "### If available, and explicitly requested, it can use SASL bind;" 21echo "### note that SASL must be properly set up, and the requested" 22echo "### mechanism must be available. Define SLAPD_USE_SASL={yes|<mech>}," 23echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]." 24 25if test $BACKLDAP = "ldapno" ; then 26 echo "LDAP backend not available, test skipped" 27 exit 0 28fi 29 30if test $RWM = "rwmno" ; then 31 echo "Rewrite/remap overlay not available, test skipped" 32 exit 0 33fi 34 35if test $THREADS = "threadsno" ; then 36 echo "Need threads support, test skipped" 37 exit 0 38fi 39 40if test $WITH_SASL = "yes" ; then 41 if test $USE_SASL != "no" ; then 42 if test $USE_SASL = "yes" ; then 43 MECH="DIGEST-MD5" 44 else 45 MECH="$USE_SASL" 46 fi 47 echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable" 48 else 49 echo "Using proxyAuthz with simple authc..." 50 fi 51else 52 echo "SASL not available; using proxyAuthz with simple authc..." 53fi 54 55mkdir -p $TESTDIR $DBDIR1 $DBDIR2 56 57echo "Running slapadd to build slapd database..." 58. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $ADDCONF 59$SLAPADD -f $ADDCONF -l $LDIFIDASSERT1 -n 1 60RC=$? 61if test $RC != 0 ; then 62 echo "slapadd -n 1 failed ($RC)!" 63 exit $RC 64fi 65$SLAPADD -f $ADDCONF -l $LDIFIDASSERT2 -n 2 66RC=$? 67if test $RC != 0 ; then 68 echo "slapadd -n 2 failed ($RC)!" 69 exit $RC 70fi 71 72echo "Starting slapd on TCP/IP port $PORT..." 73. $CONFFILTER $BACKEND $MONITORDB < $IDASSERTCONF > $CONF1 74$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 75PID=$! 76if test $WAIT != 0 ; then 77 echo PID $PID 78 read foo 79fi 80KILLPIDS="$PID" 81 82sleep 1 83 84echo "Using ldapsearch to check that slapd is running..." 85for i in 0 1 2 3 4 5; do 86 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 87 'objectclass=*' > /dev/null 2>&1 88 RC=$? 89 if test $RC = 0 ; then 90 break 91 fi 92 echo "Waiting 5 seconds for slapd to start..." 93 sleep 5 94done 95 96echo "Testing ldapwhoami as proxy US..." 97$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy 98RC=$? 99if test $RC != 0 ; then 100 echo "ldapwhoami failed ($RC)!" 101 test $KILLSERVERS != no && kill -HUP $KILLPIDS 102 exit $RC 103fi 104 105AUTHZID="u:it/jaj" 106echo "Testing ldapwhoami as proxy US, $AUTHZID..." 107$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 108RC=$? 109if test $RC != 0 && test $BACKEND != null ; then 110 echo "ldapwhoami failed ($RC)!" 111 test $KILLSERVERS != no && kill -HUP $KILLPIDS 112 exit $RC 113fi 114 115AUTHZID="u:bjorn" 116echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" 117$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 118RC=$? 119if test $RC != 1 ; then 120 echo "ldapwhoami should have failed ($RC)!" 121 test $KILLSERVERS != no && kill -HUP $KILLPIDS 122 exit 1 123fi 124 125AUTHZID="u:bjensen" 126echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)" 127$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 128RC=$? 129if test $RC != 1 ; then 130 echo "ldapwhoami should have failed ($RC)!" 131 test $KILLSERVERS != no && kill -HUP $KILLPIDS 132 exit 1 133fi 134 135echo "Testing ldapwhoami as proxy IT..." 136$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy 137RC=$? 138if test $RC != 0 ; then 139 echo "ldapwhoami failed ($RC)!" 140 test $KILLSERVERS != no && kill -HUP $KILLPIDS 141 exit $RC 142fi 143 144AUTHZID="u:it/jaj" 145echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" 146$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 147RC=$? 148if test $RC != 1 ; then 149 echo "ldapwhoami should have failed ($RC)!" 150 test $KILLSERVERS != no && kill -HUP $KILLPIDS 151 exit 1 152fi 153 154AUTHZID="u:bjorn" 155echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)" 156$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 157RC=$? 158if test $RC != 1 ; then 159 echo "ldapwhoami should have failed ($RC)!" 160 test $KILLSERVERS != no && kill -HUP $KILLPIDS 161 exit 1 162fi 163 164AUTHZID="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 165echo "Testing ldapwhoami as proxy IT, $AUTHZID..." 166$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID" 167RC=$? 168if test $RC != 0 && test $BACKEND != null ; then 169 echo "ldapwhoami failed ($RC)!" 170 test $KILLSERVERS != no && kill -HUP $KILLPIDS 171 exit $RC 172fi 173 174AUTHZID="dn:uid=bjorn,ou=People,o=Example,c=US" 175echo "Testing ldapwhoami as bjorn, $AUTHZID..." 176$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" 177RC=$? 178if test $RC != 0 ; then 179 echo "ldapwhoami failed ($RC)!" 180 test $KILLSERVERS != no && kill -HUP $KILLPIDS 181 exit $RC 182fi 183 184AUTHZID="dn:uid=bjorn,ou=People,o=Esempio,c=IT" 185echo "Testing ldapwhoami as bjorn, $AUTHZID..." 186$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "uid=bjorn,ou=people,dc=example,dc=com" -w bjorn -e\!"authzid=$AUTHZID" 187RC=$? 188if test $RC != 0 ; then 189 echo "ldapwhoami failed ($RC)!" 190 test $KILLSERVERS != no && kill -HUP $KILLPIDS 191 exit $RC 192fi 193 194ID="uid=jaj,ou=People,dc=example,dc=it" 195BASE="o=Example,c=US" 196echo "Testing ldapsearch as $ID for \"$BASE\"..." 197$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ 198 -D "$ID" -w jaj > $SEARCHOUT 2>&1 199 200RC=$? 201if test $RC != 0 && test $BACKEND != null ; then 202 echo "ldapsearch failed ($RC)!" 203 test $KILLSERVERS != no && kill -HUP $KILLPIDS 204 exit $RC 205fi 206 207echo "Filtering ldapsearch results..." 208$LDIFFILTER -s ldif=e < $SEARCHOUT > $SEARCHFLT 209echo "Filtering original ldif used to create database..." 210$LDIFFILTER -s ldif=e < $IDASSERTOUT > $LDIFFLT 211echo "Comparing filter output..." 212$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 213 214if test $? != 0 ; then 215 echo "comparison failed - search with identity assertion didn't succeed" 216 test $KILLSERVERS != no && kill -HUP $KILLPIDS 217 exit 1 218fi 219 220if test $USE_SASL != "no" ; then 221 ID="it/jaj" 222 BASE="o=Example,c=US" 223 echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..." 224 $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \ 225 -Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1 226 227 RC=$? 228 if test $RC != 0 ; then 229 echo "ldapsearch failed ($RC)!" 230 test $KILLSERVERS != no && kill -HUP $KILLPIDS 231 exit $RC 232 fi 233 234 echo "Filtering ldapsearch results..." 235 $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 236 echo "Filtering original ldif used to create database..." 237 $LDIFFILTER < $IDASSERTOUT > $LDIFFLT 238 echo "Comparing filter output..." 239 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 240 241 if test $? != 0 ; then 242 echo "comparison failed - search with SASL bind and identity assertion didn't succeed" 243 test $KILLSERVERS != no && kill -HUP $KILLPIDS 244 exit 1 245 fi 246fi 247 248test $KILLSERVERS != no && kill -HUP $KILLPIDS 249 250echo ">>>>> Test succeeded" 251 252test $KILLSERVERS != no && wait 253 254exit 0 255