X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fscripts%2Ftest014-whoami;h=e9d38994fbca131198d675e26947518c10ad3d3d;hb=6c062ca841f82ca9ea17172c2a9882f373a76c02;hp=127dfda9df4ecb64021c477a438c2961e5b23964;hpb=63b1e663e2db689960c73a2d991c15d753823ad7;p=openldap diff --git a/tests/scripts/test014-whoami b/tests/scripts/test014-whoami index 127dfda9df..e9d38994fb 100755 --- a/tests/scripts/test014-whoami +++ b/tests/scripts/test014-whoami @@ -2,7 +2,7 @@ # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## -## Copyright 1998-2004 The OpenLDAP Foundation. +## Copyright 1998-2006 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without @@ -37,6 +37,8 @@ if test $WAIT != 0 ; then fi KILLPIDS="$PID" +sleep 1 + echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ @@ -102,7 +104,7 @@ if test $RC != 0 ; then exit $RC fi -# authzFrom: someone else => njorn +# authzFrom: someone else => bjorn echo "Testing authzFrom..." BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" @@ -220,16 +222,48 @@ fi BINDDN="cn=Should Fail,dc=example,dc=com" BINDPW=fail AUTHZID="u:bjorn" -echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? -if test $RC != 0 ; then +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC -fi + ;; +esac + +BINDDN="cn=Must Fail,dc=example,dc=com" +BINDPW=fail +AUTHZID="u:bjorn" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac # authzTo: bjorn => someone else echo "Testing authzTo..." @@ -353,6 +387,52 @@ echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:cn=Should Fail,dc=example,dc=com" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +case $RC in +1) + ;; +0) + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + RC=$? if test $RC != 1 ; then echo "ldapwhoami failed ($RC)!" @@ -360,12 +440,29 @@ if test $RC != 1 ; then exit $RC fi +BINDDN="dc=example,dc=com" +BINDPW=example +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + exit 0 -## Note to developers: the command -## awk '/<===slap_sasl_match:/ {if (s==0) {s=1;c=0} c++; if ($4==0) {print c;s=0}} END {if (s==1) print c}' testrun/slapd.1.log -## must return consecutive numbers from 1 to 9 twice to indicate -## that the authzFrom and authzTo rules applied in the right order. +## Note to developers: when SLAPD_DEBUG=-1 the command +## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log +## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1 +## to indicate that the authzFrom and authzTo rules applied in the right order.