X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fscripts%2Ftest024-unique;h=e904fb3c6dca40e504e34c96e0160fd7f3969101;hb=59e9ff6243465640956b58ad1756a3ede53eca7c;hp=9354c05f825d639e8438adf21cd268be9ff71d3d;hpb=0b03c51e79e714b8f8c8d6811f942f52c52b2383;p=openldap
diff --git a/tests/scripts/test024-unique b/tests/scripts/test024-unique
index 9354c05f82..e904fb3c6d 100755
--- a/tests/scripts/test024-unique
+++ b/tests/scripts/test024-unique
@@ -2,7 +2,7 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software .
##
-## Copyright 2004-2013 The OpenLDAP Foundation.
+## Copyright 2004-2018 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
@@ -73,6 +73,7 @@ $LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
> /dev/null << EOTUNIQ1
dn: uid=dave,ou=users,o=unique
objectClass: inetOrgPerson
+objectClass: simpleSecurityObject
uid: dave
sn: nothere
cn: dave
@@ -85,6 +86,7 @@ displayName: Dave (ITS#4212)
employeeNumber: 69
employeeType: contractor
givenName: Dave
+userpassword: $PASSWD
EOTUNIQ1
RC=$?
if test $RC != 0 ; then
@@ -94,7 +96,31 @@ if test $RC != 0 ; then
fi
echo "Adding a non-unique record..."
-$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOTUNIQ2
+dn: uid=bill,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: bill
+sn: johnson
+cn: bill
+businessCategory: rtest
+carLicense: ABC123
+departmentNumber: 42
+displayName: Bill
+employeeNumber: 5150
+employeeType: contractor
+givenName: Bill
+EOTUNIQ2
+RC=$?
+if test $RC != $RCODEconstraint ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# ITS#6641/8057
+echo "Trying to bypass uniqueness as a normal user..."
+$LDAPADD -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOTUNIQ2
dn: uid=bill,ou=users,o=unique
objectClass: inetOrgPerson
@@ -116,6 +142,40 @@ if test $RC != $RCODEconstraint ; then
exit -1
fi
+# ITS#6641/8057
+echo "Bypassing uniqueness as an admin user..."
+$LDAPADD -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOTUNIQ2
+dn: uid=bill,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: bill
+sn: johnson
+cn: bill
+businessCategory: rtest
+carLicense: ABC123
+departmentNumber: 42
+displayName: Bill
+employeeNumber: 5150
+employeeType: contractor
+givenName: Bill
+EOTUNIQ2
+RC=$?
+if test $RC != 0 ; then
+ echo "spurious unique error ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Cleaning up"
+$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ "uid=bill,ou=users,o=unique" > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0; then
+ echo "ldapdelete failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
echo Dynamically retrieving initial configuration...
$LDAPSEARCH -S "" -b olcOverlay='{0}'unique,olcDatabase='{1}'$BACKEND,cn=config -D cn=config -y $CONFIGPWF -h $LOCALHOST -p $PORT1 -LLL | tr -d \\r >$TESTDIR/initial-config.ldif
cat <$TESTDIR/initial-reference.ldif
@@ -210,7 +270,7 @@ if test $RC != 0 ; then
fi
echo "Adding a non-unique record..."
-$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOTUNIQ2
dn: uid=bill,ou=users,o=unique
objectClass: inetOrgPerson
@@ -267,7 +327,7 @@ if test $RC != 0 ; then
fi
echo "Verifying we removed the right attr..."
-$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOTUNIQ2
dn: uid=bill,ou=users,o=unique
objectClass: inetOrgPerson
@@ -284,7 +344,7 @@ givenName: Bill
EOTUNIQ2
RC=$?
if test $RC != $RCODEconstraint ; then
- echo "olcUniqueAttribtue single deletion hit the wrong value"
+ echo "olcUniqueAttribute single deletion hit the wrong value"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit -1
fi
@@ -327,7 +387,7 @@ if test $RC != 0 ; then
fi
echo "Adding a non-unique record..."
-$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOTUNIQ2
dn: uid=bill,ou=users,o=unique
objectClass: inetOrgPerson
@@ -495,11 +555,153 @@ if test $RC != 0 ; then
exit -1
fi
+echo "Sending an empty modification"
-echo "Adding a record unique in one domain, non-unique in the filtered domain..."
+$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+changetype: modify
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "spurious unique error ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+echo "Making a record non-unique"
+$LDAPMODIFY -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+changetype: modify
+replace: sn
+sn: johnson
+EOF
+
+RC=$?
+if test $RC != $RCODEconstraint ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# ITS#6641/8057
+echo "Trying to bypass uniqueness as a normal user..."
+$LDAPMODIFY -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+changetype: modify
+replace: sn
+sn: johnson
+EOF
+
+RC=$?
+if test $RC != $RCODEconstraint ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# ITS#6641/8057
+echo "Bypassing uniqueness as an admin user..."
+$LDAPMODIFY -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+changetype: modify
+replace: sn
+sn: johnson
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "spurious unique error ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Cleaning up"
+$LDAPMODIFY -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
+dn: uid=empty,ou=users,o=unique
+changetype: modify
+replace: sn
+sn: empty
+EOF
+RC=$?
+if test $RC != 0; then
+ echo "ldapmodify failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding another unique record..."
$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOF
+dn: uid=not edgar,uid=edgar,ou=users,o=unique
+objectClass: inetOrgPerson
+uid: not edgar
+sn: Alan
+cn: not edgar
+EOF
+
+RC=$?
+if test $RC != 0 ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+echo "Making the record non-unique with modrdn..."
+$LDAPMODRDN -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != $RCODEconstraint ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# ITS#6641/8057
+echo "Trying to bypass uniqueness as a normal user..."
+$LDAPMODRDN -M -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != $RCODEconstraint ; then
+ echo "unique check failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit -1
+fi
+
+# ITS#6641/8057
+echo "Bypassing uniqueness as an admin user..."
+$LDAPMODRDN -M -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ "uid=not edgar,uid=edgar,ou=users,o=unique" "uid=edgar" > $TESTOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "spurious unique error ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Cleaning up"
+$LDAPDELETE -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+ "uid=edgar,uid=edgar,ou=users,o=unique" > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0; then
+ echo "ldapdelete failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+echo "Adding a record unique in one domain, non-unique in the filtered domain..."
+
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+ $TESTOUT 2>&1 << EOF
dn: uid=elvis,ou=users,o=unique
objectClass: inetOrgPerson
uid: elvis
@@ -569,7 +771,7 @@ fi
echo "Adding a record non-unique in the ignore-domain..."
-$LDAPADD -D "$UNIQUEDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+$LDAPADD -D "uid=dave,ou=users,o=unique" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
$TESTOUT 2>&1 << EOF
dn: uid=harry,ou=users,o=unique
objectClass: inetOrgPerson