X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=tests%2Fscripts%2Ftest014-whoami;h=e9d38994fbca131198d675e26947518c10ad3d3d;hb=6c062ca841f82ca9ea17172c2a9882f373a76c02;hp=21a93819c13adc9aeb2d450efe5b332c106a2463;hpb=6680465d020db8058d053fc5615922d7bec251a2;p=openldap diff --git a/tests/scripts/test014-whoami b/tests/scripts/test014-whoami index 21a93819c1..e9d38994fb 100755 --- a/tests/scripts/test014-whoami +++ b/tests/scripts/test014-whoami @@ -2,7 +2,7 @@ # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## -## Copyright 1998-2003 The OpenLDAP Foundation. +## Copyright 1998-2006 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without @@ -18,8 +18,17 @@ echo "running defines.sh" mkdir -p $TESTDIR $DBDIR1 +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF +$SLAPADD -f $ADDCONF -l $LDIFWHOAMI +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + echo "Starting slapd on TCP/IP port $PORT..." -. $CONFFILTER $BACKEND $MONITORDB < $PWCONF > $CONF1 +. $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then @@ -28,6 +37,8 @@ if test $WAIT != 0 ; then fi KILLPIDS="$PID" +sleep 1 + echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ @@ -82,9 +93,359 @@ if test $RC != 0 ; then exit $RC fi -echo "Testing ldapwhoami as ${MANAGERDN} for u:ursula..." +echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ - -e \!authzid="u:ursula" + -e \!authzid="u:uham" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# authzFrom: someone else => bjorn +echo "Testing authzFrom..." + +BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjensen +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=melliot +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=jdoe +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=jjones +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=noone +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=dots +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" +BINDPW=jaj +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com" +BINDPW=ITD +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Should Fail,dc=example,dc=com" +BINDPW=fail +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Must Fail,dc=example,dc=com" +BINDPW=fail +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +# authzTo: bjorn => someone else +echo "Testing authzTo..." + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:bjensen" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:melliot" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jdoe" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jjones" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:noone" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:dots" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:jaj" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:group/itd staff" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="u:fail" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:cn=Should Fail,dc=example,dc=com" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="dc=example,dc=com" +BINDPW=example +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then @@ -96,4 +457,12 @@ fi test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + exit 0 + +## Note to developers: when SLAPD_DEBUG=-1 the command +## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log +## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1 +## to indicate that the authzFrom and authzTo rules applied in the right order.